Last updated: May 3, 2026
Privacy Policy
1. Introduction
This Privacy Policy describes how Catalin Vasilache ("we", "our", or "us"), as the data controller operating from Romania, collects, uses, stores, and shares your personal information when you use the InspoPlan mobile application, your InspoPlan account, our public website (including marketing and legal pages), and related services ("the service"), including when you use optional InspoPlan Premium subscriptions on supported platforms. Our Terms & Conditions govern use of the service and are incorporated by reference where applicable.
By using InspoPlan, you agree to the collection and use of your information as described in this Privacy Policy. Where we are required to obtain your consent, we will do so at the appropriate time.
If you have questions or requests, contact us at catalin.vasilache.97@gmail.com. We aim to respond within 10 business days.
2. Information We Collect
2.1 Information you provide directly
Account information: When you register, we collect your email address and display name. If you register via Google or Apple Sign-In, we receive basic profile information (name, email) from those providers.
User-generated content: All content you create within the service — including lists, notes, calendar events, meal plans, travel plans, recipes, and similar items — is stored on our servers to enable the service.
Communications: If you contact us by email, we retain those communications to respond to you.
Subscription and entitlement data: If you subscribe to InspoPlan Premium, Apple or Google (depending on platform) processes the payment. We do not receive your full payment card number. We and our infrastructure use RevenueCat to help manage entitlements. We store in our database (Google Firebase / Firestore) a boolean indicating whether your account currently has Premium access, and a per-Space tier used to apply certain limits for Spaces you administer, as described in our Terms. Your Firebase Authentication user identifier is used as the primary app user identifier with RevenueCat so subscription state can be tied to your InspoPlan account.
2.2 Information collected automatically
Authentication data: We collect and store authentication tokens issued by Firebase Authentication to keep you signed in securely.
Device information: Firebase may collect basic device identifiers and operating system information as part of its standard authentication and data storage operations.
Crash and diagnostic data: If the app crashes, basic diagnostic information may be collected to help us identify and fix problems.
Website visitors: When you visit our public website, the hosting provider (Vercel Inc.) and our infrastructure may process technical and connection data such as IP address, browser type, referring URL, date and time of access, and similar server log information. This processing is limited to operating, securing, and improving the site and is described further in Vercel's Privacy Policy.
SDK and store partners: RevenueCat, Google Play, the App Store, AdMob (where ads are shown), and Firebase may automatically process limited technical identifiers and transaction-related metadata in line with their own documentation and your device or account settings.
2.3 Information we do not collect
We do not operate our own first-party product analytics or behavioural advertising networks, and we do not track your in-app behaviour for marketing beyond what third parties described above require to deliver authentication, hosting, ads (for eligible free-tier users), or subscriptions. We do not collect precise location data. We do not build individual marketing profiles from your lists, notes, or calendar content.
2.4 Aggregated and de-identified data
We may derive aggregated or de-identified statistics (for example counts of active users or error rates) that cannot reasonably be used to identify you. We use such information to operate and improve the service and may share it in aggregated form.
3. How We Use Your Information
We use the information we collect only for the following purposes:
- Providing the service: To authenticate you, store your data, sync it across your devices, and enable real-time collaboration with other Space members.
- Improving the service: To identify and fix technical problems, and to understand how the service is being used at a general level.
- Communicating with you: To respond to your support requests, notify you of material changes to these policies, and send service-related messages.
- Legal compliance: To comply with applicable laws and regulations, and to enforce our Terms and Conditions.
- Subscriptions: To determine eligibility for InspoPlan Premium features, to remove advertising for subscribers, to apply Space tier rules, and to reconcile subscription status using server-side processes connected to RevenueCat and the applicable app store environment.
We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects within the meaning of the GDPR or UK GDPR. Updating your subscription status based on records from Apple, Google, or RevenueCat is a routine entitlement sync, not solely automated profiling that decides whether you receive unrelated services or legal outcomes.
