Privacy Policy

• Account info: email address, name, hashed password, profile photo if you upload one.
• Your content: trips, plans, photos, notes, addresses, shared-trip tokens, wishlist items, faves, reviews, memories (photo/video/audio/text).
• Email you forward: if you send emails to your Basho Travel inbox alias, we store the raw body plus the extracted plan details.
• Connected Gmail (optional): if you connect a Gmail account, we store an encrypted refresh token, your Gmail address, and timestamps of scans. We also store the bodies of messages that match travel keywords and the plans we extract from them.
• Technical data: IP address, browser and device information, pages visited, and timestamps — used for debugging, security, and usage analytics during beta.
• Feedback: anything you submit through the in-app Feedback button.

• To run the service and keep your account secure.
• To parse forwarded emails into structured plans.
• To send transactional emails (confirmations, invites, password resets).
• To understand how the beta is being used and fix bugs.

We do not sell your data, and we don’t send marketing email unless you opt in.

• Supabase — database hosting, authentication, and file storage.
• Resend — outgoing email (confirmations, invites) and inbound email parsing.
• OpenAI — parsing the text of emails you forward into structured plan data. Content is sent to OpenAI’s API; per their policy, API inputs are not used to train their models.
• Google Maps — geocoding the addresses on your plans and rendering maps.
• Google (Gmail API) — if you connect Gmail, we use Google’s gmail.readonly scope to fetch travel-keyword messages from your inbox. Bashō’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including Limited Use. We do not transfer Gmail data to third parties except as needed to provide the service (our hosting provider and the OpenAI parsing step), do not use it for advertising, and do not allow humans to read it except for support purposes you’ve consented to (see “Beta operator access” below).
• Unsplash — fetching stock cover photos for your trips based on the destination you enter.
• Vercel — application hosting and request routing.

We may also disclose information if required by law or to protect rights and safety.

During the closed beta, the operator (Curt Middleton Design, LLC) may view content inside your account — trips, plans, memories, faves, forwarded email bodies, and Gmail messages we’ve scanned — to investigate bugs you report and to improve the product. We do this only to operate, support, and improve the service. We do not sell this content, share it with third parties for advertising, or use it to train models.

If you’d prefer your account not be inspected for support, email hello@basho.travel and we’ll honor that — with the caveat that we may be unable to debug issues you report without seeing what you see.

You can request a copy of your data, correct it, or delete it at any time by emailing hello@basho.travel. If you’re in the EU/UK, California, or another jurisdiction with data-protection laws, you have additional rights that we honor on request.

If you’ve connected Gmail, you can disconnect from Settings at any time to revoke our refresh token and stop future scans. You can also revoke access directly from your Google Account permissions page.