Privacy Policy

1. A quick summary

This summary is for convenience only and does not replace the full policy below.

• We don’t sell your data.We do not sell or “share” your personal information for cross-context behavioral advertising, and we do not run third-party ad networks in the App.
• Your trips are friend-only by default. Content you create is visible only to the people you allow, unless and until you choose otherwise. There is no public feed.
• Permissions are asked in context, with explanation.We never request location, contacts, photos, or notifications on launch. Each request is preceded by a screen that explains why we’re asking and what we’ll do with the data.
• Your address book is never uploaded.Find-friends matching happens with hashed phone numbers; we never send or store your contacts’ names or numbers.
• You can keep location on your device. “Local-Only mode” keeps your location history on your iPhone and out of our cloud, except for trips you explicitly publish.
• You’re in control. You can access, export, correct, or delete your data, and you can change or revoke any permission at any time.

2. Who this policy applies to

The Services are intended for users in the United States who are 18 years of age or older. The App is offered by invitation only.

The Services are not directed to children, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us personal information, contact us at privacy@beenlist.com and we will delete it.

If you access the Services from outside the United States, please be aware that your information will be processed in the United States, where data-protection laws may differ from those in your jurisdiction. See Section 10.

3. Information we collect

We collect information in three ways: information you provide, information created as you use the Services, and information from your device and third parties. Much of what follows describes data that stays on your device unless you choose to publish or sync it.

3.1 Information you provide

• Account and profile. When you accept an invitation and create an account, we collect your name, phone number, and (if you use it) your Sign in with Apple identifier. You may add a profile photo, display name, and interests. We use phone number and/or Sign in with Apple as your primary login methods.
• Trips and recommendations. The places you log, your ratings, notes, captions, trip dates, destinations, travel companions you tag (or enter as free text), and the photos and videos you attach to a stop.
• Messages.The content of “Ask about this” message threads you send to friends about a specific place.
• Invitations.When you invite someone, we process the name and contact (phone number) you choose to invite, and we record who invited whom so we can show the “Invited by” welcome that names the person who invited you.
• Support and communications. Information you provide when you contact us, give feedback, or report content.

3.2 Information collected through device permissions

We request each of the following only in context, after a screen explaining the reason. You can grant, limit, or revoke each permission in iOS Settings at any time.

• Photos (selected photos only). When you add photos to a visit, we read the photos you select and their embedded metadata (EXIF), which can include the date, time, GPS coordinates, and altitude a photo was taken at. We use this to draft a visit card (suggested place, date, and location) for you to confirm. We request access to the photos you select, never your entire photo library. Optical character recognition (OCR) on photos runs on your device; in low-confidence cases we may send an image to a cloud vision service to improve place suggestions (see Section 5).
• Location.With your permission, we use location to power capture features. When-In-Use location helps resolve where a visit happened while you’re using the App. Always (background) location, if you grant it, lets the App detect when you’ve arrived somewhere new and offer an ambient “Start a trip here?” prompt. We use coarse dwell detection and a small number of geofenced regions (for example, home or your home airport) for this. We do not continuously track or share your real-time location. You can enable Local-Only mode so that location history never leaves your device. See Section 6.
• Contacts (find friends).If you choose to find friends from your contacts, the matching happens privately. Your phone numbers are normalized and hashed on your device, and only the resulting hashes are sent to us to check for matches against Beenlist members. We never upload, store, or see your contacts’ names or phone numbers.
• Notifications. If you allow notifications, we use Apple Push Notification service (APNs) to send capture prompts, friend activity, and messages, according to the notification types you turn on.
• Motion and sensors. The App may read device motion and barometric (air-pressure) signals on your device to help detect travel events (for example, a flight). This processing happens locally.

3.3 Information collected automatically

• Device and app information. Device model, operating-system version, app version, language, time zone, and similar technical details.
• Usage and product analytics. How you navigate and use the Services, for example, screens viewed, features used, onboarding steps completed, and crashes, collected to understand and improve the product. We use PostHog for product analytics. We do not use this data for third-party advertising.
• Identifiers. App-generated installation identifiers and similar IDs used to operate the Services and measure usage.

3.4 Information from the email-forwarding feature

If you forward a hotel, flight, or activity confirmation to plans@beenlist.com, we receive that email and parse its structured booking details (such as the property, dates, and location) to create a draft trip for you. We process the forwarded message to extract this information and associate the draft with your account.

3.5 Optional verification

If we offer a liveness (“real person”) check when you accept an invitation, the check runs on your device and only a pass/fail result is sent to us. We do not collect or store a government ID, and this is not identity verification (KYC).

4. The Site (beenlist.com)

Our marketing website uses standard, privacy-respecting analytics to understand traffic and improve the Site. This includes Google Analytics and PostHog, which use cookies and similar technologies to collect information such as pages visited, referring URLs, approximate location (derived from IP address), and device/browser details.

If you submit the invite-request form on the Site, we collect the information you provide (such as your name and email or phone number) to evaluate and manage invitation requests.

You can control cookies through your browser settings and, where offered, through a cookie banner or preference control on the Site. We honor recognized opt-out preference signals (such as Global Privacy Control) where required by law. See Section 9.

5. How we use information

We use information to:

• Operate core features— create and sync your trips, drafts, photos, and notes; draft visit cards; run friend-scoped search; deliver messages; and power notifications.
• Connect you with people you know— match contacts (via hashes), surface friends on Beenlist, and process invitations.
• Personalize your experience— seed home-screen shelves from your interests and improve search and recommendations within your network.
• Improve and secure the Services— analyze usage, debug, prevent fraud and abuse, protect the integrity of the trust graph, and keep your data reliable.
• Communicate with you— send service messages, respond to support requests, and (where you’ve agreed or as permitted) send product updates.
• Comply with law— meet legal obligations and enforce our Terms.

