Byline Travel
Log InStart Planning
Start PlanningLog In

Byline Travel is currently in alpha. Some features described below (e.g., data export) are still being built. This policy is otherwise fully effective.

Privacy Policy

Byline Travel, Inc. • Last Updated: April 9, 2026

This policy describes how we collect, use, and protect your information when you use Byline Travel.

Contents

1. Information We Collect2. How We Use Your Information3. How We Share Your Information4. Data Retention5. Your Rights6. Security7. Cookies and Tracking8. International Data Transfers9. Children's Privacy10. Changes to This Policy11. Contact Us

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Profile photo (optional)
  • Authentication credentials (hashed passwords or OAuth tokens)

1.2 Profile & Travel Information

To provide personalized travel recommendations, we collect:

  • Birth year (not full date of birth)
  • Gender, citizenship, country of residence
  • Home city and preferred airports
  • Phone number and emergency contacts
  • Travel preferences (accommodation, dining, activities)
  • Hobbies and interests
  • Loyalty program information (airlines, hotels)
  • Budget preferences

1.3 Trip & Reservation Data

When you plan trips, we collect:

  • Trip details (destinations, dates, descriptions)
  • Reservation information (flights, hotels, restaurants, activities)
  • Booking confirmation numbers and costs
  • Trip participants and sharing permissions

1.4 Communication & AI Data

We store your interactions with our AI features:

  • Chat conversations with our AI assistant
  • Natural language queries (e.g., “Find me a hotel in Paris”)
  • AI-generated trip intelligence and recommendations
  • User feedback on AI suggestions

1.5 OAuth Connected Accounts

With your permission, we access data from connected accounts:

  • GitHub: Profile information (name, email, avatar) for authentication
  • Google: Profile information (name, email, profile photo) and YouTube data (channel information, subscriptions, playlists, liked videos, and activity history) via the youtube.readonly scope. See Section 1.7 for full details on Google user data.
  • Spotify: Profile information, top artists and tracks, recently played tracks, and saved library items. We use this data to personalize activity and experience recommendations.
  • Facebook: Profile information and page likes. We use this data to understand your interests for travel recommendations.

You can disconnect any connected account at any time from your Account Settings.

1.6 Usage & Analytics Data

We automatically collect:

  • Device information (browser, OS, device type)
  • IP address and approximate location data
  • Pages visited and features used
  • Performance metrics and error logs
  • Session replay data (with text and media masked for privacy)

1.7 Google User Data

Byline Travel’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Data We Access

When you connect your Google account, we request the following scopes:

  • openid, profile, email — Your name, email address, and profile photo for authentication
  • youtube.readonly — Read-only access to your YouTube channel information, subscriptions, playlists, liked videos, and activity history

How We Use Google Data

We use your Google profile data to authenticate your account and your YouTube data to understand your interests and provide personalized travel recommendations (e.g., suggesting destinations, activities, or dining experiences that match topics you follow on YouTube). Google user data is used solely to provide and improve user-facing features within Byline Travel.

How We Store Google Data

Google user data is stored in our encrypted database (Neon PostgreSQL with encryption at rest) and cached in Upstash Redis with automatic expiration. Data is retained while your account is active and deleted within 30 days of account deletion.

How We Share Google Data

We do not sell, rent, or trade your Google user data. We do not share Google user data with third parties except as necessary to provide the Service (e.g., our database and caching infrastructure). We do not use Google user data for advertising, retargeting, or any form of interest-based advertising.

Limited Use Disclosure

Our use of Google user data complies with Google’s Limited Use requirements. Specifically:

  • We only use Google user data to provide or improve user-facing features that are prominent in our application
  • We do not transfer Google user data to third parties except to provide or improve user-facing features, for security purposes, or to comply with applicable law
  • We do not use Google user data for serving advertisements or for retargeting, personalized, or interest-based advertising
  • We do not use Google user data to train artificial intelligence or machine learning models
  • We do not allow humans to read Google user data unless the user has given affirmative consent, it is necessary for security purposes, or it is required by law

How to Revoke Access

You can disconnect your Google account and revoke our access to your YouTube data at any time from Settings → Accounts → Connected Accounts. You can also revoke access from your Google Account permissions page.

