Privacy Policy
Last updated: 6 May 2026 · Effective: 6 May 2026
This is the privacy policy for Skir ("Skir," "we," "us"), the AI itinerary-planner app published on the Apple App Store with bundle ID app.skir. We try to keep this short and in plain English. If anything is unclear, email privacy@skir.app.
The short version. We collect what we need to sign you in, generate your itineraries, and manage your subscription — and nothing else. We do not run advertising SDKs, do not sell or rent your data, and do not track you across other apps or websites.
1. What we collect (and why)
The categories below mirror what you'll see in our App Store privacy label.
Email address
- What: the email returned by Sign in with Apple or Sign in with Google when you create an account.
- Why: to identify your account, sync your trips across your devices, and contact you about service changes that affect you (e.g. a security incident).
- Linked to your identity: yes.
- Used for tracking: no.
User content (trip prompts and chat history)
- What: the prompts you type ("4 days in Lisbon, easy pace, love food"), the refinement messages you send to the AI, and the generated itineraries themselves.
- Why: to build your itinerary, let you refine it conversationally, and let you reopen past trips on any of your devices.
- Linked to your identity: yes — we associate your trips with your account.
- Used for tracking: no.
Purchase / subscription identifiers
- What: an opaque user identifier provided to our subscription manager (RevenueCat) along with the receipt Apple issues for your in-app purchase. We never see your credit card or Apple ID password — that stays with Apple.
- Why: to know whether your subscription is active and unlock features accordingly.
- Linked to your identity: yes.
- Used for tracking: no.
Diagnostics (crash & performance reports)
- What: if the app crashes or hits an unexpected error, we record a stack trace, the device model, OS version, and app version. We do not record your trip content in crash reports.
- Why: to fix bugs.
- Linked to your identity: no — diagnostics are pseudonymous.
- Used for tracking: no.
2. What we do not collect
- We do not use third-party advertising or tracking SDKs.
- We do not share data with data brokers.
- We do not use your data to track you across other companies' apps or websites. (App Tracking Transparency: we do not call
requestTrackingAuthorization.) - We do not request access to your contacts, photos, microphone, or HealthKit.
- We do not request your precise location. If you tap "use my location" to plan a trip from where you are, we use the coarse location your device returns and only at that moment.
3. Service providers we use
To deliver the app we share specific data with the following processors. Each is bound by a data-processing agreement.
| Provider | Purpose | Data shared |
|---|---|---|
| Apple | App distribution, Sign in with Apple, in-app purchase processing | Email (relay or real, your choice), purchase receipt |
| Sign in with Google (optional) | Email, name (only if you choose this sign-in method) | |
| Supabase | Account database & authentication backend | Account ID, email, your saved trips |
| OpenAI | AI itinerary generation | Your trip prompt and refinement messages. We send no email or account ID — only the prompt text. Per OpenAI's API policy, your prompts are not used to train their models. |
| Google Maps Platform | Places, routing, weather data shown in your plans | City name and search queries (no personal data) |
| RevenueCat | Subscription state management | Pseudonymous user ID, Apple purchase receipt |
| Sentry | Crash & error reporting | Stack traces, device model, OS version, app version (no trip content) |
Some of these providers are based in the United States. By using Skir you understand that your data may be processed there. We rely on Apple's Standard Contractual Clauses and each provider's published transfer mechanism to handle this lawfully.
4. How long we keep things
- Account & trip content: as long as your account exists. Delete the account from inside the app (Settings → Account → Delete) and we erase it within 30 days.
- Diagnostics: 90 days, then deleted automatically.
- Backups: rolling 30-day backups; deleted records are purged from backups within that window.
5. Your rights
Wherever you live, you can ask us to:
- Confirm what personal data we hold about you.
- Export a copy of your trips (we'll send a JSON file).
- Correct anything inaccurate.
- Delete your account and all associated data.
- Object to or restrict processing.
You can do most of this directly in the app (Settings → Account). For anything else, email privacy@skir.app and we'll respond within 30 days.
If you're in the EEA, UK, or Switzerland, you can also lodge a complaint with your local data-protection authority. If you're in California, you have rights under the CCPA/CPRA — we don't sell or "share" personal information for cross-context behavioral advertising, so opt-out doesn't apply, but the access/deletion rights above still do.
6. Children
Skir is not directed to children under 13 (or under 16 in the EEA / UK). We don't knowingly collect data from them. If you believe a child has used the app, contact us and we'll delete the account.
7. Security
We use TLS in transit and at-rest encryption on every database that holds your data. Authentication tokens are stored in the iOS Keychain. No system is perfect, so if we ever discover a breach that affects you, we'll notify you and the relevant authorities as required by law.
8. Changes to this policy
If we change this policy materially, we'll notify you in-app before the change takes effect. Older versions are kept in this site's git history.
9. Contact
Questions, requests, or complaints: privacy@skir.app.