Outbound ("we", "us", or "our") is a mobile application that automatically builds travel itineraries from your email booking confirmations. This Privacy Policy explains what information we collect, how we use it, and your rights in relation to it.
By using Outbound you agree to the collection and use of information as described in this policy.
1. Information We Collect
Account Information
When you create an account we collect:
- Your email address
- Your display name
- An optional profile photo
This information is provided directly by you during sign-up, or passed to us by Apple (via Sign in with Apple) or Google (via Google Sign-In).
Email Content
If you choose to connect your Gmail or Microsoft Outlook account, Outbound requests read-only access to your inbox using the official Gmail API and Microsoft Graph API. We use this access solely to search for and retrieve travel booking confirmation emails (such as flight, hotel, restaurant, activity and transport bookings). We do not read, store, or process any emails unrelated to travel bookings.
Email content is processed on your device and sent to our AI service (see Third-Party Services below) to extract structured booking information. We do not store the raw text of your emails on our servers. Only the extracted booking data (booking title, date, time, location, confirmation number, and cost) is saved to your account.
Trip and Booking Data
We store the travel itinerary data associated with your account, including:
- Trip names, dates, and destination locations
- Booking details extracted from your emails (type, title, date, time, location, confirmation number, cost)
- Notes and annotations you add manually to trips and days
Social Data
If you use Outbound's social features, we store:
- Follow and follower relationships between users
- Place recommendations and associated notes that you choose to share
Usage Data
We collect anonymised analytics about how the app is used (for example, which screens are visited and how often features are used). This data does not contain any email content or personally identifiable booking details. See Third-Party Services for details of our analytics provider.
Device Data
We store your push notification token on our servers so we can send you notifications about your itinerary (for example, when a trip sync is complete). You can disable notifications at any time in your device settings.
2. How We Use Your Information
| Purpose | Data used |
|---|---|
| Building and displaying your travel itinerary | Email booking data, trip data |
| Providing your account and syncing data across devices | Account information, trip and booking data |
| Enabling social features (followers, recommendations, shared trips) | Profile information, social data |
| Sending push notifications about your trips | Push notification token |
| Improving the app and understanding how it is used | Anonymised usage data |
| Responding to support requests | Account information, relevant trip data |
We do not use your data to train AI or machine learning models. We do not sell your data to third parties. We do not use your email content for advertising.
3. Third-Party Services
Outbound uses the following third-party services to operate. Each service's use of your data is governed by their own privacy policy.
Supabase
We use Supabase to store your account information, trip data, and social data. Supabase is a hosted database platform. Data is stored in the European Union. Supabase Privacy Policy.
Anthropic (Claude AI)
Email bodies retrieved from your inbox are sent to Anthropic's Claude API to extract structured booking information. This processing happens in real time and Anthropic does not retain your email content for training purposes under our API agreement. Anthropic Privacy Policy.
Google (Gmail API & Sign-In)
If you connect your Gmail account, we access your inbox using Google's official Gmail API with read-only permission. We request the minimum scope necessary (gmail.readonly). You can revoke this access at any time from your Google Account permissions page. Google Privacy Policy.
Microsoft (Outlook / Microsoft Graph)
If you connect your Microsoft Outlook account, we access your inbox using the Microsoft Graph API with read-only permission. You can revoke this access at any time from your Microsoft account settings. Microsoft Privacy Policy.
Apple (Sign in with Apple)
If you sign in with Apple, Apple passes your name and email address to us. Apple may provide a private relay email address. Apple Privacy Policy.
PostHog
We use PostHog to collect anonymised usage analytics. No email content or booking details are included in analytics events. PostHog Privacy Policy.
4. Gmail and Outlook Data — Additional Disclosures
Outbound's use of data obtained via the Gmail API and Microsoft Graph API is limited to the following:
- We access your email solely to find and extract travel booking confirmation emails for the purpose of building your itinerary.
- We do not access, read, store, or share any emails unrelated to travel bookings.
- We do not use your email data to serve advertisements.
- We do not allow humans to read your email content, except where you explicitly request support and share specific emails with us yourself.
- We do not share your email content with any third party except Anthropic's Claude API for the purpose of extracting booking data, as described above.
Outbound's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
5. Data Retention
We retain your account and trip data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal reasons.
You can delete individual trips and bookings at any time within the app. Deleting a trip permanently removes all associated bookings and annotations from our servers.
6. Data Security
We take reasonable technical and organisational measures to protect your data, including encrypted storage, HTTPS for all data transfers, and access controls on our database. OAuth tokens are stored in your device's secure storage and are never sent to our servers.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you
- Correction — ask us to correct inaccurate data
- Deletion — ask us to delete your account and associated data
- Portability — request your data in a portable format
- Objection — object to certain types of processing
To exercise any of these rights, contact us at support@outboundtravel.app.
8. Children's Privacy
Outbound is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page. Continued use of the app after changes constitutes acceptance of the updated policy.
10. Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please contact us at: