Vacaiplan logo

Privacy Policy

Effective date: March 4, 2026

1. Introduction

Vacaiplan ("we," "our," or "us") operates the website at vacaiplan.com and the Vacaiplan mobile application (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

We collect the following categories of personal information:

  • Account information: email address and name (provided via Google or Apple Sign-In)
  • Phone number: optional, provided by you for SMS alert delivery
  • Alert preferences: parks, experiences, dates, party sizes, and notification preferences you configure
  • Payment information: processed and stored by our payment provider (LemonSqueezy); we only store a customer identifier and subscription status
  • Device information: push notification tokens (for mobile app notifications)
  • Usage data: pages visited, features used, and general analytics (via Plausible Analytics, a privacy-focused, cookie-free analytics tool)

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service
  • Send you availability alerts via SMS, email, or push notification based on your preferences
  • Process payments and manage your subscription
  • Verify your phone number for SMS delivery
  • Communicate with you about your account or the Service
  • Detect and prevent fraud, abuse, or violations of our terms
  • Improve the Service based on aggregate usage patterns

SMS consent (TCPA): By providing your mobile phone number and enabling SMS alerts, you expressly consent to receive automated text messages from Vacaiplan at the number provided. These are transactional service messages (availability alerts), not marketing messages. Message frequency varies based on your configured alerts. Message and data rates may apply. You may opt out at any time by replying STOP to any message or by removing your phone number in account settings. Providing a phone number is optional and not required to use the Service or any paid subscription.

4. How We Protect Your Information

We take the security of your data seriously:

  • Phone numbers are encrypted at the application level using AWS Key Management Service (KMS) before being stored in our database
  • All data is encrypted at rest (AES-256) and in transit (TLS 1.2+)
  • Authentication tokens are stored in encrypted device storage (iOS Keychain / Android Keystore)
  • Database access is restricted to authorized services within a private network
  • We never store your theme park account credentials or access your park accounts
  • We never store your payment card details; all payment processing is handled by LemonSqueezy

5. Third-Party Services

We use the following third-party services, each with their own privacy policies:

  • Google Sign-In / Apple Sign-In: for authentication (we receive your name and email)
  • LemonSqueezy: for payment processing and subscription management
  • Amazon Web Services (AWS): for hosting, database, email delivery (SES), SMS delivery (SNS), and encryption (KMS)
  • Expo: for mobile push notification delivery
  • Plausible Analytics: for privacy-friendly, cookie-free website analytics (no personal data collected)

We do not sell, trade, or otherwise transfer your personal information to third parties for marketing purposes.

6. We Do Not Sell Your Information

Vacaiplan does not sell, rent, or trade your personal information to any third party for any purpose. We have never sold personal information and have no plans to do so. This applies to all categories of personal information we collect, including your email, phone number, alert preferences, and usage data.

7. Data Retention

We retain your personal information only as long as necessary to provide the Service:

  • Account data: retained while your account is active
  • Expired alerts: automatically deleted after 30 days
  • Sent notifications: retained for 90 days, then deleted
  • Failed notifications: retained for 30 days, then deleted
  • Availability check logs: retained for 7 days, then deleted

8. Your Rights

Depending on your location, you may have the following rights under applicable privacy laws (including the CCPA and GDPR):

  • Access: request a copy of the personal information we hold about you
  • Deletion: request that we delete all your personal information. Account deletion is available in your account settings and is processed immediately, removing all associated data.
  • Correction: update or correct inaccurate personal information through your account settings
  • Portability: request an export of your data in a machine-readable format (JSON)
  • Restriction: request that we limit processing of your personal information in certain circumstances
  • Objection: object to our processing of your personal information for direct marketing purposes
  • Opt-out: unsubscribe from marketing communications (transactional messages related to your alerts are not affected)
  • Non-discrimination: we will not treat you differently for exercising your privacy rights

For EU/EEA residents (GDPR): Our legal basis for processing your personal information is: (a) your consent (for optional features like SMS alerts), (b) performance of a contract (providing the Service), and (c) legitimate interests (improving the Service and preventing fraud). You may withdraw consent at any time without affecting the lawfulness of prior processing.

For California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. As stated above, we do not sell your personal information.

To exercise any of these rights, contact us at support@vacaiplan.com or use the account deletion feature in your settings. We will respond to verified requests within 30 days.

9. Cookies

The Vacaiplan website uses a single essential session cookie for authentication purposes. We do not use advertising cookies, tracking cookies, or any third-party cookies. Our analytics provider (Plausible) does not use cookies.

10. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at support@vacaiplan.com and we will promptly delete it.

11. Data Location

Your personal information is stored and processed in the United States on servers operated by Amazon Web Services (AWS) in the US-East-1 (Virginia) region. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

12. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach. The notification will describe the nature of the breach, the types of information involved, and the steps we are taking to address it. We will also notify relevant supervisory authorities as required by applicable law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the effective date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

support@vacaiplan.com