Privacy Policy

Last Updated: January 20, 2026

Introduction

Welcome to havebeen ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, share, and protect your information when you use our mobile applications (iOS and Android) and website at havebeen.at (collectively, the "Service").

By using havebeen, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide to Us

Account Information:

  • Username (optional, for public profiles)
  • Email address
  • Password (encrypted and never stored in plain text)

Travel Data:

  • Countries you've marked as visited or wishlist
  • Cities you've marked as visited or wishlist
  • Trips you've created (dates, destinations, notes)
  • Travel statistics (automatically calculated from your data)

Social Features:

  • Friend connections (via share codes)
  • Public profile preferences

1.2 Information Collected Automatically

Usage Data:

  • Device type and operating system
  • App version
  • Features you use within the app
  • Crash reports and error logs
  • Session duration and frequency

Technical Data:

  • IP address
  • Browser type and version
  • Time zone and location (general, not precise)
  • Device identifiers

1.3 Information We DO NOT Collect

We do not collect:

  • Precise geolocation data (GPS coordinates)
  • Photos or media files
  • Contacts from your device
  • Credit card or payment information (the app is free)
  • Biometric data (authentication is handled by your device)
  • Third-party social media data

2. How We Use Your Information

2.1 To Provide and Improve the Service

  • Display your travel map and statistics
  • Enable trip tracking and organization
  • Calculate travel statistics
  • Sync your data across devices
  • Improve app performance and fix bugs
  • Develop new features

2.2 To Enable Social Features

  • Connect you with friends via share codes
  • Display friend comparisons
  • Generate public profile pages (if you choose)
  • Enable sharing of your travel passport

2.3 To Communicate with You

  • Respond to your support requests
  • Send important service announcements
  • Notify you of app updates (if you opt-in)

2.4 To Ensure Security

  • Detect and prevent fraud or abuse
  • Protect against security threats
  • Maintain data integrity

3. How We Share Your Information

3.1 Public Profiles

If you create a public profile (e.g., havebeen.at/u/yourname), the following information is visible to anyone with the link:

  • Your username
  • Countries and cities you've marked as visited
  • Your travel statistics
  • Your travel map visualization

You can make your profile private at any time.

3.2 Friends

Users you've connected with via share codes can see:

  • Your travel map
  • Your countries and cities visited
  • Your travel statistics

3.3 Service Providers

We use the following third-party services:

  • Supabase: Database & Authentication - stores your account data and travel information
  • Vercel: Web app hosting

We NEVER Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Storage and Security

4.1 How We Protect Your Data

We implement industry-standard security measures:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Secure password hashing
  • Regular security audits
  • Access controls and authentication
  • Secure API endpoints

4.2 Data Retention

We retain your data for as long as:

  • Your account is active
  • Needed to provide the Service
  • Required by law

You can delete your account and all data at any time (see Section 6).

5. Your Rights and Choices

5.1 Access and Portability

  • Access: View all data we have about you
  • Export: Download your travel data in a portable format
  • How: Email hi@2pr.io to request your data

5.2 Correction and Deletion

  • Correct: Update incorrect information in app settings
  • Delete: Request complete account deletion
  • How: Use in-app settings or email hi@2pr.io

5.3 Privacy Controls

  • Make your profile public or private
  • Control who can see your travel data
  • Refresh or revoke friend access codes
  • Opt-out of non-essential communications

6. How to Delete Your Account

To permanently delete your account and all associated data:

Option 1: Email

Email hi@2pr.io with the subject "Delete My Account" and include your username or email address.

Warning: Cannot Be Undone

Account deletion is permanent and cannot be reversed. Your account will be deleted within 30 days, and all travel data, trips, and statistics will be removed.

7. Children's Privacy

havebeen is not intended for children under 13 years of age (or 16 in Europe). We do not knowingly collect personal information from children.

If you believe we have inadvertently collected data from a child, please contact us immediately at hi@2pr.io and we will delete it.

8. European Users (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, you have additional rights under GDPR:

Your GDPR Rights:

  • Right to access your data
  • Right to rectification (correction)
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

Exercise Your Rights: Email hi@2pr.io with your request. We will respond within 30 days.

9. California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

Your CCPA Rights:

  • Right to know what data we collect
  • Right to delete your data
  • Right to opt-out of data sales (we don't sell data)
  • Right to non-discrimination

How to Exercise Rights: Email hi@2pr.io or use in-app settings.

10. Changes to This Privacy Policy

We may update this privacy policy from time to time. When we do:

  • We'll update the "Last Updated" date at the top
  • For material changes, we'll notify you via in-app notification or email
  • Your continued use after changes means you accept the updated policy

We encourage you to review this policy periodically.

11. Contact Us

If you have questions, concerns, or requests regarding this privacy policy or your data:

Email: hi@2pr.io

We aim to respond to all inquiries within 5 business days.

Summary (TL;DR)

We collect: Your travel data, account info, and basic usage data

We use it to: Show your travel map, sync across devices, improve the app

We share: Only what you choose (public profiles, friends), never sell your data

We protect: Industry-standard encryption and security

You control: Make profile private, delete account anytime, export your data

We respect: GDPR, CCPA, and your privacy rights

Questions? Email hi@2pr.io