← Back to home

Privacy Policy

Last updated: June 20, 2026

This Privacy Policy describes what data the WaysToTravel web service ("Service") collects, why it is used, and with whom it may be shared.

1. Who is responsible

The controller of personal data for the Service is Anton Zavidonov (Sofia, Bulgaria). Contact details are in Contact below.

2. YouTube API Services

The WaysToTravel Service uses YouTube API Services. Google's handling of user data is described in the Google Privacy Policy. The sections below explain what Google and YouTube data we access and how we use it in the Service.

3. Data we process

  • Account: email address, name, profile image (if you sign in with Google), and optionally a password if you register with email.
  • Google sign-in: Google account identifier, access tokens and granted OAuth scopes needed for authentication and requested features.
  • YouTube (read-only): when you connect it separately under "Profile → Connections" — see details below. We do not post content on your behalf or manage your channel.
  • Preferences and activity: travel-style settings (including slider preferences), interest tags, saved and liked places, destination search parameters, companion-related data you choose to share, reviews and feedback, and technical logs needed for recommendations.
  • Content you type: for example free-text trip wishes — used to generate recommendations and may be sent to AI providers (see below).

Google user data we access and why:

  • Google sign-in (scopes: openid, email, profile): name, email address, profile picture and Google account ID — to create your account and authenticate you.
  • YouTube (scope: youtube.readonly, only when you connect it separately): titles of channels you subscribe to; video IDs you have liked; video metadata (title, description, thumbnail, channel name) when searching for travel videos for destinations. This data is used to personalize recommendations and show relevant videos in the Service.

How we process and store Google data: OAuth tokens and granted scopes are stored in our PostgreSQL database on our hosting provider (Vercel). Tokens are used solely to call Google/YouTube APIs on your behalf within the Service. A short summary of YouTube interests (channel titles, keywords) may be cached in server memory for up to 24 hours to speed up recommendations. Video search results may be cached for up to 7 days. We do not sell Google user data or share it with third parties for their own advertising or profiling.

Sharing with external parties:

  • Google LLC — during OAuth authorization and YouTube Data API calls (data is transmitted to Google as part of their services).
  • Vercel Inc. — application and database hosting where tokens and user settings are stored.
  • AI providers (e.g. OpenAI) — for personalized recommendations we may send generalized interest keywords (e.g. "travel vlogs", "hiking") derived from your YouTube subscriptions, but we do not send your Google ID, email or OAuth tokens.

Internal use: Google user data is processed only by the Service operator (Anton Zavidonov) for support, debugging and product improvement. Access is limited to hosting and database administration tools.

Revoking access: you can disconnect YouTube under "Profile → Connections" in the Service, or revoke access in your Google Account permissions. After revocation we delete stored YouTube OAuth tokens and stop making YouTube API requests on your behalf.

4. AI and recommendations

The Service may call external AI model providers (e.g. OpenAI or similar) to suggest destinations, tags, explanations and search hints. Requests may include preferences and search context. When personalization is enabled, we may store a compact preference summary in our database and link individual searches to an OpenAI conversation for follow-ups within the same search; you can reset long-term memory via DELETE /api/profile/travel-memory. Output is informational only and is not a contract or professional travel advice.

5. Analytics

We use analytics and performance tools (Vercel Analytics, Vercel Speed Insights) and PostHog for aggregated or pseudonymous product events (e.g. onboarding completed, place saved) to improve the Service.

6. Cookies and session

We use cookies and similar technologies for sign-in sessions (e.g. NextAuth.js), CSRF protection, and language preferences. You can restrict cookies in your browser; some features may stop working.

7. Storage and security

Data is stored on secured servers (including a PostgreSQL database at our hosting provider). We use common safeguards (HTTPS, access control), but no online service is perfectly secure.

8. Sharing

Data may be processed by:

  • Google — sign-in, OAuth, YouTube API (per your consent in Google's UI);
  • AI providers — to generate recommendations;
  • hosting/infrastructure (e.g. Vercel) — to run the Service;
  • PostHog — for product analytics (usage events) in pseudonymous or aggregated form;
  • map/video/event providers — as needed to show content.

We do not sell your personal data.

9. Retention

We keep data while your account exists and we need it for the purposes above, or as required by law. You may request deletion — see "Your rights".

10. Your rights

Depending on your region you may have rights to access, rectify, erase, restrict, object or export data. Contact us using the details below; we will respond within a reasonable time.

11. Children

The Service is not directed at children under 16 (or the age required in your jurisdiction). Contact us if you believe we have collected a child's data without appropriate consent.

12. Changes

We may update this policy. The current version is always on this page; the "Last updated" date is shown at the top.

13. Contact

Anton ZavidonovSofia, Bulgaria.

Email: anton_zavid@mail.ru

Website: https://aazavid.github.io/

Privacy Policy — WaysToTravel · Ways to Travel