Last updated: April 10, 2026
1. Data Controller
The data controller for personal data collected through MazeTrip is the entity operating the site at https://mazetrip.com. To exercise your rights, use the contact channels published on the Service.
2. Types of Data Collected
Depending on your use of the Service, we may process:
- Account data: user ID, email, name, or profile image provided by the authentication provider (e.g., Clerk with Google or email).
- App profile data: travel preferences, saved trips, itineraries, and settings you store in the Service.
- Content: trips, notes, places, and metadata you enter, including inputs sent to AI-assisted features.
- Technical data: logs, IP address, browser type, access times, as necessary for security and operation.
- Cookies and similar technologies: as required for session, preferences, and security.
3. Purposes and Legal Bases
- Service provision (Art. 6(1)(b) GDPR): account management, data sync, features you requested.
- Legal obligations (Art. 6(1)(c) GDPR): compliance with applicable laws.
- Legitimate interest (Art. 6(1)(f) GDPR): security, abuse prevention, technical improvement.
- Consent (Art. 6(1)(a) GDPR): where required for optional communications or non-essential cookies.
4. AI Processing
Some features may send structured text to language model providers to generate or extract content. Content is processed to perform the function you initiated. Check the AI provider's terms for additional details.
5. Third-Party Recipients
We use providers that process data on our behalf (e.g., authentication, hosting, database, AI services). They are bound by contractual obligations (Art. 28 GDPR) where applicable.
6. Data Retention
We retain data for as long as necessary for the purposes described above. After account deletion, residual copies may remain in backups for a limited technical period.
7. Your Rights (GDPR)
Under applicable law, you may request:
- access, rectification, erasure ("right to be forgotten");
- restriction of processing or objection, where applicable;
- data portability of data you provided, where applicable;
- withdrawal of consent without affecting prior lawful processing;
- lodge a complaint with a supervisory authority (in Italy, the Garante per la protezione dei dati personali).
8. Children
The Service is not intended for children under 14 (or the minimum age in your jurisdiction). If you believe we have collected data from a minor without authorization, contact us for deletion.
9. Changes
We may update this policy. The date at the top indicates the last revision. For significant changes, we may notify you through the Service or by email where possible.
See also our Terms of Service.