Privacy Policy

Wayfarer ("we", "us", "our") is a travel organisation service operated at way-farer.io. We help you organise your travel bookings by reading confirmation emails you forward to us and building a structured itinerary automatically.

For any privacy questions, contact us at privacy@way-farer.io.

Account data: Your email address, collected when you sign in via magic link.

Booking emails: When you forward a booking confirmation to trips@way-farer.io, we receive and process the full content of that email. This may include your name, booking reference numbers, flight details, hotel names, dates, and other travel information contained in the email.

Trip data: The structured itinerary we build from your emails, plus any additional items you create manually.

Usage data: Basic server logs (IP address, timestamps, page visits) for security and performance monitoring.

Optional preferences: Airline preferences, hotel chains, dietary requirements — only if you choose to provide them in Settings.

We use your data to:

• Parse booking emails and build your itinerary automatically
• Provide the core Wayfarer service — displaying, organising, and updating your trips
• Send you the magic link sign-in email
• Improve our AI parsing accuracy using anonymised, aggregated patterns (never individual emails)
• Detect and prevent misuse of the service

We do not sell your data, use it for advertising, or share it with third parties except as described in Section 4.

Legal basis for processing (GDPR Art. 6): We process your personal data on the basis of contractual necessity (Art. 6(1)(b)) — parsing your booking emails and building your itinerary is the core service you have requested. Magic link authentication is necessary to provide you with a secure account. Optional features such as travel preferences are processed on the basis of your consent, which you may withdraw at any time from Settings.

We use the following third-party services to operate Wayfarer:

• Postmark (Wildbit LLC) — When you forward a booking confirmation to trips@way-farer.io, Postmark receives and routes the full email content to our email processing service before it is parsed. We have a Data Processing Agreement with Postmark. Privacy policy ↗
• Supabase — Authentication and database hosting. Your account data and trip data are stored in Supabase-managed PostgreSQL. Privacy policy ↗
• Anthropic (Claude AI) — We send the text content of your booking emails to Anthropic's API to extract itinerary details. Anthropic does not use API inputs to train its models. Privacy policy ↗
• Google Places API — Used to look up location details (address, coordinates, phone number) when you search for a place. Search queries you type are sent to Google. Privacy policy ↗
• Vercel — Web application hosting and edge network. Privacy policy ↗

We retain your account data and trips for as long as your account is active. Raw email bodies are not stored — only the structured itinerary data extracted from them. If you delete a trip, it is permanently removed from our database. You can delete your account and all associated data at any time from Settings → Delete account, or by emailing privacy@way-farer.io.

If you are in the European Economic Area (EEA), you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict processing
• Data portability — receive your data in a machine-readable format

To exercise any of these rights, contact privacy@way-farer.io.

All data in transit is encrypted via HTTPS/TLS. Data at rest is encrypted in our database. We use Supabase Row-Level Security to ensure each user can only access their own data. We do not store your emails after parsing — only the structured itinerary data extracted from them.

Wayfarer uses one essential cookie: a session token set by Supabase to keep you signed in. We do not use tracking cookies, analytics cookies, or advertising cookies. The session cookie is deleted when you sign out.

We may update this policy from time to time. We will notify you of material changes by updating the "last updated" date above. Continued use of Wayfarer after changes constitutes acceptance of the updated policy.