Privacy policy

Last updated: May 19, 2026

Pelgrim is built and operated from the Netherlands. We treat your travel data as yours, not ours. This page explains exactly what we collect, why, and what you can do about it.

What we collect

Account data. Username, display name, email address, hashed password (we never see your plain password). Optional: home country preferences, display preferences.

Travel data. Whatever you import or enter: flights, stays, trips, properties, dates, notes. This is the data the product exists to manage. We store it; we don't share it.

Analytics. Anonymous, cookieless pageview counts. We log path, referrer (where you came from), a coarse country derived from your IP (via an open IP-to-country database), and broad device class. We do not set tracking cookies and do not run third-party analytics scripts.

Acquisition source. If you arrive with UTM parameters (e.g. from a marketing link), we record the source, medium, and campaign once per session and persist them with your account on signup so we know which channels work. No personal identifiers are involved.

Why we collect it

To deliver the service. The travel log only works if we store your travel data.

To send transactional email. Email verification, password reset, occasional service announcements. We do not send marketing email unless you explicitly opt in.

To improve the product. Anonymous aggregate usage data tells us which features are loved or ignored.

Who we share it with

By default: nobody.

To operate the service we use a small number of sub-processors:

• Postmark — transactional email delivery (verification, password reset).
• Anthropic — AI parsing of pasted itineraries (Smart-Paste). Only the text you explicitly paste is sent; no other account data leaves Pelgrim during AI calls.
• OpenStreetMap / OpenSky / GeoNames / OurAirports / Google Places — open data sources we query for airport, route, and hotel metadata. These calls are made server-side and don't include user identifiers.
• Hetzner — our German hosting provider (servers + database).

How long we keep it

Account data: as long as you have an account, plus 30 days after deletion (so we can restore an accidental deletion). After that it's purged from active systems within 90 days.

Analytics data: aggregate counters indefinitely; individual pageview rows for 12 months.

Email verification tokens: 24 hours.

Your rights (GDPR)

You have the right to access, correct, export, restrict, and delete your data. Pelgrim already lets you do most of this through the product (export every flight, stay, and trip as CSV; delete any record; delete your account). Anything you can't do through the UI, email us and we'll handle it within 30 days.

Cookies

We use a single session cookie to keep you logged in. That's it. No tracking cookies, no third-party cookies, no banner needed.

Changes to this policy

If we materially change this policy we'll email registered users at the address on file and post a notice on the homepage. The "last updated" date at the top will always reflect the current version.

Contact

Questions about this policy or about how your data is handled: hello@pelgrim.app.

This document is a starting template, not legal advice. If you operate Pelgrim commercially in a jurisdiction we don't already cover, have a qualified privacy lawyer review and adapt.