2. How We Use Your Information

2.1 Provide Travel Planning Services

  • Create and manage your trips and reservations
  • Search for flights, hotels, restaurants, and activities
  • Generate trip itineraries and timelines
  • Facilitate trip sharing with other travelers

2.2 Personalize Your Experience

We use your travel history, preferences, and connected account data (such as YouTube subscriptions and Spotify listening history) to generate personalized recommendations and trip intelligence, including:

  • Destination suggestions based on your interests
  • Activity and dining recommendations
  • Packing lists customized to your destination
  • Cultural insights and local customs
  • Weather forecasts and what to expect

2.3 Analytics & Product Improvement

  • Understand how users interact with our platform
  • Identify and fix bugs and performance issues
  • Test new features and improvements
  • Analyze usage patterns to enhance user experience

2.4 Communications

We may use your contact information to send:

  • Trip reminders and updates
  • Product updates and new features
  • Marketing communications (with opt-out option)
  • Security and policy notifications

2.5 Legal Compliance

  • Comply with legal obligations
  • Prevent fraud and abuse
  • Enforce our terms of service
  • Respond to legal requests

3. How We Share Your Information

3.1 Service Providers

We share data with third-party services that help us operate the platform:

  • Authentication: GitHub OAuth, Google OAuth, Facebook OAuth, Apple, Spotify
  • Travel APIs: Amadeus (flights), Duffel (flights/stays), Google Maps/Places (locations), Yelp (restaurants), Viator (activities), OpenWeatherMap (weather)
  • AI Services: OpenAI (chat and recommendations), Google Vertex AI (content generation)
  • Analytics: Sentry (error tracking), Vercel Analytics (web analytics), PostHog (product analytics, session replay)
  • Infrastructure: UploadThing (file uploads), Neon PostgreSQL (database), Upstash (Redis caching, job queues)

3.2 Trip Participants

When you share a trip with others:

  • Trip participants can see trip details, itineraries, and reservations
  • Your name and profile photo are visible to participants
  • You control who has access to each trip via sharing settings

3.3 Public Trip Templates

If you publish a trip as a public template:

  • Trip destination, dates, and itinerary become publicly visible
  • Your name and profile appear as the creator
  • Personal reservation details (confirmation numbers, costs) are NOT shared

3.4 Legal Requirements

We may disclose your information if required by law or to:

  • Comply with legal process or government requests
  • Enforce our terms of service
  • Protect our rights, property, or safety
  • Prevent fraud or abuse

3.5 Business Transfers

If Byline Travel is acquired or merged, your information may be transferred to the new entity. We will notify you of any such change and any choices you may have regarding your information.

3.6 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or Google user data to third parties. We do not share your data with advertising platforms, data brokers, or information resellers.

4. Data Retention

We retain your data as follows:

  • Account Data: Retained while your account is active
  • Trip Data: Retained while your account is active, or until you delete individual trips
  • Chat Conversations: Retained to provide and improve the Service’s user-facing features
  • Connected Account Data (Google, Spotify, etc.): Retained while the account is connected; deleted when you disconnect the account or delete your Byline account
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely
  • Deleted Accounts: Personal data is deleted within 30 days of account deletion, though some aggregated or anonymized data may remain

To delete your account, go to Settings → Account → Delete Account. This action is irreversible.

5. Your Rights

You have the following rights regarding your personal information:

5.1 Access Your Data

You can view and manage most of your data through your Account Settings and Profile pages. You may also request a copy of your data by contacting us at info@byline.travel.

5.2 Correct Inaccuracies

You can update your profile information, travel preferences, and trip data at any time through the app.

5.3 Delete Your Account

You can delete your account from Settings → Account → Delete Account. This will remove your personal information within 30 days.

5.4 Manage Connected Account Permissions

You can disconnect linked accounts (GitHub, Google, Spotify, Facebook) from Settings → Accounts → Connected Accounts. Disconnecting Google will revoke YouTube data access. Disconnecting Spotify will revoke music listening data access.

5.5 Opt Out of Analytics & Manage Cookie Preferences

When you first visit our site, a cookie consent banner allows you to accept or reject non-essential cookies by category (analytics, marketing, and preferences). You can change your preferences at any time by clicking “Cookie Settings” in the site footer. Rejecting analytics cookies will disable PostHog product analytics, session replay, Sentry session replay, Vercel Analytics, and Vercel Speed Insights. Rejecting marketing cookies will disable affiliate tracking scripts. Your browser’s Global Privacy Control (GPC) signal is also honored automatically.

5.6 GDPR & CCPA Rights

If you are in the EU, UK, or California, you have additional rights:

  • Right to access your personal data
  • Right to erasure/deletion
  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to withdraw consent

To exercise any of these rights, contact us at info@byline.travel. We will respond within 30 days.

6. Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it. Our current security practices include:

  • HTTPS/TLS encryption for all data in transit
  • Database encryption at rest
  • Password hashing (bcrypt)
  • OAuth 2.0 authentication with secure token storage
  • Role-based access controls
  • Automated error monitoring and alerting (Sentry)
  • Regular security reviews and continuous improvement

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. If you suspect a security issue, please report it immediately to info@byline.travel.