4. Legal Basis for Processing (EU, EEA, and UK Users)
If you are located in the European Union, European Economic Area, or United Kingdom, we process your personal data under the following legal bases under the GDPR or UK GDPR, as applicable:
- Performance of a contract (Article 6(1)(b)): Processing your account data and user-generated content is necessary to provide you with the service you have requested. Where you purchase InspoPlan Premium, processing related to entitlement verification and delivery of Premium features is necessary to perform our contract with you.
- Legitimate interests (Article 6(1)(f)): We process basic diagnostic data and limited technical website logs (via our hosting provider) to maintain the security, reliability, and integrity of the service, where this does not override your rights and interests.
- Legal obligation (Article 6(1)(c)): We may process data where required to comply with applicable law.
- Consent (Article 6(1)(a)): Where we rely on consent — for example for non-essential advertising — we will ask for it separately and you may withdraw it at any time.
5. Data Sharing
5.1 Within Spaces
Content you create within a shared Space is visible to all members of that Space. By inviting a user to your Space, you consent to sharing your Space content with them. We do not control how other Space members use content they can access.
5.2 Service providers
We share data with the following third-party service providers, solely to operate and deliver the service. Each provider is bound by confidentiality obligations and, where required, a Data Processing Agreement:
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Vercel Inc. | Hosting and delivery of our public website and related static assets | vercel.com/legal/privacy-policy |
| Google LLC (Firebase / Google Cloud) | Authentication, data storage, and server-side functions used to operate the service (including synchronising Premium status with authorised events from RevenueCat) | policies.google.com/privacy |
| Google LLC (AdMob) | Advertising (free users only) | policies.google.com/privacy |
| Google LLC (Google Play) | Android distribution and subscription billing for InspoPlan Premium where you purchase on Android | policies.google.com/privacy |
| Apple Inc. | Sign-In authentication; App Store distribution and subscription billing for InspoPlan Premium where you purchase on iOS | apple.com/legal/privacy |
| RevenueCat Inc. | Subscription infrastructure, entitlements, paywall and customer centre experiences on native apps, and subscriber APIs used in server-side reconciliation | revenuecat.com/privacy |
5.3 Advertising
Eligible free-tier users may see advertisements served by Google AdMob. These advertisements are non-personalized. AdMob may collect certain identifiers (such as an advertising ID) as part of ad delivery. For users in applicable regions, AdMob will present a consent prompt before collecting any such data. You can opt out of personalized ads through your device settings at any time.
5.4 Legal disclosures
We may disclose your information if required to do so by law, court order, or governmental authority, or where we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.
5.5 Business transfers
If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via the app or email before your data becomes subject to a different privacy policy.
5.6 No sale of data
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.
5.7 Cookies and similar technologies
Our website may use cookies, local storage, or similar technologies that are strictly necessary to operate the site (for example security, load balancing, or language preferences) or that are set by our hosting provider as described in its policy. You can control many cookies through your browser settings. The mobile app relies on platform-level storage (for example secure OS storage and Firebase session mechanisms) rather than web cookies.
6. Data Storage and International Transfers
Your data is stored on Google Firebase servers. Firebase infrastructure is globally distributed and your data may be stored and processed in countries outside your own, including the United States.
RevenueCat and the mobile app stores may process data in the United States and other countries in connection with payments and entitlements. Their cross-border transfer mechanisms are described in their respective privacy policies and, where applicable, their customer Data Processing Addenda.
For users in the European Union, European Economic Area, or United Kingdom, transfers of personal data outside your region are made under appropriate safeguards, including, where relevant, Standard Contractual Clauses or equivalent mechanisms offered by Google for Firebase and related services. Other providers (such as Vercel, RevenueCat, Apple, and Google for ads or stores) publish their own transfer tools and documentation. You may request information about the mechanisms we rely on for our own processing by contacting us at catalin.vasilache.97@gmail.com.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide the service. Specifically:
- Account data: Retained until you delete your account.
- User-generated content in individual Spaces: Deleted when you delete your account.
- User-generated content in shared Spaces: Anonymized (attributed to "Deleted User") upon account deletion, to preserve the integrity of shared data for other Space members. The personal link between you and that content is permanently severed.
- Diagnostic and authentication logs: Retained for up to 90 days for security and operational purposes, then deleted.
- Premium status in our database: Retained while your account is active and removed or updated when your account is deleted or when entitlement changes in line with store records.
