Loading your adventure...
Loading your adventure...
We are committed to protecting your personal information and being transparent about how we collect, use, and safeguard it.
Last updated: May 11, 2026
We collect information you provide directly, such as your name and email address (when you sign up or subscribe to the newsletter), travel preferences, AI quiz responses, and trip plans you create or save. We also collect data stored locally in your browser (theme preference, gamification progress, quiz results), optional push notification tokens (only if you grant permission), referral codes you generate or apply, and aggregated analytics about how the service is used. We collect only what is needed to operate, improve, and personalize the service.
OjoyLife uses your browser's localStorage and sessionStorage to remember preferences and progress on your device. This includes your theme preference (ojoylife-theme), gamification points and streaks (ojoylife-points, ojoylife-streak), badges and level progress, AI travel quiz results, your referral code, and session-only flags for the activity feed and exit-intent popup. This data lives in your browser and is not shared with third parties. You can clear it at any time through your browser settings or by signing out and clearing site data. We use strictly necessary cookies for authentication and security; optional analytics cookies are only set when consent is provided where required.
Your data is encrypted in transit (TLS) and at rest using industry-standard encryption. We implement strict access controls, principle-of-least-privilege for staff, regular dependency and security reviews, and follow recognized security best practices. While no system can guarantee absolute security, we work continuously to safeguard your information and respond promptly to any incidents.
We use your information to provide AI-personalized travel recommendations, generate trip itineraries, deliver newsletter emails you opted into, track gamification progress (points, streaks, badges), attribute referral rewards, send optional push notifications you have enabled, improve our AI models and product experience, prevent abuse and fraud, and comply with legal obligations. We do not use your personal data to make automated decisions that produce legal effects about you.
We do not sell your personal data. We share information only with trusted service providers who help us operate the platform: Supabase (primary database and authentication), Google Cloud Firebase / Cloud Firestore (parallel database for newsletter subscribers and selected features as we migrate; data is hosted in Google Cloud regions), Resend (transactional and newsletter email delivery), AI providers such as Google Gemini and other large-language-model vendors (for chat and recommendation generation), travel data providers such as Amadeus, Viator, and Google Places (live flight, hotel, and experiences search is available to every signed-in user — your search inputs are sent to these providers to fetch real fares and availability), transport and restaurant aggregators such as Rome2Rio, OpenTable, Uber, and KAYAK (we generate provider links from your search inputs; clicking through opens the provider site under their own privacy policy), and Stripe (payment processor — see "Payments & Stripe" below). Each provider is bound by contractual data-protection commitments and processes data only to deliver the service to you. We may also disclose information when required by law or to protect rights, safety, and security.
Payments for paid subscriptions (Standard at $19.99/month or $159/year, Premium at $49.99/month or $399/year) are processed by Stripe Inc. and Stripe Payments Europe Limited (collectively, "Stripe"), an independent payment processor and a separate data controller for the data Stripe needs to process your payment and prevent fraud. When you subscribe, your card details are entered directly into Stripe's PCI-DSS Level 1 hosted Checkout — they never touch OjoyLife servers. We share with Stripe: your account email, your name (if provided), your billing address, the plan you selected, and an opaque internal user identifier so we can match the payment back to your account. Stripe may collect additional information directly from you (card details, billing address, IP address, device fingerprint) for fraud prevention. Where Stripe Tax is enabled, Stripe also receives the country and (in some jurisdictions) the postal code on your billing address so it can compute the correct US sales tax, EU/UK VAT, GST, etc., and we may receive a VAT/GST/ABN identifier from business customers via Stripe's Tax ID Collection. Stripe processes this data under its own privacy policy at https://stripe.com/privacy and may transfer data to the United States; international transfers are protected by Standard Contractual Clauses and the EU-US Data Privacy Framework where applicable. We retain billing records (invoices, payment dates, plan history) for as long as required by tax, accounting, and consumer-protection law (typically up to 10 years for invoices in many jurisdictions). You can manage your card, download invoices, switch plans, and cancel anytime via "Manage Billing" in your profile, which opens the Stripe Customer Portal. We never store full card numbers, CVCs, or bank account details on our servers. The OjoyLife entity that contracts with Stripe is JOMARTHEL LLC (Virginia, USA).
After every successful or failed payment, two emails are sent: (a) the default Stripe-hosted receipt with the line-item breakdown, hosted invoice URL and PDF download, and (b) an OjoyLife-branded confirmation email summarising the plan, amount (including any tax line), card last-4, next renewal date, links to manage billing, the refund policy and support, and the legal billing entity. The branded email is delivered through our transactional email provider Resend — see "Third-Party Sharing" — and is sent only to the email address on your OjoyLife account. We never share billing receipts with third parties for marketing. To stop receiving renewal receipts, cancel your subscription via the Stripe Customer Portal — you will then only receive a final cancellation confirmation. Receipts cannot be unsubscribed-from while a subscription is active because they are required by consumer-protection regulators in most jurisdictions.
