Privacy Policy

Last Updated: February 20, 2026

Welcome to RopeDrop Planner ("we," "our," or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner. This Privacy Policy explains how we collect, use, and protect your personal information.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address
Username (if provided)
Profile picture (from Google OAuth)
Google account ID (for authentication)

1.2 Trip Planning Data

When you use our trip planning features, we collect:

Trip names, dates, and details
Park reservations and dining reservations
Party size and lodging preferences
Notes and custom itinerary items

1.3 Uploaded Files

            Important: Uploaded files (PDFs, images) are processed immediately using Google Gemini AI
            to extract reservation details, then permanently deleted. We retain only the extracted text
            and parsed reservation data (restaurant names, dates, times, confirmation numbers).
        

1.4 Usage Data

We automatically collect:

IP address and browser information
Pages visited and features used
Session cookies for authentication

2. How We Use Your Information

We use your information to:

Provide our service: Create and manage your trip plans
AI Processing: Parse uploaded files to extract reservation details
Authentication: Verify your identity via Google OAuth
Improve our service: Analyze usage patterns and fix bugs
Communication: Send important service updates (we don't send marketing emails)

3. Third-Party Services

We use the following third-party services:

3.1 Google OAuth

For user authentication. Google's privacy policy applies: https://policies.google.com/privacy

3.2 Google Gemini AI

For parsing uploaded files. Your files are sent to Google's Gemini API for text extraction and are not stored by Google.

3.3 Google Maps API

For displaying park maps and directions.

3.4 Google Analytics

We use Google Analytics 4 (GA4) to understand how visitors use our site, including pages visited, session duration, and general geographic region. GA4 sets cookies (_ga, _ga_*) to distinguish unique visitors. Google Analytics is only loaded after you consent via our cookie banner. If you decline, no analytics cookies are set and no data is sent to Google.

Google's privacy policy applies: https://policies.google.com/privacy. You can also opt out via the Google Analytics Opt-out Browser Add-on.

3.5 Google Cloud Platform

Our infrastructure provider. Data is stored in Google Cloud's US data centers.

4. Data Retention

Account data: Retained until you delete your account
Trip data: Retained until you delete the trip or your account
Uploaded files: Deleted immediately after processing (within seconds)
Extracted text: Retained with your trip data
Session cookies: Expire after 30 days of inactivity

5. Your Rights

You have the right to:

Access: View all your personal data
Export: Download your trip data in JSON format
Delete: Permanently delete your account and all associated data
Correct: Update your profile information
Opt-out: Stop using our service at any time

To exercise these rights, use the "Delete Account" button in your profile settings or contact us at [email protected].

6. Data Security

We implement industry-standard security measures:

Encryption in transit: All data transmitted via HTTPS/TLS
Encryption at rest: Database encryption via our cloud database provider
Access control: Role-based permissions (admin vs. user)
Authentication: Secure OAuth 2.0 via Google
File validation: Uploaded files are validated for type and size

7. Children's Privacy

Our service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

8. International Users

Our service is hosted in the United States. If you access our service from outside the US, your data will be transferred to and processed in the US. By using our service, you consent to this transfer.

9. GDPR Compliance (EU Users)

If you are in the European Union, you have additional rights under GDPR:

Right to data portability
Right to restrict processing
Right to object to processing
Right to lodge a complaint with a supervisory authority

10. California Privacy Rights (CCPA)

California residents have the right to:

Know what personal information is collected
Know if personal information is sold or disclosed (we do not sell your data)
Request deletion of personal information
Opt-out of the sale of personal information (not applicable - we don't sell data)

11. Cookies

We use the following cookies:

Session cookies: Required for authentication (cannot be disabled)
CSRF token cookie: Required for form security (cannot be disabled)
Cookie consent preference: Remembers your Accept/Decline choice (stored in localStorage)
Analytics cookies (_ga, _ga_*): Set by Google Analytics only if you click "Accept" on the cookie banner. Used to distinguish unique visitors and understand site usage. These expire after 2 years.

We do not use advertising cookies. You can change your analytics cookie preference at any time by clearing your browser's localStorage for this site.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last Updated" date and, if appropriate, sending an email notification.

13. Contact Us

If you have questions about this Privacy Policy, please contact us:

Email: [email protected]
Website: RopeDrop Planner

← Back to Home