Breach Notification

If we discover a data breach affecting your personal information, we will notify you via email and comply with all applicable breach notification laws.

7. Cookies and Tracking

We use a cookie consent management tool to let you control which cookies and tracking technologies are active. On your first visit, a banner asks you to accept or reject non-essential cookies. You can update your choices at any time via the “Cookie Settings” link in the site footer. We honor the Global Privacy Control (GPC) browser signal as an automatic opt-out.

7.1 Strictly Necessary Cookies

These cookies are required for the site to function and cannot be disabled. They do not require consent.

  • Session token (authjs.session-token) — Authenticates your session (httpOnly, secure, session duration)
  • CSRF token (authjs.csrf-token) — Protects against cross-site request forgery (session duration)
  • Pending trip state (pending_trip_state) — Preserves trip data before login (httpOnly, 1 hour)
  • Pending suggestion (pending_suggestion) — Preserves suggestion data before login (httpOnly, 1 hour)

7.2 Analytics Cookies

These are only activated after you grant analytics consent:

  • PostHog (ph_* cookies + localStorage) — Product analytics, page view tracking, feature usage, and session replay (text and media masked). Proxied through our own domain for privacy.
  • Sentry Session Replay — Records anonymized browser sessions to help us debug errors (text masked, media blocked). Error monitoring without replay runs independently under legitimate interest.
  • Vercel Analytics — Cookieless web analytics for page view counts and traffic patterns.
  • Vercel Speed Insights — Core Web Vitals and performance metrics via beacon.

7.3 Marketing & Affiliate Cookies

These are only activated after you grant marketing consent:

  • Travelpayouts — Affiliate tracking for travel booking partnerships. May set third-party cookies.

7.4 Preference Cookies

These are only activated after you grant preferences consent:

  • Theme preference (byline_theme) — Remembers your light/dark mode choice (1 year)

7.5 Consent Records

We record your consent choices (categories accepted/rejected, timestamp, and a device identifier) to demonstrate compliance with GDPR and CCPA/CPRA. These records do not contain personally identifiable information beyond what is necessary for the audit trail.

8. International Data Transfers

Byline Travel is based in the United States. Our infrastructure and service providers are primarily located in the US:

  • Database: Neon PostgreSQL (US region)
  • Hosting: Vercel (US region)
  • AI Services: OpenAI (US), Google Vertex AI (US)

If you access our service from outside the United States, your information will be transferred to, stored, and processed in the US. We rely on Standard Contractual Clauses and other lawful transfer mechanisms to protect your data when transferred internationally.

9. Children’s Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. We will delete such information from our systems.

10. Changes to This Policy

We may update this privacy policy from time to time. When we make material changes:

  • We will update the “Last Updated” date at the top of this policy
  • We will notify active users via email
  • We will post a prominent notice on the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. If you do not agree with the changes, you should stop using the Service and may delete your account.

11. Contact Us

If you have questions, concerns, or requests regarding this privacy policy or your personal information, please contact us:

Byline Travel, Inc.

Email: info@byline.travel

We will respond to privacy inquiries within 5–7 business days.

This privacy policy is effective as of April 9, 2026. Version: 3.0

Back to Top ↑

Plan your next

Your next story starts here.

Plan it with AI. One beautiful itinerary, always up to date.

Start a tripDiscover
Byline Travel

Plan together, travel seamlessly. AI-powered trip planning for every kind of traveler.

Sign in to subscribe. We don’t share your email. Unsubscribe anytime.

Plan

  • Start Planning
  • Solo Adventure
  • Family Trip
  • Friends Getaway
  • How It Works

Discover

  • Destinations
  • Journeys
  • Trip Ideas
  • Blog

Support

  • Help Center
  • 24/7 AI Assistant
  • Human Concierge
  • Contact Us

Company

  • Our Story
  • Team
  • Careers
  • Press

For Creators

  • Become a Guide
  • Creator Tools
  • Earnings
Plan▾
  • Start Planning
  • Solo Adventure
  • Family Trip
  • Friends Getaway
  • How It Works
Discover▾
  • Destinations
  • Journeys
  • Trip Ideas
  • Blog
Support▾
  • Help Center
  • 24/7 AI Assistant
  • Human Concierge
  • Contact Us
Company▾
  • Our Story
  • Team
  • Careers
  • Press
For Creators▾
  • Become a Guide
  • Creator Tools
  • Earnings
Byline Travel

© 2026 Byline Travel. All rights reserved.

Privacy PolicyTerms of Service