Data Storage & Use

Last updated: July 12, 2026

This page describes what data Wanderwise AI collects, where it is stored, how long we keep it, and how it is used. For broader privacy rights and legal terms, see our Privacy Policy and Terms of Use.

Overview

Wanderwise is a travel itinerary generator. We collect only the information needed to create and display your trip. We do not require user accounts, passwords, or payment information. We do not collect GPS location or device geolocation data.

Data We Collect

Information You Provide

  • Destination — The city or place you want to visit (entered as text, not GPS coordinates)
  • Trip duration — Number of days (1–30)
  • Travel dates — Whether dates are flexible or specific start/end dates
  • Creator name (optional) — Displayed on public trip pages if provided
  • Instagram handle (optional) — Displayed on public trip pages if provided
  • Instagram user ID — Received automatically when you plan a trip via Instagram Direct Messages
  • Chat messages — Text you send in our experimental chat feature at /chat

Information Collected Automatically

  • Anonymous web session ID — A randomly generated identifier (e.g. web:timestamp-random) assigned when you submit a trip from the website without an Instagram link
  • Server and usage logs — Standard web server data such as IP address, browser type, pages visited, and timestamps, collected by our hosting provider
  • Chat session cookies — HttpOnly chatUserId and responseId cookies for chat session continuity

Where Data Is Stored

MongoDB (Persistent Storage)

Completed trip itineraries are stored in a MongoDB database. Each trip record includes:

  • Unique slug and title
  • Destination and number of days
  • Full AI-generated itinerary (JSON)
  • Destination cover image URL (sourced from Unsplash)
  • Date preferences and optional start/end dates
  • Optional creator name, Instagram handle, and Instagram user ID
  • Creation timestamp

Trip pages are publicly accessible via their unique URL (e.g. /trip/your-trip-slug). Anyone with the link can view the itinerary.

Upstash Redis (Temporary Storage)

Short-lived session data is stored in Upstash Redis with automatic expiration (typically 24 hours):

  • thread:{user_id} — OpenAI conversation thread IDs for assistant chat sessions
  • pending_trip:{instagramUserId} — In-progress trip form data during the Instagram DM planning flow
  • lock:{user_id} — Short-lived locks to prevent duplicate itinerary generation requests

Browser Cookies

  • chatUserId and responseId — HttpOnly cookies for chat session persistence (see our Cookie Policy)

How We Use Your Data

  • Generate personalized travel itineraries using OpenAI
  • Display and share your trip on public trip pages
  • Deliver itinerary links via Instagram Direct Messages
  • Maintain chat conversation context in the experimental chat feature
  • Prevent duplicate or abusive generation requests
  • Improve and maintain the Service
  • Display relevant advertisements via Google AdSense

Third-Party Data Sharing

We share data with the following service providers solely to operate the Service:

  • OpenAI— Trip preferences and chat messages are sent to OpenAI's API to generate itineraries and chat responses. Subject to OpenAI's Privacy Policy
  • Meta (Instagram) — Instagram user IDs and message content for DM-based trip planning. Subject to Meta Privacy Policy
  • Unsplash — Destination name sent to fetch cover images
  • OpenStreetMap Nominatim — Place search queries for destination autocomplete (sent server-side)
  • Google AdSense — Ad serving on public pages; may use cookies for ad personalization
  • MongoDB Atlas / Upstash — Cloud database and cache hosting providers

We do not sell your personal data to third parties.

Data Retention

  • Trip itineraries (MongoDB) — Retained indefinitely unless you request deletion. Public trip pages remain accessible until removed.
  • Redis session data — Automatically deleted after approximately 24 hours (or sooner for generation locks).
  • Chat session cookies — Persist in your browser until you clear cookies or they expire.
  • Server logs— Retained according to our hosting provider's standard log retention policies.

Your Rights & Choices

Depending on your location, you may have the right to:

  • Request access to data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your trip data or associated identifiers
  • Object to certain processing of your data

To exercise any of these rights, email us at support@wanderwiseai.online with the trip URL or Instagram handle associated with your request. We will respond within a reasonable timeframe.

You can also clear the chat session cookie through your browser settings at any time.

Data Security

We use industry-standard measures to protect data in transit (HTTPS) and at rest. API endpoints are protected by authentication keys. However, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

International Data Transfers

Our service providers (OpenAI, MongoDB, Upstash, Meta, Google) may process data in the United States or other countries. By using Wanderwise, you consent to the transfer of your data to these jurisdictions, which may have different data protection laws than your country.

Changes to This Page

We may update this page as our data practices evolve. Check back periodically for changes. The "Last updated" date at the top indicates the latest revision.

Contact Us

For questions about data storage and use, contact us at: