Legal
Privacy Policy
This policy explains how GuVarda processes personal data when you use the platform, including legal bases, retention, and rights.
Last updated · policy version 2026-04-23.1
Data controller
GuVarda is the data controller for processing activities described in this policy. For any question about your data you can contact the privacy team through the support channels listed in the legal section of the application.
Data protection contact
Privacy requests (access, rectification, deletion, objection, portability) can be sent through the support channels linked in the platform's legal section. Where required by law we appoint a Data Protection Officer; the current contact point is disclosed here and in the app footer.
Purposes and legal bases
We process personal data for the following purposes: • Account registration and authentication — art. 6(1)(b) GDPR (performance of contract). • Publishing, sharing and moderating itineraries, stages, comments and media — art. 6(1)(b). • Consent logging for cookies and tracking — art. 6(1)(c) (legal obligation under GDPR art. 7(1) and ePrivacy art. 5(3)). • Anonymous view-count deduplication via a server-side fingerprint (SHA-256 hash of IP, user-agent, Accept-Language) — art. 6(1)(f) (legitimate interest in aggregated metrics and abuse prevention). Retention: 90 days, then the fingerprint is nulled. • Product analytics via Google Analytics 4 — art. 6(1)(a) (consent). Loaded only after you opt-in to the analytics category. • Transactional email (verification, password recovery, inactivity warnings) via Brevo — art. 6(1)(b). • Geocoding and routing for itinerary planning via Photon (Komoot) and/or Stadia Maps and Mapbox — art. 6(1)(b). Only free-text queries and GPS coordinates are sent, never account data. • Optional AI text suggestions inside the editor via OpenAI or GitHub Models (Microsoft), depending on deployment configuration — art. 6(1)(b). Only the draft text you provide is sent to generate suggestions. • Admin audit log of privileged actions — art. 6(1)(f) (legitimate interest in accountability).
Categories of processed data
Account: email, hashed password (local accounts), OAuth provider identifiers (Google), nickname, profile fields, last login timestamp. Authentication: refresh-token metadata, email-verification token metadata. Content: itineraries (title, slug, description, status), stages and waypoints (coordinates), comments, likes, bookmarks, reports. Media: avatars, stage and cover images stored in object storage. Consent: pseudonymous identifier, policy version, per-category decisions, action, timestamp, locale, salted IP hash, user-agent. Technical: server-side anonymous fingerprint (hashed), request logs without email or raw PII, trace ids, admin audit entries.
Recipients and processors
We rely on the following processors to run the service: • Google LLC — Google Sign-In (authentication) and, if you consent, Google Analytics 4 (analytics). • Brevo (Sendinblue) — transactional email delivery. • Photon (Komoot, EU) and Stadia Maps — geocoding. • Stadia Maps and/or Mapbox — road routing. • OpenAI, L.L.C. or GitHub Models (Microsoft) — AI text suggestions in the editor, depending on deployment configuration. • MinIO (self-hosted) or AWS S3 — media object storage. The up-to-date list with data transferred, country of processing and legal mechanism is maintained in the internal processors register and is available to supervisory authorities on request.
International transfers
Some processors listed above are established outside the European Economic Area. In those cases the transfer is covered by appropriate safeguards under GDPR art. 46, typically Standard Contractual Clauses (2021/914) and, where applicable, the EU-US Data Privacy Framework. A copy of the safeguards can be requested through the privacy contact.
Retention periods
We keep data only for as long as it is needed for the purpose it was collected for: • Account and profile data — until you delete your account or until inactivity triggers the lifecycle purge (24 months without login → warning email → 30-day grace period → hard deletion). • Refresh tokens — 30 days past their expiry date. • Email-verification tokens — 7 days past their expiry date. • Consent logs — 24 months from recording. • Admin audit log — 12 months. • Anonymous view fingerprints — 90 days, then set to NULL; the view count itself is retained as an aggregated counter. • Uploaded media — as long as the linked content exists; on account deletion the avatar and unreferenced media are removed from storage. • Published itineraries after account deletion — retained online in anonymized form (`author` shown as deleted user) as described in the Terms of Service.
Your rights
You have the right to access, rectify, erase, restrict, port your data and to object to processing where applicable. You can exercise most of these rights directly: • Access / portability — profile → Privacy → “Download my data”. The export is a structured JSON archive. • Rectification — profile edit, plus a dedicated email-change flow with verification of the new address. • Erasure — profile → Privacy → “Delete my account”. A double confirmation is required. Consequences are described in the Terms of Service. • Withdraw cookie consent — “Manage cookie preferences” link in the footer and on the legal pages. For any request that cannot be completed through self-service, use the privacy contact listed in the legal section.
Complaints
If you believe your personal data has been processed unlawfully you can lodge a complaint with your local data protection authority. In Italy: Garante per la protezione dei dati personali (https://www.garanteprivacy.it).
Automated decision-making
GuVarda does not take solely automated decisions producing legal or similarly significant effects on users. AI text suggestions are proposals inside the editor that you review and accept manually.