Place resolution. To help name and locate the places you log, we may use the Google Places API and reverse geocoding. For photos where on-device OCR is not enough, we may send the image to a cloud vision service (for example, Google Cloud Vision) to improve a suggestion. We minimize what we send and do not use these lookups to build advertising profiles.

We do not use your personal information for automated decision-making that produces legal or similarly significant effects about you.

6. Local-Only mode and privacy controls

Local-Only mode is a feature, not a buried setting. When you enable it:

• Your location history stays on your device and is not synced to our cloud.
• Cloud sync is limited to trips you explicitly publish.
• The passive-capture pipeline skips analytics events that would reveal location.

You can turn Local-Only mode on or off at any time. Turning it on triggers a background job that purges any previously cached cloud location history.

Encrypted backups. Any location history that is backed up to the cloud is end-to-end encrypted, with keys held in the iOS Keychain / Secure Enclave on your device.

7. How we share information

We do not sell your personal information, and we do not “share” it for cross-context behavioral advertising. We disclose information only in these cases:

• With other users, as you direct. Trips and recommendations you publish are visible to the people you allow (such as your followers or a chosen circle). Your messages are shared with their recipient. We default to friend-only; there is no public feed in the App.
• With service providers (processors). We use vendors to host and run the Services under contracts that limit their use of data to providing services to us. These currently include, for example: Apple (Sign in with Apple, APNs); cloud hosting and database providers; Google (Places API, and Cloud Vision as a fallback); a transactional and inbound email provider; and PostHog and Google Analytics for analytics.
• For legal reasons. To comply with law, legal process, or lawful requests; to enforce our Terms; or to protect the rights, safety, and property of Beenlist, our users, or others.
• In a business transfer. In connection with a merger, acquisition, financing, or sale of assets, subject to this Privacy Policy.
• With your consent. For any other purpose disclosed to you with your consent.

We may share aggregated or de-identified information that cannot reasonably be used to identify you.

8. How long we keep information

We keep personal information for as long as your account is active and as needed to provide the Services, then for a reasonable period to comply with legal obligations, resolve disputes, and enforce our agreements. Your trips, photos, and notes persist so your travel history isn’t lost. When you delete your account, we delete or de-identify your personal information as described in Section 9, except where we are required or permitted by law to retain it.

9. Your privacy rights and choices

Everyone. You can, within the App:

• Access and export your data as a structured archive.
• Correct your profile and content.
• Delete your account, which triggers a full purge of your personal data (subject to limited legal retention).
• Manage permissions (location, contacts, photos, notifications) in iOS Settings, and toggle Local-Only mode at any time.

U.S. state privacy rights (including California/CPRA, and the comprehensive laws now in effect across roughly 20 states). Depending on where you live, you may have the right to:

• Know/access the personal information we hold about you and how we use and disclose it;
• Correct inaccurate personal information;
• Delete your personal information;
• Obtain a portable copy of your information;
• Opt out of “sale,” “sharing”/targeted advertising, and certain profiling (note: we do not sell or share personal information for these purposes, and we do not conduct such profiling); and
• Not be discriminated against for exercising your rights.

We honor recognized opt-out preference signals (such as Global Privacy Control) on the Site where required. To exercise any right, use the in-app controls or contact us at privacy@beenlist.com. We will verify your request (typically through your account) and respond within the timeframes required by law. You may use an authorized agent where permitted. If we deny a request, you may appeal by replying to our response.

Sensitive information.Precise geolocation may be considered sensitive personal information. We use it only to provide the features you’ve enabled and do not use it to infer characteristics or for advertising.

California “Shine the Light.” We do not disclose personal information to third parties for their own direct marketing.

EEA/UK users. See Section 10.

10. International users and legal bases

We are based in the United States and process information there. If you are in the European Economic Area or the United Kingdom and we offer the Services to you, our legal bases for processing are: performance of our contract with you (to provide the Services), your consent (for example, for device permissions and certain communications), our legitimate interests (such as securing and improving the Services), and compliance with legal obligations. You may have rights to access, correct, delete, restrict, object to, and port your data, and to lodge a complaint with a supervisory authority. Where we transfer data internationally, we use appropriate safeguards.

11. Security

We use technical and organizational measures designed to protect your information, including encryption in transit (TLS), end-to-end encryption for cloud-backed location history, secure key storage in the iOS Keychain / Secure Enclave, and access controls. No system is perfectly secure, so we cannot guarantee absolute security, but we work to protect your data and to notify you and regulators of incidents where required by law.

12. Apple App Store

The App’s privacy practices are also summarized on its App Store product page (the “privacy nutrition label”). Where Apple’s platform rules require it, we request your permission before any tracking. This Privacy Policy controls in case of any inconsistency, but always read it alongside the App Store disclosures.

13. Third-party links and services

The Services may link to third-party websites or booking partners. Those services have their own privacy policies, and we are not responsible for their practices. If affiliate booking links are enabled in the future, Beenlist will display the required disclosures and update this policy accordingly.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date and, where appropriate, notify you in the App or by other means. Your continued use of the Services after an update means you accept the revised policy.

15. Contact us

If you have an unresolved concern, you may also have the right to contact your local data protection authority or state attorney general.

See also our Terms of Use.