TravelGoSeek
Sign in

Privacy Policy

Effective June 28, 2026

This page is maintained by Laura Cole Creative LLC to answer common privacy questions about TravelGoSeek. It is provided for general information only and is not legal advice — please review with your own counsel before publishing.

1. Who we are

TravelGoSeek (the “App”) is operated by Laura Cole Creative LLC(“we”, “us”, “our”). You can contact us at privacy@travelgoseek.com.

2. Information we collect

  • Account info: email address, display name, and (optionally) profile photo.
  • Sightings: bird species, photos you upload, the date, and the location you choose to attach.
  • Usage: basic device/app analytics to keep TravelGoSeek running smoothly.
  • Payments: processed by our payment provider — we do not store full card numbers.

3. How we use information

  • To operate the App, validate sightings, and award points and badges.
  • To send service emails (sign-up confirmation, purchase receipts, new region launches, badge unlocks).
  • To improve features and prevent abuse.
  • On the free tier, to display ads via Google AdMob.

4. Sighting privacy

Your exact GPS coordinates, photos, and notes are visible only to you. Aggregate counts (e.g. total species spotted) may be shown publicly without identifying you.

5. Sharing

We don't sell your personal information. We share data only with service providers who help us run the App (hosting, payments, email delivery, analytics, ads), and when required by law.

6. Your rights

You can request access, correction, export, or deletion of your account data at any time by emailing privacy@travelgoseek.com. EU/UK users have rights under GDPR; California users have rights under the CCPA.

7. Children

TravelGoSeek is not directed to children under 13 (or under 16 in the EU). If you believe a child has created an account, contact us and we will remove it.

8. Data retention

When you close your account or request erasure, we anonymize your data rather than deleting it outright: personal identifiers (email, display name, profile photo, precise coordinates, device IDs) are stripped, and the remaining sighting records are retained as anonymous biodiversity data to support conservation reporting. Backups containing identifiers expire within ~90 days.

9. GDPR considerations (EU/UK users)

TravelGoSeek launches first in Spain, so we treat the EU GDPR (and the UK GDPR) as our baseline. This section explains how we apply it.

Controller

Laura Cole Creative LLC is the data controller for personal data processed through the App. Privacy requests: support@travelgoseek.com.

Legal bases (Art. 6)

  • Contract: creating your account, storing sightings, processing purchases and subscriptions.
  • Legitimate interests: preventing abuse, basic product analytics, securing the service.
  • Consent: personalized ads on the free tier, optional marketing emails — you can withdraw at any time.
  • Legal obligation: tax, accounting, and responding to lawful requests.

Your rights (Art. 15–22)

  • Access, rectification, erasure, restriction, and objection.
  • Data portability — export your sightings and profile in a machine-readable format.
  • Withdraw consent at any time (without affecting prior lawful processing).
  • Lodge a complaint with your local supervisory authority — in Spain, the Agencia Española de Protección de Datos (AEPD).

To exercise any of these rights, email support@travelgoseek.com. We respond within 30 days.

Erasure & anonymization

When you request erasure, we remove personal identifiers from your account and sightings within 30 days. The de-identified sighting records (species, region, coarse date) may be retained indefinitely as anonymous biodiversity data — this data can no longer be linked back to you and falls outside the scope of GDPR personal data.

International transfers

Some of our service providers (hosting, payments, email, analytics, ads) process data outside the EU/UK. Where required, transfers rely on the European Commission's Standard Contractual Clauses or an adequacy decision.

Subprocessors

We use vetted providers for hosting and database, payment processing, email delivery, product analytics, and (on the free tier) Google AdMob. A current list is available on request.

Automated decision-making

We do not make decisions that produce legal or similarly significant effects about you using automated processing alone.

EU representative (Art. 27)

An EU representative has not yet been appointed. Until one is named, please direct all GDPR inquiries to support@travelgoseek.com.

Children

In the EU, the minimum age to consent to our processing is 16 (or the lower age set by your member state, where applicable). We do not knowingly collect data from children below this age.

10. Subprocessors

We use the following vetted providers ("subprocessors") to operate TravelGoSeek. We notify users of material changes by updating this list. Last updated June 28, 2026.

ProviderPurposeData categoriesRegion
Supabase (managed via Lovable Cloud)Database, auth, storageAccount, sightings, photosEU / US
CloudflareHosting, CDN, DDoS protectionIP, request logsGlobal edge
StripePayments & subscriptionsEmail, billing details, transaction historyEU / US
Resend (transactional email)Service emails & receiptsEmail address, message metadataEU / US
Google AdMobAds on the free tierAdvertising ID, device data, ad interactionsGlobal
Google Analytics for Firebase / PlausibleProduct analytics (opt-in)Aggregated usage eventsEU / US
Apple App Store & Google PlayApp distribution, in-app purchasesReceipts, anonymized device IDsGlobal

Questions about a subprocessor? Email privacy@travelgoseek.com.

11. Data Processing Addendum (DPA)

For business customers (white-label partners, schools, organizations buying bulk licenses) who need a written DPA covering processing of personal data on their behalf, we provide a standard DPA on request, including:

  • Description of processing, categories of data subjects and data.
  • Roles (we typically act as processor for organization-managed accounts and controller for direct consumer users).
  • Security measures, breach notification timeline, and subprocessor list above.
  • EU/UK Standard Contractual Clauses (2021/914) and UK IDTA addendum where applicable.
  • Audit, return-and-deletion, and liability provisions.

Request a DPA from legal@travelgoseek.com. Last updated June 28, 2026.

12. Cookies & tracking

The web app uses three cookie categories: essential (sign-in, security, payments — always on), analytics (opt-in), and ads (opt-in, used by Google AdMob on the free tier). You can change your choices at any time from the "Cookie preferences" link in the footer. On mobile, advertising consent is collected on first launch via the Google UMP SDK.

13. Submit a data request

Use our GDPR / data request form to export your data, ask us to correct it, or request deletion. We log each request for compliance and respond within 30 days.

14. Changes

We may update this policy from time to time. Material changes will be announced in the App or by email.