Privacy Policy

We process personal data in particular to:

• provide the website and user accounts
• offer trip planning, favourites, vehicle profiles, reminders and export features
• handle premium memberships and payments
• provide optional AI, analytics and convenience features
• prevent misuse and ensure system stability and security

Depending on the situation, processing is based in particular on:

• Article 6(1)(b) GDPR for the performance of contractual services
• Article 6(1)(a) GDPR for consent-based optional features
• Article 6(1)(c) GDPR where legal obligations apply
• Article 6(1)(f) GDPR for a secure, stable and efficient service operation

When you access the website, we process technically required connection data such as IP address, timestamps, requested content, browser or device information and status data. This is necessary to deliver the website, analyse incidents and ensure secure operations.

We use Supabase for authentication, database access and application data storage. This includes user accounts, profile data, trips, favourites, reminders, AI histories, share links, error logs and other app data whenever this is required for the relevant feature.

You can register and sign in with email and password. We also offer optional Google sign-in and, on iOS, Sign in with Apple. During registration and sign-in we process the data required to create and access the account, especially the email address, login information, provider identifiers and technical session data.

After successful registration we create a profile with an internal user ID, email address and role information. If confirmation or sign-in emails are sent, this is done through Supabase authentication infrastructure.

When you use protected features, we process the content you store. Depending on your usage this can include profile information, trips, stops, favourites, vehicle profiles, budget and cost data, reminders and other planning information you enter.

We process this data so we can save your trip planning, display it in your account, synchronise it and let you reopen it later. Reminder features additionally use your trip data to provide time-based notices.

You can share trips via share links. We create a random share token and mark the respective trip as shared. Anyone who knows the link can access the shared content. You can revoke sharing at any time.

We also process your data when you use export features such as PDF or GPX exports. If you submit reviews, hints or other content, we process that content for display, quality assurance and feature improvement.

For paid premium memberships we use Stripe on the web and the platform billing systems Google Play and Apple App Store in the mobile apps. When you book a paid plan or manage a subscription, we process the data required for that purpose, especially internal user IDs, email address, your stored name if applicable, plan information, payment status, provider customer and subscription identifiers, purchase tokens or transaction identifiers and billing events.

The actual payment is handled directly by Stripe, Google Play or Apple App Store, depending on where you subscribe. We receive the status and matching information needed for contract fulfilment, billing, fraud prevention, support and bookkeeping. We also store billing reference data such as Stripe IDs, Google Play purchase tokens, Apple original transaction IDs and email snapshots in our application database for internal assignment.

If you delete your account and a Stripe customer object is linked, we cancel active Stripe subscriptions and delete the Stripe customer object automatically. Mobile subscriptions must also be managed through Google Play or the App Store. Legally required invoicing, payment and bookkeeping data may remain with the respective payment provider or in our records for the statutory retention period.

When you use OwlAI, we process your prompts and the context sent with them, such as trips, stops, favourites, route data, budgets, place information or detail context, if this is required for the requested answer. We also store chat histories and metadata so conversations can be resumed and answers can be traced.

AI responses are generated through external AI providers configured by us. Depending on the current system configuration, OpenAI-compatible and or Anthropic-compatible services may be used. These features are used only to provide the AI assistance you requested.

We use technically necessary storage mechanisms for sign-in and session management, security, feature states and local convenience functions. This includes authentication and session data, local consent storage and technical markers for cache and service-worker clean-up.

The browser may use cookies, local storage, session storage and cache storage for these purposes. Without these mechanisms, essential parts of the website could not be operated securely or reliably.

For optional features we use a consent-management system with the categories Analytics and Marketing. Your choice is stored both in the camperplaner_consent cookie and in local storage so it can be respected during later visits.

Without your consent, the related optional features stay disabled. You can reopen the consent settings at any time via the footer or privacy controls in the website and change or withdraw your selection for the future.

If you consent to Analytics, we load our Rybbit instance at rybbit.arican.eu. Usage and technical data required for reach measurement, page views and web-usage analysis are processed there. The Rybbit integration remains disabled until you consent.

