Privacy Policy
Last updated: 11 April 2026
This Privacy Policy explains how weReady ("we", "us", or "our") collects, uses, stores, and protects personal data when you use the weReady mobile application, website, and related services (the "Service").
weReady is operated by Matthieu Playe, a sole proprietorship registered in Belgium under enterprise number BE1001.257.556. We are subject to applicable Belgian law and the European Union General Data Protection Regulation ("GDPR").
Scope
This Privacy Policy applies to data collected through:
- the weReady mobile app;
- the website at weready.app;
- account creation, support requests, billing, and related communications.
Age Requirement
Our Service is intended for users aged 16 and older. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided personal data to us, please contact us so we can investigate and take appropriate action.
Personal Data We Collect
Account and profile data
When you create or manage an account, we may collect your name, email address, profile image, sign-in method, and other account details you choose to provide.
Authentication data
If you sign in using a third-party identity provider, such as Google or Apple, that provider processes authentication data under its own privacy notice. We receive only the information needed to create or access your weReady account.
Trip and collaboration data
We collect the content you create or upload in the Service, including trips, plans, participant lists, ideas, checklists, invitations, photos, and related metadata.
Technical and device data
We may collect IP address, browser type, device information, operating system, app version, crash information, log data, and diagnostic data needed to operate, secure, and improve the Service.
Payment and billing data
If you purchase a paid plan, payment processing is handled by Stripe. We do not store full payment card numbers. We may receive limited billing information such as payment status, subscription status, country, and partial payment identifiers needed for accounting, fraud prevention, and customer support.
Website analytics and cookies
Our website may use cookies, similar technologies, and analytics tools where permitted and configured, including Google Analytics with your consent where required. Those tools may collect information such as pages visited, approximate location derived from IP, browser details, and interaction events.
Support communications
If you contact us, we may keep your messages, email address, and the information needed to respond to your request.
How We Use Personal Data
We use personal data to:
- create and manage accounts;
- provide trip planning, collaboration, storage, and sharing features;
- process payments, subscriptions, refunds, and billing records;
- send service messages and support responses;
- protect the Service against fraud, abuse, and technical misuse;
- enforce our Terms, Fair Use Policy, and other product rules;
- measure product performance and improve the Service;
- comply with legal, tax, accounting, and regulatory obligations.
Legal Bases Under the GDPR
| Legal Basis | Examples of Processing |
|---|---|
| Performance of a contract | Account creation, trip management, content sharing, billing, and customer support related to the Service |
| Legitimate interests | Security, abuse prevention, service reliability, diagnostics, internal analytics, and enforcement of our policies |
| Consent | Optional cookies, analytics, or permissions-based features where consent is required |
| Legal obligation | Tax, accounting, fraud prevention, law enforcement requests, and mandatory record-keeping |
Hosting, Infrastructure, and Data Location
Our application runs on two primary infrastructure providers:
- Photos, videos, and documents you upload are stored on Cloudflare R2 object storage, configured for European data handling.
- Trip metadata, chat messages, application state, and account records are stored in Convex, a managed database service hosted on Amazon Web Services (AWS).
Both providers operate under data processing agreements with us. When a trip is deleted (manually or automatically under the retention schedule below), we remove the associated files from Cloudflare R2 and the corresponding records from Convex within 48 hours of the scheduled deletion date.
Not every supporting service used by weReady is limited to the European Union. Depending on the feature you use, limited personal data may also be processed by authentication, analytics, messaging, support, or payment providers that operate internationally.
If you want more detail about a specific provider or processing location, you can contact us at hello@weready.app.
Service Providers and Recipients
We may share personal data with service providers acting on our behalf, including providers for the following categories:
- Object storage for media and documents, including Cloudflare R2;
- Managed database and application backend, including Convex (operated on Amazon Web Services);
- Payments and subscription management, including Stripe;
- Authentication and app infrastructure, including Google Sign-In and Firebase services, and Apple Sign-In if enabled in the future;
- Analytics and diagnostics, including Google Analytics for the website where enabled and permitted;
- Professional advisors or authorities where required by law or reasonably necessary to protect our rights.
These providers are contractually restricted to processing data for the services they provide to us, subject to their own legal and regulatory obligations.
International Data Transfers
Where personal data is transferred outside the European Economic Area, we rely on an appropriate legal transfer mechanism where required, such as an adequacy decision, contractual safeguards, or another lawful basis under applicable data protection law.
How Long We Keep Data
We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, maintain security, meet legal obligations, and resolve disputes.
Trip data follows a tier-based retention schedule, measured from the trip's end date:
- Free accounts: 3 years after the trip end date;
- Pro accounts: 10 years after the trip end date.
At the end of this period, a trip is permanently deleted together with all associated content, including photos, videos, chat history, documents, shared expenses and settlements, activities, checklists, accommodation votes, and any other trip-related content. This action cannot be undone.
We send a reminder email to the trip owner 30 days before the scheduled deletion date. During that window, the owner may export photos via the in-app export feature or upgrade to Pro to extend retention. A Pro upgrade automatically extends every existing trip to 10 years from its end date.
Upload attempts that exceed applicable storage caps are logged (user ID, attempted file size, content type, timestamp) in a security log retained for 90 days to monitor for abuse. No file content is retained in that log.
In addition:
- billing, invoicing, tax, anti-fraud, and payment dispute records may be retained for longer where required by law or reasonably necessary for compliance and defense of claims;
- support messages and technical logs may be retained for a limited period as needed for troubleshooting, security, and legal compliance.
Account Deletion
If you delete your account, we will delete or anonymize active account data without undue delay, subject to technical constraints and our legal obligations. We may retain limited data where necessary for backups, security logs, fraud prevention, dispute handling, invoicing, tax compliance, or other lawful reasons.
Your Rights
Subject to applicable law, you may have the right to:
- access the personal data we hold about you;
- request correction of inaccurate data;
- request deletion of your data;
- request restriction of processing;
- object to certain processing;
- request data portability;
- withdraw consent where processing is based on consent.
You may also have the right to lodge a complaint with your local supervisory authority, including the Belgian Data Protection Authority where relevant.
Security
We use appropriate technical and organizational measures intended to protect personal data, including access controls, encrypted transport, and service-level security controls. No method of storage or transmission is completely secure.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the date above and may provide additional notice where appropriate.
Contact Us
Matthieu Playe
Sole proprietorship registered in Belgium under enterprise number BE1001.257.556
Email: hello@weready.app