Privacy Policy

Version 1.0 · Effective 11 June 2026

1. Who we are

sixpin ("we", "us") is a trip-planning app where a group pins hotels, votes on dates and destinations, chats, and books a stay together. This policy explains what personal data we handle when you use the app or this website, and the choices you have. Questions or requests: support@sixpin.app.

2. What we collect, and why

Your account

When you first open sixpin, we create an anonymous account: a random identifier with no name, email or phone attached. If you choose to sign in with Apple or Google (always optional, always behind a consent step), your account is linked to that identity so your trips can be restored on a new device. From Apple or Google we receive your basic identity confirmation and, if you share it, your name and email. We never see your passwords.

Your profile

• Stored with your account: your display name, avatar colour and preferred currency, so your group sees who you are and prices show the way you expect.
• Stored only on your device: your age, gender and city of residence (all optional, used to tune recommendations and pre-fill your departure airport). These are never uploaded to our servers.

Your trips

Trips are collaborative, so the things you do in a trip are stored and shared with that trip's members: the trip itself, who's in it, hotels you pin, votes (rooms, destinations, date windows), whether you're in or out, your departure airport if you set one, chat messages, checklist ticks, and booking confirmations. One deliberate exception: the specific dates you mark yourself unavailable are private to you. Your group only ever sees anonymous counts ("3 of 4 can make this window"), never who.

Bookings

To place a hotel booking we pass the guest details you enter (name, email, optional phone) to our travel partner, Nuitée (LiteAPI), which operates the reservation and payment processing. Card details are entered in the payment provider's own secure form and never touch our servers. We store the booking confirmation (guest name, hotel, dates, price, confirmation code) inside the trip so your group can see what's booked.

Searches and maps

Hotel searches (destination, dates, party size, budget) are sent to our hotel partner to return results, and destination text you type is sent to our maps partner to suggest places. Map tiles are loaded from our maps partner when you open a map, which, like any web request, exposes your IP address to them.

Analytics and crash reports

We collect anonymous usage analytics (which features are used, e.g. "a hotel was pinned") with no account identifiers, no advertising IDs, no stored IP address and no location lookup. Crash reports go to our error-tracking provider (hosted in the EU) without personal identifiers attached. We do not use advertising SDKs and do not track you across other apps or websites.

3. The legal bits (GDPR)

Where the GDPR applies, we rely on:

• Performance of a contract: running your account, trips, group features and bookings.
• Consent: linking your Apple or Google identity (the consent step before sign-in).
• Legitimate interests: keeping the service secure and reliable (crash diagnostics, abuse prevention, anonymous product analytics).

4. Who we share data with

We share data only with the service providers that make sixpin work, never for advertising, and never by selling it:

Some providers process data outside the EEA. Where that happens we rely on recognised safeguards such as the EU Standard Contractual Clauses.

And to be clear about each other: your trip's members see what you share into the trip (your display name and avatar, pins, votes, messages, attendance and bookings). They never see your private availability details or anything that stays on your device.

5. How long we keep things

• Account and trip data: until you delete it (or delete your account).
• Expired invite-code records: at most 60 days.
• On-device caches (hotel details, reviews): about 2 days, then cleared automatically.

6. Deleting your account

Profile & Settings → Danger Zone → Delete profile. This deletes your account and your data from our servers immediately: your profile, pins, votes and availability are removed everywhere; trips where you're the only member are deleted; group trips carry on without you (your old chat messages remain, shown as "Deleted user", with your identity removed); and if you signed in with Apple, we revoke that link with Apple too. No email, no support ticket, no waiting period.

7. Your rights

Where the GDPR applies you can ask us for access, correction, deletion, restriction, portability, or object to processing. Write to support@sixpin.app and we'll respond within a month. You can also complain to your local data-protection authority (in Sweden that's IMY, imy.se).

8. Security

Data is encrypted in transit. On your device, sixpin's local storage is encrypted with a key held in your phone's secure keychain. On our servers, every table is protected by row-level access rules so trip data is only ever readable by that trip's members.

9. Children

sixpin is not directed at children under 13, and bookings may only be made by adults. If you believe a child has provided us personal data, contact us and we'll delete it.

10. Changes

If we change this policy in a meaningful way we'll publish a new version (the version number and date appear at the top and bottom of this document) and, for significant changes, tell you in the app before they take effect.

Privacy Policy · Version 1.0 · Published 11 June 2026