PickipackPickipack

Privacy Policy

Last updated: May 5, 2026

1. Introduction

This Privacy Policy explains how Pickipack ("we", "us", or "our") collects, uses, and protects your personal information when you use our trip planning and packing list service ("the Service").

We are committed to protecting your privacy and handling your data transparently. This policy applies to all users of the Service, regardless of location.

2. Data Controller

Pickipack is the data controller responsible for your personal data. If you have questions about how we process your data, you can contact us at info@pickipack.com.

3. Information We Collect

Information you provide

  • Account information: Email address and optional display name when you create an account
  • User content: Packing lists, templates, trip details, bags, and group information you create
  • Payment information: If you subscribe to a paid plan, payment is processed by Stripe. We receive your subscription status and payment history but never your full card number.
  • Communications: Any messages you send us via email

Information collected automatically

  • Usage data: How you interact with the Service, features you use, and actions you take
  • Device information: Browser type, operating system, and device identifiers
  • Log data: IP address, access times, and referring URLs

4. Legal Bases for Processing (GDPR)

If you are in the European Economic Area (EEA) or UK, we process your personal data on the following legal bases:

  • Contract performance: To provide and maintain your account and the Service (Art. 6(1)(b) GDPR)
  • Legitimate interests: To improve the Service, prevent fraud, and ensure security (Art. 6(1)(f) GDPR)
  • Consent: For optional communications or features where we ask for your explicit consent (Art. 6(1)(a) GDPR)
  • Legal obligation: To comply with applicable laws and regulations (Art. 6(1)(c) GDPR)

5. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Create and manage your account
  • Enable collaboration features (such as group sharing and shared trips)
  • Process payments and manage subscriptions
  • Send important notifications about the Service (such as pre-trip reminders)
  • Respond to your inquiries and provide support
  • Ensure the security and integrity of the Service

We do not use your data for advertising or sell it to third parties for marketing purposes.

6. Information Sharing

We do not sell your personal information. We may share your information only in these circumstances:

  • With your consent: When you choose to share trips or templates with other users, or invite members to groups
  • Service providers: With third parties who help us operate the Service, including:
    • Amazon Web Services (AWS): Cloud hosting, database, and storage (EU region)
    • Stripe: Payment processing
    • Amazon SES: Transactional email delivery
    • PostHog: Product analytics, hosted in the EU. We send pseudonymous usage events (e.g. "trip created", "item added") tagged with an internal user ID only — your email, name, and other directly identifying information are not shared with PostHog.
  • Legal requirements: When required by law, court order, or to protect our rights and safety

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest in our database and storage
  • Access controls and authentication requirements
  • Regular security reviews

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. When you delete your account:

  • Your personal data and user content are scheduled for deletion within 30 days
  • Backups containing your data are purged within 90 days
  • We may retain certain data where required by law or for legitimate business purposes (such as fraud prevention)

9. Your Rights

Depending on your location, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data (you can also delete your account directly in Settings)
  • Restriction: Request that we restrict processing of your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at info@pickipack.com. We will respond within 30 days.

10. Cookies

We use only essential cookies that are necessary for the Service to function:

  • Session cookie: Maintains your authenticated session while using the Service
  • Preference cookies: Stores your theme preference (light/dark mode) and sidebar state

We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Our product analytics (PostHog) runs server-side and does not set any cookies on your browser.

11. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us at info@pickipack.com and we will promptly delete it.

12. International Data Transfers

Our Service is hosted on AWS infrastructure in the EU (Stockholm, Sweden). Your data is primarily stored and processed within the EU. In cases where data may be transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page, updating the "Last updated" date, and where appropriate, sending you an email notification. Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy, our privacy practices, or wish to exercise your data rights, please contact us at:

Email: info@pickipack.com

If you are in the EU/EEA and believe your data protection rights have not been adequately addressed, you have the right to lodge a complaint with your local data protection supervisory authority.