PlanoryPlanory

Privacy Policy

Last updated: January 10, 2026

At Planory, we are committed to protecting your personal data and private life. We process your data in compliance with the General Data Protection Regulation (GDPR) and all applicable privacy laws.

Summary:

This Privacy Policy describes how Planory collects, uses, stores, and protects your personal data. We only collect necessary information to deliver our services. Data is securely hosted in the EU, and you have full control over your data, including the ability to delete your account at any time. For details, please read the full policy below.

Effective Date: January 10, 2026

CrossNetApps ApS ("Planory", "we", "us", or "our") is committed to protecting the privacy of our customers and their users. This Privacy Policy explains how we collect, use, disclose, and protect personal data in connection with the use of our SaaS platform for collaborative travel planning.

This policy applies to users of our web applications, as well as visitors to our website.

1. Who We Are

CrossNetApps ApS
CVR: 35680896
Solbrinken 46, 2750 Ballerup, Denmark
For any privacy-related questions, contact us at: privacy@crossnetapps.dk

2. Data We Collect

  • User account information: Name, email address, hashed password
  • Trip data: Trip names, destinations, dates, travel plans, and itineraries
  • Participant information: Names and email addresses of trip participants
  • Expense data: Travel expenses, payment information, and settlement records
  • File attachments: Documents, images, and other files uploaded to trips (stored securely in our cloud storage)
  • Technical data: IP address, browser type, device information
  • Authentication and access cookies
  • Payment data: Processed through our payment processor, acting both as data processor and independent data controller

We do not collect geolocation data beyond what you voluntarily provide (e.g., trip destinations). We collect anonymized analytics data to improve our services and understand how users interact with our platform.

3. Purpose and Legal Basis

We process personal data for the following purposes:

  • Creating and managing user accounts and trip collaborations
  • Enabling travel planning features and trip management
  • Processing payments and managing subscriptions
  • Providing customer support and platform reliability
  • Improving services through anonymized analytics

Legal bases under GDPR:

  • Performance of a contract (Art. 6(1)(b))
  • Compliance with legal obligations (Art. 6(1)(c))
  • Legitimate interests (Art. 6(1)(f))

4. Cookies and Tracking

We use cookies for secure authentication and session management. We also use analytics services to collect anonymized tracking data for improving our services. See our Cookie Policy for details.

5. Data Processors and Subprocessors

We use trusted subprocessors and service providers for data storage and processing, including hosting and database services, email services, payment processing, and analytics. All subprocessors comply with EU data protection standards and, where necessary, Standard Contractual Clauses (SCCs) are used.

For detailed information about specific subprocessors, including their locations and data processing activities, please refer to our Data Processing Agreement (DPA).

6. International Data Transfers and Geographic Restrictions

Data Processing Location: All personal data is processed and stored within the European Union to ensure full GDPR compliance. We do not transfer personal data outside the EU/EEA.

Service Availability: Our services are not available in countries subject to international sanctions, including but not limited to Russia, Belarus, Iran, North Korea, Cuba, Syria, and Myanmar. We comply with all applicable EU and international sanctions regimes.

Cross-Border Access: While our services may be accessed from various countries, all data processing occurs within EU jurisdiction. Users from outside the EU consent to their data being processed in the EU under GDPR protections.

7. Data Retention and Deletion

We retain personal data only as long as necessary to provide our services. Users can delete their accounts at any time, and all related personal data will be permanently erased immediately. No backups or archives are kept after deletion.

8. Your Rights Under GDPR

As an EU/EEA data subject, you have rights including:

  • Access to your data
  • Correction of inaccurate data
  • Deletion of your data
  • Data portability
  • Restriction or objection to processing
  • Right to file a complaint with your local Data Protection Authority (e.g., Datatilsynet in Denmark)

To exercise your rights, contact privacy@crossnetapps.dk

9. Data Security

We implement technical and organizational measures to protect your data against unauthorized access, disclosure, alteration, and destruction, including encryption, access controls, and EU-based hosting. Customers are responsible for managing access to their trip data and controlling who can view or edit their trips.

10. Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated via email and posted on our website.

Contact

For any questions or requests regarding your personal data, contact:

Planory
Email: privacy@crossnetapps.dk

Privacy Policy | Planory