Privacy Policy

• We only collect the data we need to deliver the guide, map, or email you asked for.
• We never sell or share your personal data for advertising.
• Card data never touches our servers — it goes straight to our payment provider, Dodo Payments. We only see provider-side IDs.
• You can request a copy or deletion of your marketing data at any time via our data management portal or by emailing planoratrips@gmail.com.

The person operating Planora is the data controller for the information collected through this site. You can reach us at planoratrips@gmail.com or through /contact. If you are in the European Economic Area or the United Kingdom, you can lodge a complaint with your local data-protection authority (in Spain, the Agencia Española de Protección de Datos — aepd.es).

We process the following categories of personal data:

• Contact data (name, email, optional phone) — when you place an order, subscribe to the newsletter, request the free guide, or send us a message. Used to deliver the product or reply to you.
• Order data (product, options, price, language) — to fulfil purchases and issue invoices.
• Payment metadata (Dodo Payments order ID, capture ID, refund + dispute lifecycle events) — to reconcile payments. We never see your card number, IBAN, or wallet credentials; those stay with Dodo Payments and your bank or wallet provider.
• Technical data (truncated IP via reverse proxy, browser headers, error reports via Sentry, salted hash of IP for anti-abuse rate limiting and the “was this article helpful?” counter) — to keep the site working, prevent abuse, and fix crashes. The salted hash cannot be reversed back to your IP. If you click helpful on an article, we also store that choice in your browser (planora_article_helpful_v1 in localStorage) so you cannot vote twice from the same device; that record is not uploaded to our database.

We do not knowingly collect personal data from children under 16. If you believe a child has shared data with us, contact us and we will delete it.

• Performance of a contract — when you buy a guide or map, we process your contact + order data to deliver it.
• Consent — when you join the newsletter or request the free guide, you opt in. You can withdraw consent any time via the unsubscribe link in every email or our data management portal.
• Legitimate interest — for security (rate limiting, fraud detection), error monitoring (Sentry), and replying to messages you send us.
• Legal obligation — to keep accounting records as required by Spanish/EU law.

We share the minimum data needed with the providers below. They are bound by their own privacy commitments and (for non-EU providers) by Standard Contractual Clauses or equivalent safeguards.

• Supabase (database + authentication + private file storage) — hosts your order/contact records and the transactional PDFs we deliver.
• Dodo Payments — handles all card and wallet payments. They are the controller of the payment data you enter on their hosted checkout.
• Gmail (Google Workspace) — sends transactional emails (order confirmations, guides, contact replies).
• Vercel — hosts the website and runs serverless functions.
• Sentry — receives error reports (no email or order content; just stack traces and request IDs).
• Trustpilot — when you leave a service review, the data you submit goes to Trustpilot under their privacy policy. We embed their Review Collector widget on product pages and link to our public Trustpilot profile; we do not host review text on our servers.
• Open-Meteo — free editorial weather content on our Indonesia weather article (blog-style guide, not a paid product). Our server requests forecast data from open-meteo.com under their CC BY 4.0 licence; attribution is shown on the article. We use this data for informational purposes only. Your browser only calls our /api/weather/forecast endpoint — no third-party weather scripts on your device.
• Cookie preferences — when you use the cookie banner or the preferences panel on our Cookie Policy, we store your choices in localStorage on your device (planora_cookie_consent_v1). This record is not uploaded to Supabase. Optional Google Analytics (not active yet) will load only if you allow analytics cookies — see our Cookie Policy.

We never sell or rent your personal data.

• Orders + invoices — kept for the duration legally required by accounting law (typically 4–7 years in Spain).
• Payment events — append-only audit log retained for the same period as the parent order, for refund and dispute reconciliation.
• Newsletter subscribers — kept until you unsubscribe; we then keep an unsubscribe record indefinitely so we never accidentally re-add you.
• Free-guide leads — kept for 24 months unless you ask for deletion sooner.
• Contact messages — kept for 24 months for continuity of service.
• Helpful-vote hashes — kept indefinitely (cannot be tied back to you because they are salted hashes).
• Sentry crash reports — auto-deleted after 30 days.
• Rate-limit counters — pruned every 24 hours.

Under GDPR (EU/UK) and CCPA/CPRA (California), you can:

• Request a copy of the data we hold about you.
• Correct anything inaccurate.
• Ask us to delete your data (subject to legal retention rules).
• Object to or restrict processing.
• Withdraw consent at any time, with no effect on past lawful processing.
• California residents: opt out of any “sale” or “sharing” of personal information. We do not sell or share personal information for cross-context behavioural advertising, so opting out has no effect — but the right is recognised.

For newsletter and marketing data you can use our self-service portal (unsubscribe or delete leads and contact messages). For everything else, email planoratrips@gmail.com and we will respond within 30 days.

Some of our processors (Dodo Payments, Sentry, Vercel, Trustpilot) are based outside the EEA. Where personal data leaves the EEA/UK, we rely on the European Commission's Standard Contractual Clauses or, where applicable, an adequacy decision. You can ask for a copy of the relevant safeguards by emailing us.

We use TLS for every connection, enable Row-Level Security on every Supabase table, and lock down database access to a single service-role key that never leaves the server. Admin access is gated behind Supabase Auth with a role-based check. We will notify affected users and the relevant authority within 72 hours of becoming aware of a personal data breach that poses a risk to your rights, as required by GDPR Art. 33.

When we update this Policy, we change the effective date at the top of the page and (for material changes) post a notice on the site or email subscribers. Continued use of the site after a change means you accept the updated Policy.