Privacy Policy

Last updated: REPLACE WITH DATE

⚠ Replace this document before launch. This is a starter template, not a legally reviewed Privacy Policy. Use Termly, Iubenda, or an attorney to generate a GDPR/CCPA-compliant policy. Stripe requires a working Privacy Policy link before activating live payments.

What we collect

Account information when you sign in with Google: your name, email address, and profile picture URL.
Subscription information if you subscribe: your Stripe customer ID and subscription status. We do not store credit card numbers — Stripe processes and stores all payment information.
Search activity for the purpose of enforcing daily limits and providing the service: a hash of your anonymous identifier or user ID, a hash of your search query, and the date.
Standard server logs: IP address, user agent, request paths, and timestamps, retained for up to 30 days for security and debugging.

What we don't do

We don't sell your personal information.
We don't run third-party advertising trackers.
We don't share data with airlines.

Third parties we use

Google for Sign-In (privacy policy)
Stripe for payment processing (privacy policy)
Fly.io for hosting (privacy policy)

Cookies

We use two cookies: gw_session (your login session, removed when you sign out) and gw_anon (anonymous identifier for free-tier rate limiting, expires after one year). Both are HttpOnly and same-site Lax.

Your rights

You can sign out at any time, which clears your session. To delete your account and associated data, email ruben@hellometer.io and we'll remove it within 30 days.

Children

WildSearch is not directed at children under 13 and we do not knowingly collect data from them.

Changes

If we materially change how we handle your data, we'll update the "Last updated" date above and notify subscribers by email.

Contact

Privacy questions: ruben@hellometer.io