Privacy Policy

1. Introduction

This Privacy Policy explains how Meezi Inc. (株式会社MEEZI), a company incorporated in Japan ("Meezi", "we", "us", or "our"), collects, uses, stores, and protects your personal information when you use the Meezi mobile application and related services (collectively, the "Service").

We are committed to data minimization. We collect only the information necessary to provide and improve the Service. We do not ask for your real legal name, and when you sign in with a third-party provider such as Apple or Google, we do not save the name or profile picture they share with us.

By using the Service, you agree to the practices described in this Privacy Policy.

2. Eligibility

The Service is intended for users 18 years of age or older. By creating an account, you confirm that you are at least 18 years old. If we learn that we have collected information from a person under 18, we will delete the account and associated information promptly.

Younger family members may benefit from the Service when traveling with an account holder, but only adults aged 18 or older may create accounts and agree to our Terms of Service.

3. Information We Collect

3.1 Information you provide directly

When you create an account and use the Service, you may provide:

• Email address (required for account creation)
• Password (encrypted; we never see your plaintext password)
• Nickname — a display name you choose. A randomly generated default value is shown on sign-up, which you can replace with any name you prefer.
• Country (your country of residence)
• Date of birth (used to verify that you are 18 or older)
• Bio (optional self-introduction)
• Travel preferences, including:
  • Who you travel with (solo, couple, friends, family)
  • Travel style (budget-friendly, balanced, treat yourself)
  • Travel pace (relaxed, balanced, packed)
  • Interests (food, cafés, culture, nature, nightlife, shopping, history, art, wellness, anime & gaming, relaxation)
  • Transit preference (walking, transit, mixed)
• Itineraries you create, including destinations, dates, and saved spots
• User-generated content, including:
  • Photos and videos you upload
  • Captions, comments, and travel tips you write
  • Location information attached to your posts
  • Hashtags and other metadata you add
• Profile picture (only if you choose to upload one)
• How you heard about Meezi (acquisition source, optional)
• Payment information (processed by Stripe; see Section 6)
• Communications you send us (support emails, feedback)

Photos and videos may contain embedded metadata (such as location, time, and device information). We extract only the metadata necessary for the Service and do not display embedded metadata to other users.

3.2 Information from third-party sign-in providers

If you sign in with Apple or Google, the provider sends us:

• Your email address
• A unique provider-issued identifier (used to recognize you when you sign in again)

We do not save your real name or profile picture that these providers may send. When you sign in via a third-party provider, you will be asked to set your Nickname before using the full Service.

3.3 Sign-in technical information

When you sign in, our authentication system (Supabase) automatically records technical information needed to keep you signed in safely:

• Which sign-in method you used (email, Apple, or Google)
• When you signed in
• Secure session tokens that let you stay logged in

This information is used solely to keep your account secure. We do not use it for marketing or profiling, and we do not share it with third parties.

3.4 Location information

With your permission, we collect:

• Real-time location while you use the Service, to recommend nearby spots and power location-aware features in your itinerary
• Movement and dwell behavior during your trip, used to improve recommendations and adapt itineraries to how you actually travel
• Background location when network connectivity is limited, to ensure location-based features continue to function

You can disable location access at any time through your device settings. Disabling location may limit certain features of the Service.

3.5 Usage and behavior information

To improve the Service, we collect:

• In-app actions such as saves, taps, screen views, and feature usage
• Itinerary creation patterns to optimize our AI-generated recommendations
• Device information, including device model, operating system version, and language settings
• Crash and error logs (via Sentry) to diagnose and fix bugs

3.6 Information we do not collect

• We do not ask for your real legal name
• We do not collect your phone number
• We do not access your contacts, photo library, or camera roll (except for photos and videos you specifically choose to upload), microphone, or camera (except when you actively use the camera to capture content for upload)
• We do not use third-party advertising identifiers (IDFA, GAID) for tracking purposes

4. How We Use Your Information

We use your information to:

• Provide the Service: create and manage your account, generate itineraries, display recommendations, and enable trip-planning features
• Enable community features: display your posts (photos, videos, captions, tips, and location information) to other users as part of our community discovery features
• Personalize your experience: tailor recommendations based on your travel preferences, interests, pace, and past behavior
• Improve the Service: analyze aggregated usage patterns, fix bugs, and develop new features
• Communicate with you: respond to support requests, send service-related notifications, and (with your consent) send product updates
• Process payments: when you make a purchase, payment is handled by Stripe — Meezi does not store your card information
• Ensure safety and compliance: detect fraud, prevent abuse, and comply with legal obligations

We do not sell your personal information to third parties.

5. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your information are:

• Contract: processing necessary to provide the Service you signed up for (account, itineraries, recommendations)
• Consent: location access, marketing communications, and optional features (you may withdraw consent at any time)
• Legitimate interests: improving the Service, preventing fraud, and ensuring security
• Legal obligation: complying with applicable laws and regulations

6. Third-Party Services

We share information with the following service providers, who process data on our behalf under contractual confidentiality and security obligations:

• Supabase (database, authentication, file storage) — receives all account, profile, itinerary, and content data; servers operated in the United States and other regions
• OpenAI (AI-generated itinerary suggestions) — receives your travel preferences and itinerary inputs; does not receive your email, identity, or payment information
• Google Maps Platform (maps, places, geocoding) — receives location queries and place searches
• Apple Sign-In & Google Sign-In (third-party authentication) — receive sign-in requests when you choose these methods
• Stripe (payment processing) — receives your payment details directly; Meezi does not store card information
• Sentry (error and crash reporting) — receives anonymized error logs
• PostHog (product analytics) — receives aggregated usage events
• Travelpayouts (affiliate redirection to booking partners) — when external booking links are enabled and you click them, Travelpayouts receives a referral signal; once redirected, your interaction with the destination service (such as Booking.com, Agoda, Klook, Viator) is governed by their own privacy policy

We do not control how booking partners and other third-party destinations handle your information once you visit their sites.

7. International Data Transfers

Meezi is based in Japan. Some of our service providers (such as Supabase and OpenAI) operate servers in the United States and other countries. By using the Service, you understand that your information may be transferred to and processed in jurisdictions outside your country of residence.

For users in the EEA or UK, we rely on Standard Contractual Clauses or equivalent safeguards to protect your information during international transfers.

8. Data Retention

We retain your information for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain certain records to comply with legal obligations (such as tax records or fraud-prevention logs).

Aggregated or anonymized data that cannot be linked back to you may be retained for analytics purposes.

Note: certain categories of data, such as location traces used for trip tracking, are automatically deleted within 30 days of collection, even while your account remains active.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: request a copy of the personal information we hold about you
• Correction: ask us to correct inaccurate information
• Deletion: request that we delete your account and associated information (the right to be forgotten under GDPR)
• Portability: receive your information in a portable format
• Objection: object to certain types of processing (such as marketing)
• Withdrawal of consent: where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at ops@meezi-labs.com. To protect your account from unauthorized access, we may ask you to verify your identity before processing your request. We will respond within 30 days.

10. Security

We implement reasonable technical and organizational measures to protect your information, including:

• Encryption in transit (HTTPS) and at rest
• Access controls limited to authorized personnel
• Regular security reviews and dependency updates

No internet-based service can guarantee absolute security. If we become aware of a data breach affecting your information, we will notify you and the relevant authorities as required by law.

11. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us at ops@meezi-labs.com and we will promptly delete the account.

Children may participate in trips planned by an adult account holder as travel companions; however, the account itself must be held and managed by an adult aged 18 or older.

12. Cookies and Similar Technologies

The Meezi mobile application uses local device storage to maintain your session and remember your preferences. We do not use third-party advertising cookies or cross-site tracking technologies.

Our website (themeezi.com) may use limited cookies for essential functionality and aggregated analytics. By using our website, you consent to such use.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Service or by email and will indicate the effective date of the revised Policy in that notice or with the updated Policy in the app or on our website. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us at:

For requests under GDPR, CCPA, or APPI, please indicate the specific right you wish to exercise in your message.