Privacy Policy

Voynara is responsible for the personal data used to operate the platform, except where a provider acts as an independent controller for its own services.

For privacy questions or requests, contact [email protected].

We collect account data such as name, email, profile photo, and Google identifier when you sign in with Google OAuth.

We also collect data you provide or generate in the platform, such as travel preferences, searched destinations, itineraries, place feedback, profile data, and technical logs.

Application technical logs use truncated or masked IP addresses, plus technical identifiers needed for security, diagnosis, and abuse prevention.

We use data to authenticate your account, maintain your session, create and save itineraries, personalize suggestions, remember preferences, prevent abuse, fix issues, and improve the experience.

We do not sell personal data. We also do not send name, email, photo, user id, profile fields, or authenticated-app search parameters through the analytics boundary.

We process data based on contract performance and pre-contractual steps when needed to deliver accounts, itineraries, and purchased features.

We may also rely on legitimate interest for security, abuse prevention, internal metrics, and product improvement, with impact considered for the data subject.

We use consent for Google Analytics and optional preferences. We may process data to comply with legal or regulatory obligations and to exercise rights in legal proceedings.

We share data only when needed to operate Voynara, load maps, authenticate users, measure consented usage, or comply with legal duties.

Necessary cookies maintain authentication, security, OAuth, session, and language. They are used to deliver the requested service.

Google Analytics only loads after you accept analytics. If you reject it, analytics scripts are not rendered by the application.

In the authenticated app, analytics page views are sent without URL query parameters, avoiding searched destination or other navigation details.

We use technical and organizational controls appropriate to the product stage to protect data against improper access, loss, alteration, and unauthorized disclosure.

Application logs remove sensitive data, mask and truncate known IP fields, and do not record raw query strings in the main request trail.

We keep data for as long as needed to operate accounts, comply with legal duties, resolve disputes, prevent abuse, and preserve minimum security records. Deleted accounts can be restored for 30 days; after that, operational data linked to the data subject is erased or unlinked according to the retention policy.

You may request confirmation of processing, access, correction, anonymization, blocking, deletion, portability, information about sharing, withdrawal of consent, and review of automated decisions where applicable.

You can update profile data, delete your account, and reopen cookie preferences in the app. You may also submit a complaint to the ANPD. To exercise rights by email, contact [email protected].

Some providers may process data outside Brazil. When this happens, we use recognized providers and contractual measures compatible with LGPD.

We may update this Policy to reflect product, provider, or legal changes. The date above identifies the latest version.

Privacy questions can be sent to [email protected].