Legal

Privacy Policy

Effective April 20, 2026

This Privacy Policy explains what Basho Travel collects, how we use it, and who it’s shared with. Basho Travel is operated by Curt Middleton Design, LLC, a New York limited liability company.

1. What we collect

  • Account info: email address, name, hashed password, profile photo if you upload one.
  • Your content: trips, plans, photos, notes, addresses, shared-trip tokens, wishlist items.
  • Email you forward: if you send emails to your Basho Travel inbox alias, we store the raw body plus the extracted plan details.
  • Technical data: IP address, browser and device information, pages visited, and timestamps — used for debugging, security, and usage analytics during beta.
  • Feedback: anything you submit through the in-app Feedback button.

2. How we use it

  • To run the service and keep your account secure.
  • To parse forwarded emails into structured plans.
  • To send transactional emails (confirmations, invites, password resets).
  • To understand how the beta is being used and fix bugs.

We do not sell your data, and we don’t send marketing email unless you opt in.

3. Who we share it with

Basho Travel relies on a handful of third-party services that process data on our behalf:
  • Supabase — database hosting, authentication, and file storage.
  • Resend — outgoing email (confirmations, invites) and inbound email parsing.
  • OpenAI — parsing the text of emails you forward into structured plan data. Content is sent to OpenAI’s API; per their policy, API inputs are not used to train their models.
  • Google Maps — geocoding the addresses on your plans and rendering maps.
  • Unsplash — fetching stock cover photos for your trips based on the destination you enter.
  • Vercel — application hosting and request routing.

We may also disclose information if required by law or to protect rights and safety.

4. Sharing and collaborators

When you invite collaborators or create a public share link for a trip, anyone with the link or an accepted invite can see the shared content on the terms you set.

5. Retention

We keep your data while your account is active. When you delete your account (email hello@basho.travel), we remove your account and associated content within 30 days. Backups may persist for a short period after that.

6. Your rights

You can request a copy of your data, correct it, or delete it at any time by emailing hello@basho.travel. If you’re in the EU/UK, California, or another jurisdiction with data-protection laws, you have additional rights that we honor on request.

7. Children

Basho Travel isn’t intended for users under 13. If you believe a child has signed up, contact us and we’ll remove the account.

8. Security

We use industry-standard measures (encryption in transit, hashed passwords, RLS on the database) to protect your data. No system is perfectly secure; if we discover a breach affecting you, we’ll notify you by email.

9. Changes

We may update this Policy from time to time. Material changes will be emailed to registered users before taking effect.

10. Contact

Questions about privacy? hello@basho.travel