Privacy Policy

Tokyo Playbook LLC, doing business as Tokyo Playbook (“we”, “us”, “our”), operates tokyoplaybook.com. This policy explains what data we collect, how we use it, and your rights.

Mailing address: Tokyo Playbook LLC, 30 N Gould St Ste N, Sheridan, WY 82801, USA.

Account Information: When you create an account, we collect your email address, display name, and password (stored as a secure hash). If you sign in with Google, we receive your name and email from Google. We also store your chosen avatar preference.

Trip & Planning Data: You may provide travel dates, trip names, personal trip notes, saved/bookmarked spots (restaurants, hotels, attractions, day trips), custom spots you add manually, selected interest preferences, and booking checklist progress. This data is stored server-side in your account.

AI Chat Messages: Messages you send to our AI assistant and the responses it generates are stored in your account profile to preserve your conversation history across sessions. This data is directly linked to your account. We may review anonymized chat logs to improve the quality of AI responses.

Photos You Upload: If you take or upload a photo in the AI chat (for example, a menu, sign, or storefront), the image is sent to Anthropic to generate a response. We do not store the image itself on our servers or in your account — only a “[Photo]” placeholder is kept in your conversation history so the thread reads correctly. Please do not upload photos containing sensitive personal documents (passports, IDs, financial documents) or images of other people who have not consented.

Voice Input: If you use the hold-to-talk microphone button, your spoken audio is converted to text by your browser's built-in speech-recognition service — operated by your browser vendor (Google for Chrome/Edge, Apple for Safari) and governed by their respective privacy policies. That audio is processed by the browser vendor's service, not by us; we never receive or store the audio recording. Only the resulting text transcript enters the chat, where it is handled the same as any typed message.

Payment Information: Payments are processed securely by Stripe. We do not store credit card numbers. We receive and store your Stripe customer ID and email to link purchases to your account.

Usage Data: We track basic usage metrics such as AI message counts to enforce usage limits. Standard server logs (IP address, browser type, pages visited) are generated by our hosting provider and retained transiently for security and operations; we do not store your IP address in your account.

Device Location: Tokyo Playbook has two optional location features. Both are off until you choose to use them, and your browser always asks your permission first.

“Near me” on the map: shows your current position on your trip map. This is processed on your device within your current browser session — it is not sent to our servers, not stored, and not used to influence recommendations.

“Right Now” nearby recommendations: if you ask what's good around you right now, your device's approximate coordinates are sent to our server to look up your neighborhood (a reverse-geocoding step) and are included in that chat message so the assistant can recommend places near you. Because this travels as part of a chat message, that location is also sent to our AI provider (Anthropic) and saved in your conversation history along with the rest of the message. We use it only to answer that request — we do not track your location in the background and do not build a location profile.

You can decline the browser prompt, or revoke the permission at any time in your browser settings, without affecting any other feature.

Acquisition Attribution: When you first arrive at our site, we record the page you landed on, the referring page (for example, a search engine or social-media link), and any campaign parameters in the URL (the standard utm_source, utm_medium, utm_campaign, utm_content, and utm_term values). This is recorded once, on a first-touch basis, and stored on your account so we can understand which channels and campaigns introduce people to Tokyo Playbook. It is operational/analytics data; we do not use it for advertising, profiling, or cross-context behavioral tracking, and it is never shared with third-party advertisers.

We use your information to:

• Provide and personalize the Tokyo Playbook service, including trip planning tools, saved spots, and checklist features
• Deliver and improve AI chat recommendations tailored to your saved preferences and trips — your stated preferences and past destinations may inform recommendations across the multiple trips you plan within your account
• Process purchases and restore premium access across devices
• Improve AI response quality by reviewing anonymized conversation data
• Enforce usage limits and prevent abuse
• Send transactional emails (account confirmation, welcome email, subscription receipt, cancellation confirmation). We do not send marketing or promotional emails.

When you use our AI chat assistant, your messages are sent to Anthropic (the company behind Claude) for processing. Anthropic processes your message to generate a response, which is then returned to you. Anthropic's use of this data is governed by their own privacy policy. We do not share your name, email, or other account details with Anthropic — only the chat message content and relevant trip context (such as your travel dates) needed to generate a useful response. If you upload a photo in the chat, that image is also sent to Anthropic for analysis. Voice input is transcribed by your browser's speech service before any text is sent — see “Voice Input” under “Information We Collect” above.

We use the following third-party services that may receive or process your data:

• Stripe — Payment processing (receives payment details)
• Supabase — Authentication and data storage (hosted on AWS, US region)
• Anthropic (Claude) — AI chat processing (receives chat messages and any photos you upload; under Anthropic's commercial API terms, it does not use this data to train its models)
• Google — OAuth authentication (if you choose Google sign-in)
• Google / Apple speech recognition — Voice-to-text transcription, provided by your browser vendor and used only when you use voice input
• Google Analytics — Aggregate usage analytics, loaded in cookieless consent-mode and only activated if you opt in via our cookie banner (governed by Google's privacy policy; Google relies on Standard Contractual Clauses / the EU-US Data Privacy Framework for transfers)
• OpenWeatherMap & Open-Meteo — Weather data, current conditions and forecasts (no personal data shared; we query by city, not by your device location)
• Vercel — Website hosting, server logs, and privacy-friendly cookieless traffic analytics. Vercel's edge network also provides the country-code header we read for region-aware defaults (such as the marketing-email opt-in default and the EU/UK/CH right-of-withdrawal checkbox at checkout). Beyond the transient server logs noted above, we never store your IP address, and we never store any precise device location.
• Resend — Transactional email delivery (account confirmation, welcome email, subscription receipts, cancellation confirmations). We do not send marketing or promotional emails. Resend receives your email address and the email content; it processes data in the US under appropriate safeguards.
• Sentry — Error monitoring. When something on the site breaks, we receive a technical report (the error, browser/device type, and the pages involved) so we can fix it. These reports are configured to exclude your chat messages, account details, and IP address; no cookies are set and no session recordings are made. Sentry processes data in the US under Standard Contractual Clauses.
• Upstash — Rate-limiting infrastructure. To prevent abuse, we use your IP address (and, for signed-in users, your account ID) as a rate-limit key sent to Upstash; it is used only to count requests over short time windows, not to identify you or for advertising. Upstash processes data in the US.

Affiliate Links: Some outbound links (to Klook, Airalo, Agoda, and others) are affiliate links. When you click these links, the destination site may set its own cookies and track your visit according to their own privacy policies. We do not control or have access to data collected by affiliate partners.

If Tokyo Playbook LLC is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be transferred or disclosed as part of that transaction or proceeding. Such a transfer is permitted under applicable law (including the carve-outs for asset transfers under the California Consumer Privacy Act and the European Union General Data Protection Regulation) and is not considered a “sale” of personal information. We will notify affected users of any such change in ownership or control (for example, via email or a prominent notice on this site) and the successor entity will be bound by the commitments in this Privacy Policy, or you will be given an opportunity to opt out before any materially different terms apply.

Your data is stored securely using Supabase (hosted on AWS in the United States) and Stripe (United States). If you are located outside the United States, your data will be transferred to and processed in the United States. Where personal data of EEA, UK, or Swiss residents is transferred outside those regions, that transfer is protected by appropriate safeguards — principally the European Commission's Standard Contractual Clauses (with the UK International Data Transfer Addendum where applicable), incorporated into our data processing agreements with these providers, and, where a provider is certified, the EU-US Data Privacy Framework. You may request more information about these safeguards by contacting us. We implement industry-standard security measures including encryption in transit (TLS) and at rest, and row-level security policies on our database.

Essential cookies: We use strictly-necessary cookies for authentication and session management. These are required for the site to function and do not require consent.

Local storage: We use your browser's localStorage to remember preferences (such as premium status, UI state, and your cookie choice). This stays on your device, is not shared, and is not used for tracking.

Analytics (off until you allow it): We use Google Analytics to understand, in aggregate, how the site is used so we can improve it. Analytics cookies (such as _ga / _gid) are disabled by default. We use Google Consent Mode v2: until you opt in via our cookie banner, Google Analytics runs in a cookieless mode and does not store these cookies or a persistent identifier on your device. We never use analytics data for advertising, and we do not run any advertising or cross-context behavioral tracking. You can change or withdraw your choice at any time:

Manage cookie choices
(You can also withdraw consent by clearing this site's data in your browser. Declining analytics never limits any feature.)

Vercel Analytics: Our host, Vercel, provides privacy-friendly, cookieless aggregate traffic metrics (such as page-view counts). It sets no cookies, does not track you across sites, and does not build a personal profile.

We do not sell or “share” (as defined under California law) your personal information, and we do not use it for cross-context behavioral advertising.

All users may:

• Access your account data through your profile and My Trip page
• Update or correct your personal information at any time
• Delete your saved spots, trip notes, chat history, or any other user-generated data
• Request complete deletion of your account and all associated data by contacting us

For EU/EEA & UK Residents (GDPR / UK GDPR): You have additional rights including the right to data portability, the right to restrict processing, the right to object to processing based on legitimate interests, and the right to lodge a complaint with your local data protection authority (in the UK, the Information Commissioner's Office, ico.org.uk). Our legal basis for processing is (a) your consent (for optional analytics), (b) contractual necessity for providing the service, and (c) our legitimate interest in securing and improving the service. You may withdraw consent at any time without affecting prior processing.

For California Residents (CCPA/CPRA): You have the right to know what personal information we collect and how it is used, the right to access and to request correction or deletion, and the right to opt out of the “sale” or “sharing” of personal information. We do not sell or share your personal information, we do not use sensitive personal information to infer characteristics, and we honor the Global Privacy Control (GPC) browser signal as a valid opt-out. We will not discriminate against you for exercising these rights.

For Other U.S. State Residents: If you reside in a state with a comprehensive privacy law (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and others as they take effect), you have comparable rights to access, correct, delete, and obtain a portable copy of your personal data, and to opt out of targeted advertising and sale (we do neither). Contact us using the details below to exercise them.

For Residents of Other Countries: If you are located in Canada (PIPEDA), Brazil (LGPD), Australia (Privacy Act), Japan (APPI), or another jurisdiction with data-protection law, you may have similar rights. We will honor verified requests consistent with applicable law — contact us using the details below.

We retain your account data, trip planning data, and chat history for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it.

Uploaded photos: Photos you send to the AI chat (for example, to translate a menu) are forwarded to Anthropic for processing and are not stored on our servers after the response is generated. Screenshots you upload to import a booking, or attach to beta feedback, are kept in a private storage bucket as part of your account or feedback record and are deleted when you delete your account (within the 30-day window above) or sooner upon request.

Anonymized, aggregated data (such as usage statistics) may be retained indefinitely.

We maintain reasonable safeguards to protect your data. In the event of a personal-data breach that is likely to result in a risk to your rights, we will notify the relevant supervisory authority and affected users without undue delay, and within the timeframes required by applicable law (for example, within 72 hours of becoming aware, where GDPR applies).

Tokyo Playbook is not directed at children under 13 (or under 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

We may update this policy from time to time. We will notify users of material changes via email or a prominent notice on our website. Your continued use of the Service after changes constitutes acceptance of the updated policy.

For privacy-related questions, data access requests, or account deletion requests, email us at contact@tokyoplaybook.com.

See also our Terms of Service.