Vectorra

Privacy Policy

Last updated: February 20, 2026

1. Introduction

Vectorra ("we", "us") is an adventure travel itinerary planning platform operated from the Czech Republic. This policy explains how we collect, use, and protect your personal data in accordance with the EU General Data Protection Regulation (GDPR).

2. Data Controller

Vectorra, operated from the Czech Republic. Contact: hello@vectorra.com

3. What Data We Collect

  • Account data: email address, first name, last name (provided at registration)
  • Organization data: organization name, currency preferences, contact information (optional)
  • Content data: itineraries, client records, gear lists, tasks, route plans, and other content you create
  • Usage data: AI feature usage (feature type, token counts — no prompts or outputs stored long-term)
  • Technical data: IP address, browser type (processed by infrastructure providers, not stored by us)

4. How We Use Your Data

  • To provide and operate the Vectorra platform
  • To authenticate your account and manage access
  • To process AI-powered features (content generation, translations)
  • To communicate with you about your account (transactional emails)
  • To improve the platform (aggregated, anonymized usage patterns)

We do NOT sell your data. We do NOT serve ads. We do NOT build advertising profiles.

5. Legal Basis for Processing (GDPR Art. 6)

  • Contract performance: operating your account and providing the service
  • Legitimate interest: security, fraud prevention, service improvement
  • Consent: optional features like live chat (Crisp)

6. Third-Party Services

We use the following processors to operate Vectorra. All have GDPR-compliant Data Processing Agreements:

  • Supabase (database & authentication) — EU region, Frankfurt
  • Vercel (hosting) — EU region, Frankfurt
  • Cloudflare (DNS, CDN, security) — global, EU-compliant
  • Crisp (live chat support) — EU
  • Anthropic (AI features) — US, data processed per API request only, not retained

7. Data Storage and Security

Your data is stored in the EU (Frankfurt, Germany). We use encryption in transit (TLS) and at rest (Supabase encryption). Access is controlled through role-based permissions and row-level security policies.

8. Cookies

We use only essential and functional cookies:

  • Authentication cookies (Supabase) — required for login sessions
  • Security cookies (Cloudflare) — required for DDoS protection
  • Chat cookies (Crisp) — functional, for live support

We do NOT use analytics or tracking cookies. We do NOT use Google Analytics or any similar tracking service.

9. Your Rights

Under GDPR, you have the right to:

  • Access your data (Settings → Privacy → Download My Data)
  • Rectify inaccurate data (Settings → Account)
  • Delete your account and data (Settings → Privacy → Delete Account)
  • Data portability (CSV export available)
  • Object to processing — contact us at hello@vectorra.com
  • Lodge a complaint with a supervisory authority (ÚOOÚ — Czech Data Protection Office)

10. Data Retention

  • Active accounts: data retained while account is active
  • Deleted accounts: data is soft-deleted and permanently purged within 30 days
  • AI usage logs: retained for billing and limit tracking, purged after 12 months

11. Children

Vectorra is a B2B service for travel professionals. We do not knowingly collect data from anyone under 16. If you believe a child's data has been collected, contact us immediately.

12. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email or in-app notice. The "Last updated" date at the top reflects the most recent revision.

13. Contact

For any privacy-related questions or requests: hello@vectorra.com