Apple, Google, and RevenueCat maintain their own records of purchases and subscriber activity under their retention schedules. Deleting your InspoPlan account does not erase those independent records; you may need to contact those providers or use their tools for purchase history or subscription management.
If you request erasure of your data, we will fulfill your request within 30 days, subject to the anonymization policy for shared Spaces described above and any legal retention obligations.
8. Your Rights
8.1 All users
You may at any time:
- Access and update your account information through the app settings
- Delete your account through the app settings
- Contact us to request a copy of the data we hold about you
- Manage or cancel InspoPlan Premium through the Apple App Store or Google Play subscription controls (and any in-app subscription management links we provide), as deleting your InspoPlan account alone does not cancel store billing
8.2 EU, EEA, and UK users — GDPR / UK GDPR rights
If you are located in the European Union, European Economic Area, or United Kingdom, you have the following rights (subject to conditions and exemptions in applicable law):
- Right of access (Article 15): Request a copy of the personal data we hold about you.
- Right to rectification (Article 16): Request correction of inaccurate data.
- Right to erasure (Article 17): Request deletion of your personal data, subject to legal retention obligations and the anonymization policy for shared Spaces.
- Right to restriction of processing (Article 18): Request that we restrict processing of your data in certain circumstances.
- Right to data portability (Article 20): Request your data in a structured, machine-readable format.
- Right to object (Article 21): Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at catalin.vasilache.97@gmail.com. We will respond within 30 days. If you are unsatisfied with our response, you have the right to lodge a complaint with your national data protection authority. In Romania, this is the ANSPDCP (www.dataprotection.ro). In other EU member states, contact your local supervisory authority. If you are in the United Kingdom, you may contact the Information Commissioner's Office (ico.org.uk).
8.3 California residents (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), may grant you rights including: the right to know the categories and specific pieces of personal information we collect (see Section 2), the right to delete personal information we hold (subject to exceptions such as shared Space anonymization described in this policy), the right to correct inaccurate personal information, and the right to opt out of the "sale" or "sharing" of personal information for cross-context behavioural advertising. We do not sell personal information for monetary consideration. We do not knowingly "share" personal information for cross-context behavioural advertising as defined under the CPRA beyond what advertising SDKs process under their own policies for eligible free-tier users; you can use device and platform controls to limit ad tracking.
We do not use or disclose sensitive personal information for purposes that would require a "Limit the Use of My Sensitive Personal Information" link under the CPRA in the context of InspoPlan as currently offered. We do not discriminate against you for exercising privacy rights. You may designate an authorized agent to submit requests where permitted by law; we may verify your identity before responding.
California's "Shine the Light" law (Civil Code section 1798.83) permits California residents to request certain information regarding disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes in a manner that triggers this obligation for InspoPlan as described here. To exercise CCPA/CPRA rights, contact us at catalin.vasilache.97@gmail.com.
9. Children's Privacy
InspoPlan is not directed to children. The minimum age to use the service is 13 globally, and 16 in the European Union, European Economic Area, United Kingdom, and Romania. We do not knowingly collect personal information from users below the applicable minimum age.
If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at catalin.vasilache.97@gmail.com. We will delete that information promptly upon verification.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encrypted data transmission (TLS/HTTPS)
- Firebase Authentication for secure credential management
- Firestore security rules that restrict data access to authenticated, authorized users only, including rules that prevent clients from arbitrarily granting themselves Premium status; subscription entitlement updates are applied using server-side processes tied to the app stores and RevenueCat
- No storage of passwords in plain text
No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities without undue delay where required by applicable law (including the GDPR and UK GDPR).
11. Third-Party Links and Services
The service may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the app, on our website, or via the email address associated with your account, with at least 14 days' advance notice for material changes.
The "Last updated" date at the top of this policy indicates when it was last revised. Your continued use of the service after changes take effect constitutes acceptance of the revised policy.
13. Contact
For any questions, requests, or complaints regarding this Privacy Policy or your personal data, please contact:
Catalin Vasilache
Email: catalin.vasilache.97@gmail.com
We aim to respond to all inquiries within 10 business days.