Legal

Privacy Policy

Last updated: April 27, 2026

TravelDays ("we", "us", "the app") helps travelers track Schengen 90/180, US ESTA, and tax-residency days. We are designed around a simple principle: collect as little as possible, and let you delete everything any time. This page explains what we store, why, and how to control it.

The short version. No email or phone is required to use TravelDays. You sign up with a username and a 4–6 digit PIN. We store the trips and travel-document info you enter so we can compute your visa days across devices. You can delete your account and all related data from the app at any time.

1. Information we collect

1.1 Account information

Username you choose (used to sign in).
PIN (4–6 digits), stored only as a one-way hash — we never see your PIN in plain text.
Optional recovery email, only if you choose to set one for PIN recovery. You can use TravelDays without ever providing an email.
Optional display name and nationality, used to personalize the app and tailor visa rules.

1.2 Travel data you enter

Trips (country, entry/exit dates, notes).
Passports and identity documents you choose to track (e.g. number, country, expiry).
Visa registrations (e.g. ESTA, residence permits) you add.
Family members you add for shared compliance tracking.
Notification preferences and any notes or suggestions you submit.

1.3 Device and technical information

A device identifier we generate locally so multiple devices can sync to your account.
Basic request logs (timestamp, endpoint, status code) for security and debugging. These are kept short-term.
Crash and error diagnostics if you have them enabled in your device settings.

1.4 What we do NOT collect

We do not require your real name, phone number, address, or government ID.
We do not access your contacts, photos, microphone, or camera unless you explicitly grant a permission for a specific feature.
We do not track your location in the background. Day-counting uses the trips you enter manually. If you grant location permission, the app may use your current position only as an optional convenience to suggest a country when you add a trip — your location is not stored on our servers.
We do not sell your data to anyone, ever.

2. How we use your information

To provide the core service: computing visa-days, residency days, ESTA windows, and sending the alerts you opt into.
To sync your trips and settings across your own devices.
To respond when you contact support.
To detect abuse, prevent fraud, and keep the service running.
To improve the app (aggregated, non-identifying usage patterns).

3. Legal basis (for users in the EU/UK)

We process your data on the basis of (a) performance of a contract — you ask us to track your trips and we cannot do that without storing them, (b) your consent for optional features such as recovery email or notifications, and (c) our legitimate interests in keeping the service secure and functional.

4. Sharing and third parties

We do not sell or rent your data. We share data only with the small number of service providers required to run the app:

Hosting and database — to store your account and trips.
Email and SMS providers — only if you opt into PIN recovery or notification channels that need them.
AI provider — if you use the in-app travel advisor, the message you send is forwarded to a language-model provider to generate the answer. We do not send your trip history unless you include it in your question.

TravelDays is completely free. There are no in-app purchases or subscriptions, so we do not collect or process payment information of any kind.

Each provider is bound by their own privacy and security obligations and only receives the minimum data needed to perform their function.

5. Security

PINs are stored as one-way hashes. We cannot reveal your PIN to anyone, including you — that is why we offer optional recovery.
Authentication uses per-user signed tokens (JWT) so each request is scoped to your account.
Traffic between the app and our servers is encrypted in transit (HTTPS/TLS).
Access to production data is limited to a small number of operators and is logged.

6. Data retention

We keep your account data while your account exists. When you delete your account, we delete your trips, registrations, passports, family members, devices, and account record from our active database. Backups are rotated and overwritten on a rolling schedule.

7. Deleting your account

You can delete your account and all associated data at any time:

Open TravelDays.
Go to Profile → Delete Account.
Re-enter your PIN and type DELETE to confirm.

8. Your rights

Depending on where you live (EU/UK GDPR, California CCPA/CPRA, and similar laws), you may have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Delete your data (see Section 7).
Export your data in a portable format.
Object to or restrict certain processing.
Withdraw consent for optional features (e.g. recovery email, notifications) at any time.

9. Children

TravelDays is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.

10. International transfers

Our servers may be located outside your country of residence. By using TravelDays you understand that your data may be processed in those locations, with appropriate safeguards in place.

11. Changes to this policy

If we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you in the app. Continued use of TravelDays after a change means you accept the updated policy.

12. Contact

Questions, requests, or concerns? Reach us at davar@rasab.io.