Travel Story MakerTravel Story Maker

Legal

Privacy Policy

Last updated on May 22, 2026

1. Who we are

Travel Story Maker is operated by an independent team. This Privacy Policy explains how we collect, use and protect your personal data when you use our website and the related Service.

2. Data we collect

We collect only what is necessary to operate the Service:

  • Account data: email address, hashed password (or OAuth identifier when you sign in with Google), display name.
  • Usage data: anonymous metrics such as page views, browser type, locale and performance timings.
  • Content data: travel routes, photos and animations you create and store in your account.
  • Technical logs: short-lived server logs (IP address, request path, status code) kept for security and debugging.

We do not sell your personal data. We do not use third-party advertising trackers.

3. Legal basis

We process your data on the following legal bases (GDPR):

  • Contract — to provide the Service you signed up for;
  • Legitimate interest — to keep the Service secure, prevent abuse and improve quality;
  • Consent — for any optional cookie or feature where consent is required.

4. Cookies

We use a minimal set of cookies:

  • a session cookie for authentication (strictly necessary);
  • a preference cookie to remember your language and theme.

No advertising or cross-site tracking cookies are set.

5. Map and export providers

Map tiles are loaded from MapTiler and OpenStreetMap. Sign-in is provided by Google OAuth. These providers process technical data (IP, user-agent) as independent controllers, under their own privacy policies.

6. Data retention

  • Account data is kept as long as the account exists.
  • Routes and animations are kept until you delete them.
  • Server logs are kept up to 30 days.
  • Deletion requests are processed within 30 days.

7. Your rights

Under GDPR you have the right to:

  • access your personal data;
  • correct inaccurate data;
  • request deletion ("right to be forgotten");
  • export your data in a portable format;
  • object to or restrict certain processing;
  • lodge a complaint with your local data-protection authority (CNIL in France).

To exercise these rights, contact us via the Legal page.

8. Security

We host the Service on Microsoft Azure. Traffic is encrypted in transit (HTTPS/TLS). Passwords are stored hashed with industry-standard algorithms. Access to production data is restricted to authorized maintainers.

9. Children

The Service is not directed to children under 13. We do not knowingly collect personal data from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision.