Privacy Policy

Last updated: 2026-05-03 — this policy is a draft.

theGo is a travel social network. This policy explains what data we collect, why we collect it, and what choices you have. If anything is unclear, email hello@thego.life.

1. What we collect

Information you give us

• Account: name, email, password (stored only as a one-way bcrypt hash), handle, optional bio and home country.
• Profile + activity: photos you upload, countries marked visited / current / going, life-list items, passions, posts, and messages.
• Connections + messages: who you connect with and the contents of your messages and chats.

Information collected automatically

• Logs: IP, user-agent, and timestamps of requests — used for security, abuse prevention, and debugging.
• Cookies: a session cookie issued at login (NextAuth JWT). No third-party advertising cookies.

2. How we use it

• To run the service: render your map, fan out notifications, deliver messages.
• To send transactional email: account verification, password reset, message notifications.
• To enforce our Terms of Service and protect against abuse.
• To improve the product: aggregate usage patterns help us decide what to build next.

We don't sell your personal data. We don't use your content to train third-party AI models.

3. Who we share with

We share data only with the providers who make theGo run:

• Hosting + database: our infrastructure provider hosts the application and Postgres database.
• Email delivery: we use Resend to send transactional email.
• Legal: if compelled by valid legal process, we will share what we're required to share.

4. What other users see

• Public: your profile (name, handle, bio, photos, visited map, life list, passions) and your posts.
• Connections-only: sending direct messages requires an accepted connection.
• Private: your email, password hash, draft messages, and notification feed are never shown to other users.

5. Your choices

• Edit: update your profile and content from /profile.
• Export: request a copy of your data by emailing us.
• Delete: request account deletion by emailing us; we will honor it promptly.
• Email preferences: follow the unsubscribe link in any non-transactional email we send.

6. Security

Passwords are stored as bcrypt hashes. The site is served over HTTPS. We rate-limit auth endpoints and messaging to discourage abuse. No system is perfect — please use a unique password and report anything suspicious right away.

7. Children

theGo is not directed at children under 13. If you believe a child has created an account, contact us and we will delete it.

8. International users

theGo is operated from the European Union. By using the service, you consent to your data being processed there.

9. Changes to this policy

We may update this policy. Material changes will be communicated by email or in-app. The date at the top reflects the latest revision.

10. Contact

Questions, requests, or complaints? hello@thego.life.