The Google Ads tag (AW-926389838) is loaded when the page opens so Advanced Consent Mode can send Google a denied consent state and cookieless pings before consent. Before Marketing consent, ad_storage, ad_user_data, ad_personalization and analytics_storage remain denied and no Google Ads cookies are intentionally enabled. If you consent to Marketing, we update Consent Mode for Google Ads conversion measurement, personalized ads and remarketing: ad_storage, ad_user_data and ad_personalization are granted; analytics_storage is granted only if Analytics consent is also active. Google Ireland Limited and Google LLC may process technical data such as IP address, browser and device information, page URL, referrer, timestamp, consent state, random identifiers, ad-click identifiers and conversion events; third-country transfers may occur. If consent is withdrawn, we send denied values again and clear known Google Ads cookies as far as technically possible.

We also use Sentry/Bugsink-compatible error monitoring to detect runtime errors, server errors, failed resource loads, unhandled rejections and stability issues. Current URL, app version, technical error messages and similar diagnostics may be processed. Client-side transmissions to error monitoring are only allowed after Analytics consent.

We use external services for map and place-related features. Mapbox maps, geocoding and routing are required functional services for route planning and place search. Depending on the feature in use, requests may also be sent to WeatherAPI, Wikimedia Commons, Wikidata, Mapillary and open geodata sources such as OpenStreetMap.

This can include IP address, browser or device information, timestamps, coordinates, search queries, requested places or specific resources. This applies not only to the map itself, but also to route calculations through the Mapbox Directions API and free-form place lookups through the Mapbox Geocoding API.

If you actively use reminder or notice features, we may use browser or mobile app notifications. Such notifications are only used if you have allowed them in your browser or operating system. We process the underlying trip data, reminder times, notification permission status and mobile push tokens so the requested notification can be triggered through browser push, Expo Push, FCM or APNs.

If you contact us through the contact form or by email, we process your name, email address, topic, subject, message and technical metadata such as language, current URL, timestamp, browser information and a shortened or hashed abuse-protection marker so we can handle your enquiry and respond to follow-up questions.

Contact-form requests are stored in our admin inbox. For new requests we may send a notification to the configured support mailbox; the required mail-server settings are managed in the admin settings. Administrators may add internal notes and then reply to you by email.

We transfer personal data to third parties only to the extent necessary to provide the website and apps, deliver requested features or comply with legal obligations. Recipients may include hosting, authentication, database, analytics, monitoring, payment, app-store, push, map, weather, AI and media services, including Supabase, Stripe, Google, Apple, Expo, Mapbox and the currently configured AI providers.

Where providers outside the EU or EEA are used, or where they can access data there, third-country transfers may occur. In such cases we seek an adequate level of protection, especially through adequacy decisions or suitable contractual safeguards.

We store personal data only for as long as this is required for the respective purposes or as long as legal retention obligations apply. Account data, trips, favourites, reminders, AI histories and other user-related content are generally stored while your account exists or while storage is necessary for the relevant feature.

When you delete your account, we remove private export files, private submission upload files and account-related application data before or together with deletion of the authentication account. Public place or editorial media can remain without an account link where this is required for rights notices, abuse protection or the integrity of published content. For error analysis and proof of deletion we keep a minimal deletion log without foreign keys to the deleted account, in particular the timestamp, request source and technical result values.

Billing and bookkeeping data for premium memberships are stored in line with statutory retention periods, usually for up to ten years. Contact requests, admin notes and support replies are stored only as long as needed for handling, evidence and abuse protection. Consent decisions are generally stored for up to twelve months or until you change them; technical logs and error messages are kept only as long as needed for security, error analysis and stable operation.

Subject to the statutory requirements, you have the following rights in particular:

• right of access
• right to rectification
• right to erasure
• right to restriction of processing
• right to data portability
• right to object to certain processing activities
• right to withdraw consent with future effect

You have the right to lodge a complaint with a data-protection supervisory authority regarding the processing of your personal data.