31k.io logo
31k.io

Privacy Policy

Last updated: April 16, 2026

This Privacy Policy describes how 31k.io ("31k.io", "we", "us", or "our") collects, uses, and shares information when you use our website, applications, and related services (together, the "Service"). By using the Service, you agree to the practices described here. If you do not agree, please stop using the Service.

1. Information we collect

We collect information you provide directly, information generated from your use of the Service, and a limited amount of information from third parties you choose to connect.

Account information

When you create an account, we collect your email address and (for email/password accounts) a securely hashed password. If you sign in with Google or Microsoft, we receive your email address and basic profile information from that provider.

Trip content you upload

To build and improve your itinerary we process the trip details you share with us, including text you type, confirmation emails, PDFs, images, screenshots, notes, and any other files you intentionally upload. Trip content may include location names, travel dates, booking references, and personal preferences.

Usage and device data

We automatically collect limited technical information about how you interact with the Service, such as pages visited, features used, approximate timing of requests, error diagnostics, browser type, and device type. We do not log the content of your messages, notes, or activities in our operational logs.

Cookies and similar technologies

We use first-party cookies and local storage to keep you signed in and remember your preferences. We also use Google Tag Manager to load analytics and measurement scripts that help us understand aggregate Service usage.

2. How we use your information

We use the information described above to:

  • Provide, operate, and maintain the Service, including authenticating you and saving your trips.
  • Parse, enrich, and organize the trip content you upload so you can view and edit it as a timeline.
  • Generate AI-assisted suggestions, chat responses, and gap analysis for your itinerary.
  • Send transactional messages such as email confirmations, security notices, and service updates.
  • Monitor the health of the Service, detect abuse, and debug issues.
  • Improve the Service, including measuring aggregate usage and evaluating new features.
  • Comply with applicable law and enforce our Terms of Service.
3. AI processing and third-party subprocessors

To provide itinerary parsing, chat, and gap analysis, relevant portions of your trip content are sent to AI model providers (including OpenAI) strictly as needed to generate a response. We do not authorize these providers to use your content to train their public models.

We also rely on trusted service providers to operate the Service, for example:

  • Supabase — authentication, database, and file storage.
  • Vercel — application hosting and request routing.
  • OpenAI — AI model processing for trip parsing and the AI concierge.
  • Google (Tag Manager and analytics providers loaded through it) — product analytics.

Each subprocessor only receives the information needed to perform its function and is bound by its own terms and privacy commitments.

4. How we share information

We do not sell your personal information. We share information only in these circumstances:

  • With subprocessors that run the Service on our behalf, as described above.
  • With people you explicitly share a trip with (for example, via a share link you generate).
  • When required by law, subpoena, or a valid legal process, or to protect the rights, property, or safety of 31k.io, our users, or others.
  • In connection with a corporate transaction such as a merger, acquisition, or asset sale, subject to customary confidentiality protections.
5. Data retention

We retain your account information and trip content for as long as your account is active. You can delete individual trips at any time; you can also request deletion of your entire account by contacting us. After deletion, we remove or anonymize your data from active systems within a reasonable period, though copies may persist in encrypted backups until they are rotated out on the ordinary backup schedule.

6. Security

We use industry-standard safeguards — including TLS in transit, encryption at rest, row-level access controls, and restricted administrative access — to protect your information. No system is perfectly secure, however, and we cannot guarantee absolute security. If you believe your account has been compromised, email us immediately.

7. Your choices and rights

Depending on your location, you may have the right to access, correct, export, or delete the personal information we hold about you, and to object to or restrict certain processing. You can exercise most of these rights directly in your account settings or by contacting us at the address below. We will not discriminate against you for exercising a privacy right.

8. International transfers

Our systems and subprocessors may process information in the United States and other countries. Where required, we use appropriate safeguards (such as standard contractual clauses) to protect data transferred across borders.

9. Children

The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us so we can delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you through the Service or by email. Your continued use of the Service after the change takes effect constitutes acceptance of the revised policy.

11. Contact us

For questions about this Privacy Policy or your data, reach us at hello@example.com.

See also our Terms of Service.