Skip to main content
SaveToRoam
Legal · Privacy

How we handle your data.

Plain explanation of what we collect, why, and your rights.

Last updated: 16 April 2026

1. Who we are

SaveToRoam (“we”, “us”, “our”) is an online trip savings and itinerary planning service built and operated in Australia. We are committed to protecting your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

If you have any questions about this policy, contact us at hello@savetoroam.com.

For users in the European Economic Area (EEA) and United Kingdom

If you are located in the EEA or UK, the General Data Protection Regulation (GDPR) and UK GDPR apply to our processing of your personal data in addition to Australian privacy law.

Legal bases for processing. We process your personal data on the following legal bases:

  • Performance of a contract — to provide and maintain your SaveToRoam account, process trip plans, track savings progress, and handle payments (Art. 6(1)(b)).
  • Legitimate interests — to improve our service, prevent fraud, and ensure security, where those interests are not overridden by your rights (Art. 6(1)(f)).
  • Consent — for optional analytics and performance monitoring via Vercel Analytics and Sentry, which are only activated after you grant consent through our cookie banner (Art. 6(1)(a)). You may withdraw consent at any time through your account privacy settings or by clearing your browser site data.

International data transfers. SaveToRoam is operated from Australia. Your data may be processed by sub-processors located in the United States and other countries outside the EEA. We rely on the following transfer mechanisms under Art. 46 GDPR: the EU–US Data Privacy Framework (where the processor is certified) and Standard Contractual Clauses (SCCs) adopted by the European Commission. Our key sub-processors and their roles are:

  • Supabase Inc. — database hosting and authentication (US).
  • Stripe Inc. — payment processing (US).
  • Vercel Inc. — hosting and analytics (US).
  • Resend Inc. — transactional email (US).
  • Functional Software Inc. / Sentry — error monitoring (US).

Your additional rights under GDPR. In addition to the rights described elsewhere in this policy, EEA and UK residents have the right to:

  • Request a portable copy of their personal data in a structured, commonly used, machine-readable format (Art. 20). You can download your data directly from your account settings (Privacy → Download my data), or email hello@savetoroam.com to request an export.
  • Lodge a complaint with your local data protection supervisory authority if you believe your data has been processed unlawfully. A list of EEA supervisory authorities is available at edpb.europa.eu.

Data breach notification. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (Art. 33). Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay (Art. 34).

2. Information we collect

We collect the following types of information when you use SaveToRoam:

  • Account information — your name and email address, provided directly or via Google Sign-In.
  • Trip and savings data — destinations, travel dates, number of travellers, savings goals, savings amounts, and any itinerary content you create.
  • Billing information — subscription plan and billing period. Payment details (card numbers etc.) are processed directly by Stripe and are never stored on our servers.
  • Usage data — pages visited, features used, and technical information such as your IP address, browser type, and device type, used to operate and improve the service.

3. How we use your information

We use your information to:

  • Provide, personalise, and improve the SaveToRoam service.
  • Process payments and manage your subscription.
  • Send transactional emails (account confirmation, receipts, password resets).
  • Send weekly savings reminder emails (Pro users only, Fridays) to help you stay on track toward your savings goal. You can unsubscribe at any time from the link in each email or from your account settings.
  • Respond to support requests.
  • Protect against fraud and abuse, including rate limiting API requests.

We do not sell your personal information to third parties, and we do not use it for advertising.

4. Third-party services

To deliver SaveToRoam, we share data with the following trusted service providers, each bound by their own privacy commitments:

  • Supabase — database, authentication, and file storage.
  • Stripe — payment processing and subscription management.
  • Google Sign-In — optional sign-in with your Google account.
  • Anthropic (Claude) — AI-powered itinerary generation, per-stop highlights and tips, and cost estimation. We send destination and trip details (city, country, duration, traveller composition) to generate planning suggestions. No personal information beyond trip context is shared. Anthropic does not use Claude API inputs or outputs to train its models.
  • Resend — transactional email delivery.
  • Vercel — web hosting and serverless infrastructure.
  • Upstash — Redis-based rate limiting to protect our API.
  • Sentry — error tracking and performance monitoring. Collects technical error data, IP address, and browser type to help us identify and fix issues quickly.

Some of these providers may store data outside of Australia. Where they do, we take reasonable steps to ensure your information is handled with equivalent protections.

5. Cookies & analytics

SaveToRoam uses minimal cookies — primarily session cookies required to keep you signed in and securely load your trip data. These are essential and cannot be disabled while you use the app.

With your consent, we also collect privacy-friendly product analytics via Vercel Analytics and Vercel Speed Insights. These tools measure aggregate page views and performance metrics (load times, interaction delays) to help us improve the product. They do not use tracking cookies, do not build a profile of you, and do not share data with advertisers.

On your first visit you will see a banner asking you to choose between Accept all (essentials + analytics) and Essential only (just what's required to keep you signed in). You can clear your browser's site data for savetoroam.com at any time to be asked again. We do not use advertising or third-party tracking cookies of any kind.

6. Data retention

We retain your personal information for as long as your account is active. If you delete your account, we soft-delete it immediately and permanently remove your personal data within 7 days (this 7-day window lets you contact us to undo an accidental deletion), except where we are required to retain certain records for legal or financial compliance purposes (e.g. Stripe transaction records).

7. Your rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or out-of-date information.
  • Request deletion of your account and associated data.
  • Complain about how we handle your personal information.

To exercise any of these rights, email us at hello@savetoroam.com. We will respond within 30 days.

8. Security

We implement industry-standard security measures including encrypted connections (HTTPS), secure authentication, and rate limiting. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or by displaying a notice in the app. Continued use of SaveToRoam after any changes constitutes acceptance of the updated policy.

10. Contact

For any privacy-related questions or complaints, contact us at hello@savetoroam.com. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

Privacy Policy | SaveToRoam