Legal

Privacy Policy

Last updated: March 15, 2026

1. Introduction

One3Four ("we", "us", or "our") operates the Perkorsi platform (the "Service"), an AI-powered travel planning application available at our website. This Privacy Policy explains how we collect, use, share, and protect your personal data when you interact with our Service.

By using Perkorsi, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.

2. Information We Collect

Account Data

When you create an account, we collect your email address and authentication provider information (e.g. Google or other OAuth providers) through our authentication partner, Supabase.

Trip and Itinerary Data

When you use the Service to plan trips, we collect the information you provide, including destinations, travel dates, budgets, activity preferences, and any other details you enter into your itineraries.

Feedback Data

If you submit feedback through our feedback form, we collect the message you provide along with your name and email address if you choose to include them. These fields are optional.

Payment Data

Payment transactions are processed by Stripe. We do not store your credit card number or payment method details on our servers. Stripe may share with us your customer ID, subscription status, and plan information to manage your account.

Usage and Log Data

We collect standard technical information such as your IP address (used for rate limiting), browser type, and pages visited. We also log API usage for internal cost tracking and service monitoring.

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service, including generating AI-powered itineraries
  • Display maps, directions, and place details for your trips
  • Show destination photos and weather information
  • Process payments and manage your subscription
  • Respond to your feedback and support requests
  • Enforce rate limits and protect against abuse
  • Improve, maintain, and monitor the performance of the Service

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data on the following legal bases:

  • Contract performance: Processing necessary to provide the Service you signed up for (e.g. account management, itinerary generation, payment processing).
  • Legitimate interests: Processing necessary for our legitimate interests, such as improving the Service, preventing fraud, and ensuring security, provided these interests do not override your rights.
  • Consent: Where you have given us explicit consent, such as when you voluntarily submit optional personal data in our feedback form.
  • Legal obligation: Processing necessary to comply with applicable laws and regulations.

5. Third-Party Services

We share data with the following third-party services in order to operate the Service. Each processes data according to their own privacy policies:

ServicePurposeData Shared
SupabaseAuthentication and database hostingAccount data, itineraries, feedback, usage logs
StripePayment processingEmail, user ID, selected plan, payment details
Google Maps PlatformMaps, place details, directions, and photosLocation queries, destination coordinates
AI Infrastructure ProviderAI itinerary generationTrip parameters (destinations, dates, preferences)
PexelsDestination photosCity names (search queries)
Open-MeteoWeather forecasts and geocodingCity names, geographic coordinates

6. Cookies and Local Storage

We use only essential cookies required for the Service to function:

  • Session cookies: HTTP-only cookies managed by Supabase to maintain your authenticated session. These are strictly necessary and cannot be disabled while using the Service.
  • Local storage: We use your browser's local storage to save UI preferences and itinerary editing state for a better user experience. This data remains on your device.

We do not use any advertising, tracking, or analytics cookies.

7. Data Retention

We retain your personal data as follows:

  • Account data: Retained for as long as your account is active. You may request deletion at any time.
  • Itinerary data: Retained until you delete it or request account deletion.
  • Feedback: Retained indefinitely to help us improve the Service, unless you request its removal.
  • Usage and cost logs: Retained for billing reconciliation and service monitoring purposes.
  • Cached data: Place details are cached for up to 7 days; weather and photo data are cached for up to 30 days. Caches are automatically purged.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • HTTPS encryption for all data in transit
  • HTTP-only cookies to prevent client-side access to session tokens
  • Security headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy, X-XSS-Protection, Permissions-Policy)
  • Per-IP rate limiting on all API endpoints
  • Encryption at rest provided by our database hosting provider (Supabase)
  • Input validation on all endpoints using schema-based validation

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

9. Your Rights Under the GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at support@perkorsi.com. We will respond to your request within 30 days.

10. International Data Transfers

Your data may be processed in countries outside the EEA where our third-party service providers operate. When such transfers occur, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, to protect your data in accordance with the GDPR.

11. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us at support@perkorsi.com and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For material changes, we will notify you by email or through a prominent notice on the Service prior to the change becoming effective.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

support@perkorsi.com

14. Supervisory Authority

If you are located in the EEA and believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with your local data protection supervisory authority.