Privacy Policy

Last updated: February 2026

venezia.app is operated by Mateus Gibson, based in Venice, Italy ("we," "us"). This policy explains what data we collect, why, and how we handle it. We aim for clarity over legalese.

What we collect

When you create an account and use venezia.app, we collect:

Account information: your email address and password (encrypted). If you sign in with Google, we receive your name and email from Google.
Trip details: arrival date, duration, neighborhood, arrival method, travel party, interests, and whether this is your first visit. You provide all of this during onboarding.
Usage data: which sections you view, questions you ask Sensa, and how you interact with features. This helps us improve the product.
Payment information: processed entirely by Stripe. We never see or store your card details. We receive a confirmation of payment and your Stripe customer ID.

Why we collect it and our legal basis

Your trip details power everything — they determine what content you see, what recommendations you receive, and how Sensa responds to your questions. Without them, the product cannot function. Legal basis: performance of our contract with you (GDPR Art. 6(1)(b)).

Usage data helps us understand which features are valuable and which need improvement. We analyze this in aggregate to make the product better for everyone. Legal basis: our legitimate interest in improving the product (GDPR Art. 6(1)(f)).

Who processes your data

We use the following third-party services to operate venezia.app:

Supabase (database and authentication) — stores your account and trip data. Servers in the EU.
Stripe (payments) — processes your payment. Subject to Stripe's privacy policy.
Anthropic (AI) — powers Sensa. Your questions are sent to Anthropic's API to generate responses. Anthropic does not use data sent via their API to train models. Subject to Anthropic's privacy policy.
Mapbox (maps) — provides the interactive map. Receives your location data when you use the map. Subject to Mapbox's privacy policy.
Vercel (hosting) — serves the website. May collect standard server logs (IP address, browser type).

Cookies

We use only essential cookies required for authentication (keeping you logged in). We do not use tracking cookies, advertising cookies, or third-party analytics scripts.

International data transfers

Your account and trip data are stored in the EU (Supabase). Some of our service providers — Anthropic, Mapbox, and Vercel — are based in the United States. Data transfers to these providers are protected by Standard Contractual Clauses and/or the EU-US Data Privacy Framework, as applicable.

How long we keep your data

Your account and trip data are retained for as long as your account exists. If you delete your account or request deletion, we remove your data within 30 days. Anonymized, aggregate analytics data (which cannot be linked back to you) may be retained indefinitely.

Your rights

Under GDPR, you have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your data
Export your data in a portable format
Object to processing of your data
Lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) at www.garanteprivacy.it

To exercise any of these rights, email hello@venezia.app. We will respond within 30 days.

Aggregate data

We may share anonymized, aggregate insights derived from usage patterns — for example, which neighborhoods are most popular with visitors, or what arrival methods are most common. This data cannot identify any individual user.

Changes to this policy

If we make material changes to this policy, we will notify you by email or through the app. The "last updated" date above indicates when this policy was most recently revised.

Contact

For any privacy-related questions or requests: hello@venezia.app