To help travellers discover OjoyLife, we register the site with Google Search Console, Bing Webmaster Tools, Yandex Webmaster, and (where relevant) Baidu Webmaster. Each console requires a one-time domain verification token rendered in the page <head> meta tags — the token itself contains no personal data. Search engines also crawl our public pages following the rules in our /robots.txt and may show search snippets, structured-data rich results, and (via the WebSite SearchAction schema) a sitelinks search box for branded queries. We do not pass any personal data to search-engine consoles; only aggregated traffic metrics that they collect themselves from their own crawlers and search-result pages.
Newsletter signup is opt-in. When you provide your email to subscribe, we use Resend to deliver our newsletter and product updates. Every newsletter email includes a one-click unsubscribe link, and you can also email us to be removed. We do not share your email with third parties for their own marketing. If you sign up for an account, you may receive transactional emails (account, security, billing) that are not marketing and are necessary to provide the service.
Push notifications are entirely optional. They require an explicit browser permission prompt that you can accept, decline, or revoke at any time in your browser settings. If you opt in, we use the resulting subscription token only to send notifications related to your trips, deals you opted into, gamification milestones, or important account updates. We never use push notifications for third-party advertising. You can disable push notifications at any time through your browser site settings without affecting other parts of the service.
We use privacy-respecting analytics to understand aggregate usage and improve OjoyLife. When Google Analytics 4 (GA4) is enabled, we configure it with IP anonymization and do not enable cross-site advertising features or Google Signals. We do not engage in cross-site behavioral tracking, and we do not build advertising profiles about you. Where required, analytics is only enabled after consent. You can opt out via your browser, ad-blocking extensions, or our cookie controls where applicable.
When you apply someone else's referral code at signup, we record the referral so the referrer can be credited with non-monetary rewards (such as free months of Premium). The referrer is told only that a successful referral occurred and may see anonymized counts of their referrals; they do not receive your name, email, or trip data. Referral codes are intended for personal use; misuse or fraudulent activity may void rewards.
Depending on your jurisdiction, you have rights including: access to the personal data we hold about you, correction of inaccurate data, deletion of your data, restriction or objection to processing, data portability (export of your data), and the right to withdraw consent. Most of these are fully self-service from Profile › Settings: Account Settings lets you change your email and password and enrol a TOTP second factor; Privacy Controls lets you switch your profile between public and private, opt out of search visibility, hide your travel history, opt out of anonymized analytics, and disable personalized recommendations; Notification Preferences lets you turn off marketing emails, trip emails, push notifications, and in-app alerts (security and billing emails are required and cannot be turned off); Connected Apps lists every linked sign-in method (Google, Apple, password) and lets you unlink any of them as long as at least one remains; Data Export downloads a JSON archive of every record we hold for you across profile, trips, bookings, conversations, reviews, points, badges, referrals, and saved destinations; Delete Account performs an immediate full deletion — we cancel any active Stripe subscription with a prorated refund, remove your trips and conversations and saved destinations and points, anonymize your reviews so other travellers keep their destination context, anonymize audit-log entries (set actor to null and strip IP), and finally delete your authentication record so the email cannot sign in again. You can also unsubscribe from the newsletter at any time and clear localStorage data through your browser. To exercise any other right (access, correction, restriction, withdrawal of consent), contact privacy@ojoylife.com. We aim to respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
OjoyLife operates globally, and your data may be processed in countries other than your own, including the United States and the European Union. When we transfer personal data across borders, we rely on appropriate safeguards such as Standard Contractual Clauses and ensure our service providers maintain protections consistent with applicable data-protection laws (including GDPR for EU/UK users and CCPA/CPRA for California residents).
We retain personal data only as long as needed to provide the service and meet legal obligations. Account data is retained while your account is active. When you delete your account from the Profile page, personal records (profile, trips, conversations, saved destinations, emergency contacts, points and gamification data, referral codes) are removed immediately from our active databases; encrypted backups continue to hold copies for up to 90 days as part of our normal rotation cycle, after which the backups expire. Reviews and contributions to public surfaces are anonymized rather than deleted so other travellers retain destination context. Audit-log entries are anonymized (actor set to null, IP address stripped) and retained for security, fraud-prevention, and dispute resolution. Stripe-side invoice records are retained for the period required by applicable tax and accounting law (typically 7–10 years) — these records sit on Stripe's infrastructure, not ours. Newsletter subscriber data is retained until you unsubscribe. Anonymized analytics may be retained longer in aggregate form. Localstorage data lives only on your device until you clear it.
OjoyLife is not directed to children under 13 (or the equivalent minimum age in your jurisdiction, such as 16 in parts of the EU). We do not knowingly collect personal information from children under that age. If you believe a child has provided us with personal information, please contact privacy@ojoylife.com and we will promptly delete the data and any associated account.
If you have questions about this privacy policy, your data, or want to exercise your rights, please contact our privacy team at privacy@ojoylife.com. We respond to inquiries within a reasonable timeframe, generally within 48 hours for most requests and within 30 days for formal data-rights requests.
Last updated: May 11, 2026
This policy may be updated periodically. Material changes will be communicated via email or in-app notification. Continued use of OjoyLife after changes constitutes acceptance.