Last updated: 14 July 2026 · Beta version
⚠️ Working draft for the beta — to be validated by a lawyer before public launch. Translation provided for convenience.
Sunveo is built "privacy by design": your traveller profile — the make-up of your group, children's ages, activity preferences, tastes learned over your trips, nationality, travel periods — is stored only on your device. It is sent to our servers for the duration of a computation (search, suggestion, planning) then immediately forgotten: it is never written to a database.
| Data | Purpose | Legal basis | Retention |
|---|---|---|---|
| Email + password (hashed) | Your account | Contract | Until account deletion |
| Trips (title, dates, destination, budget) | Your travel log | Contract | Until deletion |
| Structured trip feedback (ratings, tags) | Improving your suggestions | Consent | Until deletion |
| Dream destination (if enabled) | Alerting you to good deals | Consent (can be disabled) | Until disabled |
| Conversations with the assistant | Running the chat | Contract | 1 hour (ephemeral memory) |
We do not keep: your traveller profile, the make-up of your group, your preferences, your locations, your offer selections (stored on the device).
No advertising, no ad tracking, no data reselling, no sharing with third parties for commercial purposes. When you click through to a booking partner (Booking, GetYourGuide…), you leave Sunveo: their privacy policy then applies, and the link contains an anonymous affiliate identifier (no personal data).
Conversations are processed by a language model (Anthropic Claude API or a self-hosted model). They are not used to train models and are erased after 1 hour. You are talking to an AI, and it will confirm this if you ask.
Access, rectification, erasure, portability, objection: write to privacy@sunveo.app. Deleting your account (available in the app) permanently erases your server-side data within 30 days. Data on your device is deleted by uninstalling the app. You may lodge a complaint with the CNIL (France) or the AEPD (Spain), or your local data protection authority.
Encryption in transit (TLS 1.3) and at rest, hashed passwords, hosting in the European Union.
Sunveo — privacy@sunveo.app