Maragogo

Privacy Policy

Last updated: March 5, 2026

1. Introduction

Maragogo ("we," "us," or "our"), located in Stafford, Virginia, USA, operates the website maragogo.com (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.

By using the Service, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

Information You Provide Directly

  • Account information: Email address and authentication credentials (managed securely by our authentication system)
  • Trip preferences: Location preferences, destination selections, activity interests, budget preferences, and other trip-planning inputs
  • Saved itineraries: Day plans and itineraries you save to your account
  • Payment information: Billing details processed through Stripe (we do not store your full credit card number on our servers)

Information Collected Automatically

  • Usage data: Pages visited, features used, itineraries generated, and interaction patterns
  • Device information: Browser type, operating system, screen resolution, and device identifiers
  • Log data: IP address, access times, and referring URLs
  • Browser geolocation: If you choose to use the "Use my location" feature, your device's GPS coordinates are sent to Google Geocoding API to determine your city name. This location data is used only for itinerary generation and is not stored on our servers beyond the current session. You can deny or revoke the browser permission prompt at any time.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Generate personalized travel itineraries using AI (Google Gemini) and location data (Google Places API)
  • Process transactions and manage your credit purchases
  • Save and retrieve your itineraries and preferences
  • Communicate with you about your account, updates, and promotional offers (with your consent)
  • Analyze usage trends to improve the Service
  • Detect, prevent, and address fraud or technical issues

4. Third-Party Services

We share information with the following third-party service providers who assist us in operating the Service:

  • Better Auth — Authentication and user management. Your email and login credentials are processed securely on our self-hosted infrastructure.
  • Google (Places API & Gemini AI) — Location data and AI-powered itinerary generation. Your location preferences and trip inputs are sent to Google services to generate results. Google Privacy Policy
  • Stripe — Payment processing. Stripe collects and processes your payment information. Stripe Privacy Policy
  • PostgreSQL — Self-hosted database for storing your account data, preferences, and saved itineraries
  • Vercel — Web application hosting and CDN. Vercel processes HTTP requests, logs, and performance metrics. Vercel Privacy Policy
  • Google Maps JavaScript API — Interactive venue maps on itinerary results. Map loads may transmit your IP address to Google.
  • Open-Meteo — Weather forecasting API. No authentication required; your coordinates are sent to retrieve weather data. No personal data is stored by Open-Meteo.
  • Cloudflare — DNS and CDN services. Cloudflare may process your IP address for routing and security purposes.

We do not sell your personal information to third parties.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your session, remember your preferences, and analyze how you use the Service. These include:

  • Essential cookies: Required for authentication and core functionality (managed by Better Auth)
  • Functional cookies: Remember your preferences and settings
  • Analytics cookies: Help us understand usage patterns and improve the Service

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

6. Data Storage and Security

Your data is stored on secure self-hosted PostgreSQL servers located in the United States. We implement industry-standard security measures including encryption in transit (TLS) and at rest to protect your personal information.

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

All Users

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request that we correct inaccurate or incomplete data
  • Deletion: Request that we delete your personal data
  • Portability: Request your data in a structured, machine-readable format

Virginia Residents (VCDPA)

If you are a Virginia resident, the Virginia Consumer Data Protection Act (VCDPA) provides you with additional rights, including the right to opt out of the processing of personal data for targeted advertising, the sale of personal data, and profiling. We do not sell personal data or engage in profiling for decisions that produce legal or similarly significant effects.

California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA grants you the right to know what personal information is collected, the right to delete it, and the right to opt out of the sale or sharing of personal information. We do not sell or share your personal information as defined by the CCPA.

EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) provides you with additional rights regarding your personal data:

  • Legal basis: We process your data based on consent (account creation), contractual necessity (providing the Service), and legitimate interests (security, analytics)
  • Data transfers: Your data may be transferred to the United States where our service providers operate. These transfers are protected by Standard Contractual Clauses (SCCs) maintained by our processors (Google, Stripe)
  • Right to erasure: You may request complete deletion of your personal data
  • Right to data portability: You may request your data in a structured, machine-readable format
  • Right to object: You may object to processing based on legitimate interests
  • Supervisory authority: You have the right to lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 45 days.

9. Account Deletion

You may request deletion of your account and associated data at any time by emailing [email protected]. Upon receiving your request, we will:

  • Delete your account and authentication data
  • Remove your saved itineraries, preferences, and personal data from our database
  • Request deletion of your data from third-party processors where applicable

This process is completed within 30 days of your request.

10. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will promptly delete that information. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].

11. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. Maragogo does not serve advertising or sell data to third-party advertisers. We do not use cross-site tracking technologies. Your browser may send a DNT signal, but it is not required for us to respect your privacy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page or by sending you an email notification. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Maragogo
Stafford, VA, USA
[email protected]