Citynio

Privacy Policy

Last updated: May 2026

1. Overview

This Privacy Policy explains how Citynio collects, uses, and protects your information when you use our service. We believe in keeping things simple and respecting your data.

2. Information We Collect

Account information: When you sign up, we collect your email address, password (hashed), and optional profile details (display name, username, home country, travel styles, avatar, bio).

User-generated content: Reviews, ratings, photos, saved cities, visited cities, trips, and itineraries you create.

Email preferences: Your opt-in choices for newsletters, promotions, and product updates.

Usage data: Pages visited, features used, IP address, browser type, device info, and time spent — collected via Google Analytics.

Contact form submissions: Name, email, and message when you reach out.

Cookies: Authentication tokens, session data, and analytics cookies.

3. How We Use Your Information

  • To provide and improve the Service (city recommendations, comparisons, itineraries)
  • To authenticate you and keep your account secure
  • To display your reviews and profile to other users (Travel DNA, public profile)
  • To send transactional emails (account confirmations, password resets)
  • To send marketing emails only if you opt in
  • To analyze site usage and improve our product
  • To prevent fraud, spam, and abuse

4. Third-Party Services

We use trusted third parties to run the Service:

  • Supabase — database, authentication, file storage
  • Vercel — hosting and edge delivery
  • Anthropic (Claude) — AI itinerary generation and content analysis
  • Google Analytics — anonymous usage tracking
  • Google OAuth — optional sign-in with Google (we only receive your name and email)

Each of these services has their own privacy policy. We only share the minimum data required for them to function.

5. What We Don't Do

  • We never sell your personal data to third parties
  • We don't share your email with advertisers
  • We don't use your reviews or photos for unrelated commercial purposes
  • We don't track you across other websites

6. Public vs Private Data

Publicly visible: Username, display name, avatar, bio, home country, Travel DNA, reviews you write, public profile, visited cities map.

Private: Email address, saved cities, trips, itineraries, account settings, email preferences.

7. Your Rights

You can:

  • Access, update, or delete your profile information at any time
  • Delete individual reviews you've written
  • Opt out of marketing emails from your profile settings
  • Request a copy of your data or full account deletion by contacting us

If you are in the EU/EEA, UK, or California, you have additional rights under GDPR / CCPA including the right to data portability, restriction of processing, and the right to lodge a complaint with a supervisory authority.

8. Data Retention

We retain your data for as long as your account is active. When you delete your account, we delete your personal data within 30 days, except where we are required to retain it for legal reasons (e.g. fraud prevention, tax records).

9. Security

We use industry-standard practices to protect your data: HTTPS encryption, hashed passwords, Row Level Security on the database, and access controls. No system is perfectly secure, but we work to keep risk low.

10. Children

Citynio is not directed at children under 13. We do not knowingly collect personal information from anyone under 13. If we discover such data has been collected, we will delete it.

11. International Transfers

Our infrastructure is global. Your data may be processed in countries other than your own (primarily the United States and EU). We rely on standard contractual clauses and other lawful transfer mechanisms.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the site or via email.

13. Contact

Questions, concerns, or data requests? Reach out via our contact page.