— Privacy Notice

What we collect, and what we don't do with it.

Plain English. No tracking pixels. No data sold. No fine print designed to confuse you.

Updated: 2026-06-08 · Applies to: wegoingapp.com, book.wegoingapp.com, and the WeGoing! iOS app

This is the privacy notice for everything WeGoing!: the marketing website at wegoingapp.com, the web app at book.wegoingapp.com, and the WeGoing! iOS app. It covers what we collect, why we collect it, who else sees it, and how to get it back or delete it. One document, one source of truth.

The short version: we collect what we need to make group trips work — your profile, your trips, your private budget and availability, and the payments Stripe runs for you. We do not run behavioral ad networks, sell your data, or share data between trips except as needed for the trip itself. The privacy floors in our patents are baked into the product, not just promised in copy.

— Section 01Who we are

WeGoing! is operated by WeGoing, Inc., a Delaware corporation. We're the data controller for the information described in this notice. You can reach us at [email protected] for any privacy question.

— Section 02What we collect

We collect the categories of data below. Most of it you give us directly when you sign up, edit your profile, or join a trip. A small amount is technical (browser type, page views, errors).

Marketing website (wegoingapp.com)

If you only visit the marketing site without filling out a form, we collect almost nothing — see Section 11 on what's logged for security. If you submit our contact form, we collect your name, email, the topic of your inquiry, and your message.

Account & profile

Per-trip responses (private to you — see Section 03)

When you join a trip, you'll be asked for information that only YOU see. The organizer and other members never see your individual answers — only the rolled-up aggregates the app computes for the group.

Trip data (shared with the rest of the trip)

Some information is, by definition, group-level. Trip members see this:

Payments (handled by Stripe)

Stripe is our payments provider. See Section 06 for the full picture. The data we hold tied to payments:

We do not store full payment card numbers or banking credentials. Those live with Stripe.

Social & pairing

Email & notifications (sent via Postmark)

Analytics & technical data

We collect a minimal amount of technical information so we can keep the app running and fix bugs:

What we don't run: behavioral advertising trackers, Meta Pixel, Google Analytics, or any third-party cross-site tracker. We don't sell data and we don't build advertising profiles of you.

— Section 03Privacy-by-design (the patent floors)

WeGoing! is built around a small number of privacy commitments that are enforced in code, not just promised in copy. These are the subject of pending U.S. patent applications and are core to how the product works:

If any of those floors slip, we treat it as a bug, not a feature change.

— Section 04Why we collect it

Each piece of data has a specific job:

We will not repurpose your data for anything outside what's listed here without first asking you.

— Section 05Who else sees your data

We use a small number of established third-party services to run the product. Each one only receives the data it needs to do its job. We do not sell data, share with advertisers, or share with data brokers — ever.

Supabase
Database, authentication, file storage

Hosts our Postgres database, our authentication, and stored files (e.g. profile photos). Receives all the data described above. Supabase privacy policy.

Stripe
Payments and Issuing (the Trip Card)

Stripe collects deposits, holds them until the trip, processes refunds, and issues the Trip Card. Receives the name, email, and identity-verification information required for payments and card issuing. Stripe privacy policy.

Postmark
Transactional email and magic-link sign-in

Delivers your invites, sign-in links, deposit reminders, and trip notifications. Receives your email address, the email contents, and delivery metadata. Postmark privacy policy.

SerpAPI
Google Flights search

When the app searches for flights, we send the origin airport, destination, and dates. We do not send your identity. SerpAPI privacy policy.

Viator
Excursion catalog

When the app loads excursions for a destination, your IP address is shared with Viator (a standard part of any HTTP request). No identity, no profile data. Viator privacy policy.

Google Places
Destination and lodging search

When you search for a destination or lodging, the search string and your IP are sent to Google Places. No identity, no profile data. Google privacy policy.

Open-Meteo
Weather risk strip

The weather risk shown for a destination is generated by sending the destination's latitude and longitude (and your IP) to Open-Meteo. Open-Meteo terms.

TikTok & Instagram oEmbed
Inspiration link previews

When someone pastes a TikTok or Instagram link into a trip, we use the public oEmbed API to fetch the preview. The link is shared with the platform that owns it.

Wikipedia / Wikimedia Commons
Destination hero photos

Destination images come from Wikimedia Commons. Standard HTTP request — your IP is exposed to Wikimedia in the normal way that loading any image works.

Vercel
App hosting and server logs

Vercel hosts our web app and processes server-side requests, including normal HTTP server logs (IP, user agent, response codes). Vercel privacy policy.

Cloudflare Turnstile
Bot protection at signup (when enabled)

Used on signup to block bot traffic. Sees a privacy-preserving signal from your browser, not your identity. Cloudflare privacy policy.

Twilio — planned SMS notifications
Transactional SMS (opt-in only)

Twilio delivers SMS messages for WeGoing!, but only after you opt in. If you opt in, Twilio receives your phone number, the message contents, and delivery metadata needed to send and manage those messages. SMS notifications are not live yet and will be enabled after carrier verification clears. See our SMS consent page for details. Twilio privacy policy.

Formspree
Marketing-site contact form

If you submit the contact form on wegoingapp.com, the submission passes through Formspree before reaching our inbox. Formspree privacy policy.

That's the whole list. If we add another service, we'll list it here before it goes live.

