Privacy Policy

Tokyo Playbook LLC, doing business as Tokyo Playbook (“we”, “us”, “our”), operates tokyoplaybook.com. This policy explains what data we collect, how we use it, and your rights.

Account Information: When you create an account, we collect your email address, display name, and password (stored as a secure hash). If you sign in with Google, we receive your name and email from Google. We also store your chosen avatar preference.

Trip & Planning Data: You may provide travel dates, trip names, personal trip notes, saved/bookmarked spots (restaurants, hotels, attractions, day trips), custom spots you add manually, selected interest preferences, and booking checklist progress. This data is stored server-side in your account.

AI Chat Messages: Messages you send to our AI assistant and the responses it generates are stored in your account profile to preserve your conversation history across sessions. This data is directly linked to your account. We may review anonymized chat logs to improve the quality of AI responses.

Payment Information: Payments are processed securely by Stripe. We do not store credit card numbers. We receive and store your Stripe customer ID and email to link purchases to your account.

Usage Data: We track basic usage metrics such as AI message counts to enforce usage limits. We collect standard server logs (IP address, browser type, pages visited) through our hosting provider.

We use your information to:

• Provide and personalize the Tokyo Playbook service, including trip planning tools, saved spots, and checklist features
• Deliver and improve AI chat recommendations tailored to your trip
• Process purchases and restore premium access across devices
• Improve AI response quality by reviewing anonymized conversation data
• Enforce usage limits and prevent abuse
• Send transactional emails about your account or purchases (we do not send marketing emails unless you opt in)

When you use our AI chat assistant, your messages are sent to Anthropic (the company behind Claude) for processing. Anthropic processes your message to generate a response, which is then returned to you. Anthropic's use of this data is governed by their own privacy policy. We do not share your name, email, or other account details with Anthropic — only the chat message content and relevant trip context (such as your travel dates) needed to generate a useful response.

We use the following third-party services that may receive or process your data:

• Stripe — Payment processing (receives payment details)
• Supabase — Authentication and data storage (hosted on AWS, US region)
• Anthropic (Claude) — AI chat processing (receives chat messages)
• Google — OAuth authentication (if you choose Google sign-in)
• OpenWeatherMap — Weather data (no personal data shared)
• Vercel — Website hosting and server logs

Affiliate Links: Some outbound links (to Klook, Airalo, Agoda, and others) are affiliate links. When you click these links, the destination site may set its own cookies and track your visit according to their own privacy policies. We do not control or have access to data collected by affiliate partners.

Your data is stored securely using Supabase (hosted on AWS in the United States) and Stripe (United States). If you are located outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We implement industry-standard security measures including encryption in transit (TLS) and at rest, and row-level security policies on our database.

We use essential cookies for authentication and session management only. These are strictly necessary for the site to function and do not require consent. We also use browser localStorage to store preferences such as premium status and UI state. We do not use advertising, analytics, or third-party tracking cookies.

All users may:

• Access your account data through your profile and My Trip page
• Update or correct your personal information at any time
• Delete your saved spots, trip notes, chat history, or any other user-generated data
• Request complete deletion of your account and all associated data by contacting us

For EU/EEA Residents (GDPR): You have additional rights including the right to data portability, the right to restrict processing, and the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data is (a) your consent when you create an account, (b) contractual necessity for providing the service, and (c) our legitimate interest in improving the service.

For California Residents (CCPA): You have the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell your personal information to third parties.

We retain your account data, trip planning data, and chat history for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it. Anonymized, aggregated data (such as usage statistics) may be retained indefinitely.

Tokyo Playbook is not directed at children under 13 (or under 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

We may update this policy from time to time. We will notify users of material changes via email or a prominent notice on our website. Your continued use of the Service after changes constitutes acceptance of the updated policy.

For privacy-related questions, data access requests, or account deletion requests, email us at contact@tokyoplaybook.com.