Back to home
Legal

Privacy Policy

Last updated: 1 May 2025

GoNoSolo ("we", "our", or "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, why we collect it, and how you can control it. By using GoNoSolo you agree to the practices described here.

1. Information We Collect

Account information

When you register we collect your full name, email address, and password hash. If you sign up via Google OAuth, we receive your name and email from Google — no password is stored.

Profile information

You may optionally provide a profile photo, bio, home city and country, languages spoken, travel experience level, and travel style tags. This information is displayed publicly to other users.

Identity verification

If you choose to verify your government ID, we collect your ID document image solely for verification purposes. We do not retain raw ID images after verification is complete — only the resulting verified status is stored.

Trip and activity data

We collect information about trips you create, join requests you submit, messages you send within trip chats, and feedback you leave after trips.

Device and usage data

We automatically collect your IP address, browser type, operating system, pages visited, and timestamps. This helps us diagnose errors and improve the platform.

2. How We Use Your Information

  • Provide, maintain, and improve the GoNoSolo platform
  • Match you with compatible co-travelers and display your public profile
  • Calculate and display your trust score based on verified actions
  • Send transactional emails such as trip updates, join-request notifications, and account alerts
  • Detect fraud, abuse, and safety violations
  • Respond to support requests and legal enquiries
  • Conduct anonymised analytics to understand how the platform is used

We do not sell your personal data to third parties, use it for advertising profiling, or share it with data brokers.

3. Information Sharing

With other users

Your public profile (name, photo, bio, travel style, trust score, and verification badges) is visible to all registered users. Trip messages are visible only to members of that trip.

With service providers

We share data with infrastructure partners — currently Supabase (database and authentication) — solely to operate the platform. These providers are contractually bound to protect your data and may not use it for any other purpose.

Legal requirements

We may disclose personal data when required by law, court order, or to protect the safety of our users or the public.

4. Cookies & Tracking

We use strictly necessary cookies to maintain your authenticated session. These are set by Supabase and expire when you sign out or after 7 days of inactivity.

sb-access-tokenAuthenticated session token1 hour
sb-refresh-tokenSession renewal7 days
__gsno_themeYour dark/light mode preference1 year

We do not use advertising cookies or cross-site tracking pixels. You can clear cookies via your browser settings at any time, which will sign you out.

5. Data Security

All data is transmitted over TLS (HTTPS). Passwords are hashed using bcrypt and never stored in plain text. Database access is controlled by row-level security policies — users can only access data they are authorised to see. We conduct periodic security reviews and follow OWASP guidelines. Despite these measures, no system is 100% secure; please use a strong, unique password and enable two-factor authentication when available.

6. Your Rights

Depending on your jurisdiction you may have the right to:

  • Access a copy of the personal data we hold about you
  • Correct inaccurate or incomplete information
  • Delete your account and associated personal data
  • Object to or restrict certain types of processing
  • Export your data in a machine-readable format (data portability)
  • Withdraw consent for optional processing at any time

To exercise any of these rights, contact us at privacy@gonosolo.com. We will respond within 30 days.

7. Third-Party Services

Supabase
Database, authentication, and file storage
Privacy policy ↗
Google OAuth
Optional sign-in method
Privacy policy ↗
Vercel
Hosting and edge delivery
Privacy policy ↗
Unsplash
Default travel imagery
Privacy policy ↗

8. Children's Privacy

GoNoSolo is intended for users aged 18 and older. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account, please contact us immediately and we will delete the account and all associated data.

9. Changes to This Policy

We may update this policy from time to time. When we make material changes we will notify you by email (if you have an account) and update the "Last updated" date at the top. Continued use of GoNoSolo after changes take effect constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or how we handle your data:

Contact form: gonosolo.com/contact