— Section 06Payments & the Trip Card

This is the section regulators and Stripe reviewers care most about, so we're going to be explicit.

We use Stripe for all payments. Stripe is the regulated payments and card-issuing entity. We are a Stripe platform customer. WeGoing, Inc. is not a bank, not a money transmitter, and not operating its own deposit-holding service.

Deposits

When a trip enters the deposit phase, members pay into a Stripe-backed trip deposit account. Stripe holds each deposit until the trip. WeGoing! does not move, store, or commingle those funds on its own books.

The Trip Card

The Trip Card is a virtual card issued by Stripe via Stripe Issuing. It is used by the trip organizer to spend the trip's deposited funds on travel-related purchases (lodging, transit, dining). The card is funded directly by Stripe from the trip's collected deposits. Refunds and reversals are processed through Stripe.

Identity verification

Stripe requires identity verification (KYC) before a Trip Card can be issued to you. If you go through that flow, the identity documents and verification answers are collected and held by Stripe — not by WeGoing!. We see only the verification status (passed / pending / failed) and a cardholder ID.

What WeGoing! holds vs. what Stripe holds

If you want to know what Stripe specifically holds about you, see Stripe's privacy policy.

— Section 07Planned features

We're a small team shipping fast. To avoid surprising you when new things land, here's what's in active development and what those features will collect or share. If we ship something not on this list, we'll update this notice before it goes live.

Trip chat

A real-time chat thread inside each trip, plus direct-message threads between paired share-partners. Messages are stored in our database and may appear in digest emails sent through Postmark. Powered by Supabase Realtime.

AI assistant (opt-in)

An optional AI assistant powered by Anthropic's Claude API. Opt-in per user. If you turn it on, the trip context relevant to your question is sent to Anthropic to generate the response. Anthropic privacy policy.

Cross-trip social graph

Profile-level "Couples / Friends / Family" relationships you choose to set. Used to make inviting people to future trips faster. You can opt out (see Section 09).

iOS wrap and push notifications

The iOS app uses Capacitor to wrap the web experience. If you opt in to push notifications, your device's push token is registered with Apple's notification service (APNs). We use the token to send you trip notifications only — same content as our emails.

SMS notifications

When carrier verification clears, we may offer optional SMS notifications through Twilio. These texts are transactional trip coordination messages only, not marketing messages.

If you opt in, we may send SMS messages for trip invites, join codes, availability reminders, budget submission reminders, deposit reminders, and trip status updates. Message frequency varies based on your trip activity. Message and data rates may apply.

You can opt out at any time by replying STOP. You can get help by replying HELP or by emailing [email protected].

SMS is optional. You can use WeGoing! without opting into SMS. WeGoing! does not use SMS for behavioral advertising, purchased lists, scraped contacts, cold outreach, or promotional marketing.

Twilio delivers SMS messages for WeGoing! and receives the phone number, message contents, and delivery metadata needed to send and manage those messages. Twilio privacy policy.

Inbound email parse to itinerary

Each trip will have its own dedicated inbox address. Forwarded confirmation emails (flights, hotels, reservations) sent to that address will be parsed into itinerary items. The inbox is scoped to one trip — emails forwarded to one trip's inbox cannot leak into another trip (this is the Patent D protection).

Image proxy

To keep third-party photos (Wikimedia, Viator, Google Places) rendering reliably across browsers, we route them through our domain at /api/img-proxy. We do not retain or scan the image bytes — the proxy is a pass-through.

— Section 08How long we keep it

When you delete your account, your profile and trip data are removed (cascaded through our database). Some technical and payment records may persist as noted above. See Section 09 for how to request deletion.

— Section 09Your rights

You can exercise the rights below at any time. The fastest path is to email [email protected]. We aim to respond within a few business days.

If you're in the EU, UK, California, or another jurisdiction with specific data-protection rights (GDPR, UK GDPR, CCPA, CPRA, etc.), all of the above applies — email us and we'll handle it the same way.

— Section 10Children

WeGoing! is intended for adults (18+). We do not knowingly collect information from anyone under 13. If we learn we've collected data from a child under 13, we'll delete it. If you believe a child has signed up, email us.

— Section 11Security

Everything is served over HTTPS. Authentication is handled by Supabase with industry-standard hashing. Payments and identity verification are processed by Stripe; we never see or store full payment card numbers. Database access uses row-level security so members can only see the trips and people they're entitled to see. No system is perfectly secure, but we collect what we need and no more — the safest data is data we don't have.

— Section 12International transfers

WeGoing, Inc. is based in the United States. The third-party services we use (Supabase, Stripe, Postmark, Vercel, Cloudflare, and the others listed in Section 05) operate infrastructure in multiple regions. If you use WeGoing! from outside the United States, your data will be transferred to and processed in the United States and in any region where our service providers operate. Where required, our service providers maintain standard contractual safeguards for cross-border data transfers.

— Section 13Changes to this notice

If we materially change how we collect, use, or share data, we will update this page and change the "Updated" date at the top. For material changes that affect existing users, we will email active users so the change isn't a surprise. Minor edits (typo fixes, link updates) won't trigger an email.

— Section 14Contact

For any privacy question — including a data request, a correction, a deletion, or just a curiosity — email [email protected]. A real person responds.

Questions, or want your info removed?

Email [email protected]. A real person will respond. We aim to reply within a couple of business days.