← Back to FiBi

Privacy Policy

Last updated: 25 February 2025

Who we are

FiBi ("we", "us") is the data controller for the FiBi service at fibi.world. We save and organise travel places you find on social media so you don't lose them.

GDPR and this privacy statement

If you are in the United Kingdom or the European Economic Area, the UK GDPR and the EU General Data Protection Regulation (GDPR) apply. This privacy statement explains how we collect, use, store and protect your personal data and what rights you have. We process your data only where we have a lawful basis and in line with applicable data protection law.

What data we collect

  • Account data: email address and password (hashed).
  • Usage data: saved places, itineraries (trips), shared links, comments, and any content you add (names, notes, links, screenshots).
  • Technical data: we use authentication cookies to keep you logged in. We use Supabase for hosting and authentication, and Resend for sending emails (e.g. welcome, password reset, product updates).
  • Optional features: if you use AI-enriched details or image proxy for saved items, we process those requests to provide the service.

How we use your data

We use your data to provide the FiBi service (saving and organising places, sharing itineraries, calendar and map views), to send you account-related emails (e.g. password reset, email confirmation) and, if you have opted in, product updates and tips (you can withdraw this at any time). We also use data to maintain security and prevent abuse.

Lawful basis (GDPR Art. 6)

We process your personal data only where we have a lawful basis:

  • Contract (Art. 6(1)(b)): account creation, providing the service, account-related emails (e.g. confirmation, password reset).
  • Legitimate interests (Art. 6(1)(f)): security, preventing abuse, improving the service, necessary technical processing (e.g. cookies for login).
  • Consent (Art. 6(1)(a)): marketing and product-update emails. You give consent when you tick the optional box at signup; you can withdraw it anytime (e.g. via unsubscribe or by contacting us).

We retain your data for as long as your account is active and as long as needed to comply with legal obligations. After account deletion, we remove or anonymise your data within a reasonable period except where we must keep it for law or disputes.

Sharing your data

We use Supabase (hosting and database) and Resend (email). We do not sell your personal data. We may disclose data if required by law or to protect our rights and safety.

Cookies and local storage

We use cookies for authentication (e.g. keeping you logged in). We also use your browser's local storage and session storage for preferences that make the app work better for you (e.g. remembering which trip is selected in the calendar, or that you've seen the sharing tutorial). We do not use third-party advertising or analytics cookies. You can control cookies via your browser settings.

Your rights (GDPR)

If UK/EEA GDPR applies to you, you have the following rights in relation to your personal data:

  • Right of access (Art. 15): request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17): request deletion of your data in certain circumstances.
  • Right to restrict processing (Art. 18): request that we limit how we use your data in certain cases.
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format where applicable.
  • Right to object (Art. 21): object to processing based on legitimate interests; we will stop unless we have compelling grounds to continue.
  • Right to withdraw consent: where we rely on consent (e.g. marketing emails), you may withdraw it at any time without affecting the lawfulness of processing before withdrawal. Use the unsubscribe link in emails or contact us.
  • Right to complain: you may lodge a complaint with a supervisory authority (e.g. the ICO in the UK, or your local data protection authority in the EEA).

To exercise any of these rights or ask questions, contact us at the address below. We will respond within the time required by law (usually one month).

International transfers

Our service providers may process data in countries outside your own. We ensure appropriate safeguards (e.g. standard contractual clauses) where required by law.

Changes to this policy

We may update this policy from time to time. We will post the updated version on this page and update the "Last updated" date. For material changes we may notify you by email or a notice in the app where required by law.

Contact and data protection

For privacy-related questions, to exercise your rights, or to contact us in relation to data protection (including as data controller under GDPR), email us at hello@fibi.world. We will respond as required by applicable law.

Privacy Policy - FiBi | FIBI