Privacy Policy
Last updated: 7 June 2026
Your travel story is yours. This policy explains, in plain English, what data Wanderpass collects, why, and the rights you have over it under the EU General Data Protection Regulation (GDPR).
1. Who is responsible for your data
The data controller for Wanderpass is Pablo, based in Spain. For any privacy question or request, email us at hello@wanderpass.app.
2. Data we collect
- Account data: your email address and a password (stored securely hashed by Supabase Auth), or — if you use Google sign-in — the basic profile Google shares with us (email, name, and avatar).
- Profile data: your @handle, display name, bio, avatar, current location, and Instagram link — whatever you choose to add.
- Travel data:the countries you've visited and their visit years, your wishlist, who you follow, and your notifications.
- Technical data: essential session cookies (set by Supabase to keep you logged in), and basic device/log data. We use Vercel Analytics, which is privacy-friendly, cookieless, and does not collect personally identifying information.
3. How we use your data
- To create and secure your account and log you in;
- To run the core product: your stamps, wishlist, map, and public profile;
- To power social features — your home feed, follows, and real-time notifications;
- To generate the share images for your profile and stamps;
- To understand usage at an aggregate level and improve Wanderpass.
4. Legal bases (GDPR Article 6)
We only process your data when we have a legal basis to do so:
| What we do | Legal basis |
|---|---|
| Create your account and provide the core service | Performance of a contract |
| Social features and product analytics/improvement | Our legitimate interests |
| Optional profile fields (e.g. current location, Instagram) | Your consent |
5. Your information is public by design
Your @handle profile — including your stamps, wishlist, map, bio, current location, and Instagram link — is public. Anyone with the link can see it, and it may be indexed by search engines and AI tools. Please only add details you're comfortable sharing publicly.
6. Who we share data with
We do not sell your personal data. We share it only with the service providers (sub-processors) we rely on to run Wanderpass:
| Provider | Purpose | Privacy policy |
|---|---|---|
| Supabase | Accounts, database, storage | supabase.com/privacy |
| Optional sign-in (OAuth) | policies.google.com/privacy | |
| Mapbox | Interactive maps | mapbox.com/legal/privacy |
| Vercel | Hosting and cookieless analytics | vercel.com/legal/privacy-policy |
7. International data transfers
Some of our providers are based in the United States, so your data may be transferred and processed outside the EU/EEA. Where that happens, the transfer relies on appropriate safeguards such as the EU Standard Contractual Clauses or an adequacy decision.
8. How long we keep your data
We keep your data for as long as your account is active. When you delete your account, we delete your associated personal data without undue delay, except for the minimal records we're legally required to keep.
9. Your rights under the GDPR
You have the right to:
- Access the personal data we hold about you;
- Correct inaccurate or incomplete data;
- Erase your data ("right to be forgotten");
- Restrict or object to certain processing;
- Receive your data in a portable format;
- Withdraw consent at any time, where processing is based on consent.
To exercise any of these, email hello@wanderpass.app. You also have the right to lodge a complaint with the Spanish Data Protection Authority, the Agencia Española de Protección de Datos (AEPD).
10. Cookies
Wanderpass uses only essential cookies— the session cookies Supabase needs to keep you signed in. We don't use advertising or third-party tracking cookies, and our analytics (Vercel Analytics) is cookieless. Because of this, we don't maintain a separate cookie policy.
11. Children
Wanderpass isn't intended for anyone under 16, and we don't knowingly collect data from children. If you believe a child has given us data, contact us and we'll remove it.
12. How we protect your data
Your data is stored with Supabase using encryption in transit and at rest, passwords are hashed, and access to the database is restricted by row-level security policies so users can only reach data they're allowed to see.
13. Changes to this policy
We may update this policy as Wanderpass evolves. We'll update the date at the top and, for material changes, let you know where appropriate.
14. Contact
For any privacy question or request, email hello@wanderpass.app.