Personal Information: Basic details you provide during registration or account setup, such as your name and email address. This helps identify your account and communicate with you. (No biometric or financial info is collected in this category.)

Location Data: With your permission, the App may access your device's location (precise or approximate). Location data enables location-based features – for example, suggesting nearby travel destinations or experiences. You can control location access via your device settings at any time.

Device Information: Technical details about your device, such as device model, operating system version, and unique device identifiers. We collect these to ensure the App runs smoothly on different devices and to perform diagnostics and technical optimizations.

Usage Information: Data about how you interact with the App, including features you use, your in-app navigation, engagement patterns, and crash logs or performance data. This first-party usage information helps us understand what's working and what isn't, so we can refine the user experiencet. For example, we may track which travel itineraries or features are most popular (using analytics tools) to improve those aspects of the App.

User-Provided Content: Any content you voluntarily input into the App, such as travel itineraries you create, destination preferences, notes, or saved trip plans. By default, content you contribute (e.g. a travel itinerary) may be visible to other users of the App (public), unless you choose to mark it as private in the App's settings or sharing options. Keep this in mind when adding personal content. You remain in control – you can decide to keep your travel plans private if you prefer.

Log Data: Like many services, we collect technical log information when you use the App. This can include your IP address, device/browser type (if applicable), and timestamps of access (e.g. when you logged in or performed certain actions). Log data helps with troubleshooting, security (e.g. spotting unauthorized access), and understanding overall usage trends. It's automatically recorded when the App interacts with our servers.

Operate and Maintain Services: Ensure core features of the App function properly. For example, using your account info to log you in, or your travel preferences to show relevant content.

Improve and Refine the App: Analyze usage patterns and feedback to continually optimize the user experience. For instance, we study how users navigate the interface and which features they use most, so we can streamline workflows, reduce friction, and make the App more intuitive. First-party usage data is crucial for identifying what features need improvement. Over time, this helps us enhance functionality, navigation, and responsiveness based on real user behavior.

Optimize Service Delivery: Use technical data (device info, performance metrics) to improve app stability and performance. Crash logs and diagnostics are reviewed to fix bugs and ensure the App runs smoothly on all supported devices. We also watch for usage trends (e.g. peak usage times or popular features) to allocate resources efficiently.

Product Development and Analysis: Conduct research and analysis on the data (in aggregated form) to guide design decisions and content relevance. For example, if analytics show a certain destination is frequently saved in itineraries, we might expand content for that area. We rely on first-party data to evolve Eighty Days in ways that add more personal relevance and utility for users.

Communications: Send you important communications related to the App. This includes operational notifications (e.g. updates to this Privacy Policy or Terms of Service), responding to support inquiries you send (using your email to reply), and sending service-related announcements. We might also notify you of new features or tips for using the App. We will not spam you; these communications are primarily to support your use of Eighty Days.

Security and Fraud Prevention: Use data to detect and prevent fraudulent activity, unauthorized access, or abuse of the App. For example, log data and usage patterns can help identify suspicious logins or actions, so we can take action to protect user accounts. We also use information to diagnose and fix technical issues that could affect security or stability.

Legal Compliance and Enforcement: If necessary, use or disclose information to comply with legal obligations, such as responding to lawful requests by public authorities (e.g., court orders or subpoenas). Also use data to enforce our Terms of Service or other policies – for instance, investigating potential violations or misuse of the App.

Trusted Service Providers: We may share necessary information with third-party companies that help us run the App and provide our services (under strict confidentiality and security obligations). These service providers assist with functions like cloud hosting, data storage, or analytics processing. For example, we use analytics and infrastructure services to operate the app reliably. Any partners we engage are bound by contracts to handle your data securely and only for our specified purposes, in compliance with applicable data protection laws. They cannot use your information for their own purposes.

Analytics Partners: We utilize analytics tools (including Google Analytics for Firebase) to understand app usage and improve user experience. These tools may automatically collect device identifiers and usage statistics from the app for analysis. For instance, Google Analytics for Firebase can gather data such as your Android Advertising ID or an instance ID to measure events in the app. This helps us see aggregated trends (like how often a feature is used or if the app crashes in a certain scenario) so we can make informed improvements. Data collected by such analytics services is processed according to the providers' privacy policies – for example, Google's Privacy Policy governs data used by Firebase and Google Analytics.. We configure these tools in line with privacy requirements (you may have options to opt-out of certain analytics, as noted below). No personally identifying info (like your name or email) is shared with our analytics tools, only technical and usage data needed for analysis.

Advertising (First-Party): Currently, the Eighty Days app does not integrate any third-party advertising networks. If we introduce advertising within the app in the future, it will be served through our own systems and will not involve sharing your personal data with outside ad providers. In other words, any ads would be based on our first-party data and shown by us, without handing over your information to ad networks. We are committed to avoiding invasive third-party tracking. (And to reiterate, we do not sell your data to advertisers.)

Legal Compliance: We may disclose user information when required by law or when we believe in good faith that such disclosure is necessary to comply with a legal obligation. This could include responding to valid legal processes like subpoenas, court orders, or requests from government authorities. We might also disclose data if needed to protect our rights or the safety of others – for example, sharing information with law enforcement if someone is using the App for unlawful activities, or to investigate fraud or a security incident. We will only share the information that is reasonably necessary in these cases.

Encryption: Data transmitted between your device and our servers is encrypted in transit (e.g. using HTTPS). This means that any data you send through the App is encoded to prevent eavesdropping by third parties while it's traveling over the internet. We also employ encryption for data at rest in our databases where applicable. Encryption is a widely recognized best practice to keep information secure both during transfer and storage.

Secure Infrastructure: We use secure server environments and cloud infrastructure with strong protections. Our servers are kept behind firewalls and other network security technologies to block unauthorized access. We also ensure that security updates and patches are applied regularly to our systems to address potential vulnerabilities.

Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis. Within Colourblind Ventures, only employees or contractors who require access to your information to perform their duties (for example, customer support responding to a query) can view it. We implement role-based access controls (RBAC), meaning each user or staff role has only the minimum permissions needed. This limits exposure of data. We also utilize authentication measures and, where appropriate, multi-factor authentication for administrative access. Regular reviews are conducted to update and revoke access as needed.

Security Assessments: We periodically evaluate our applications and infrastructure for potential security issues. This includes conducting vulnerability scans, penetration testing, and security audits (sometimes via independent third-party experts) to find and fix weaknesses. Regular security assessments and updates help us stay ahead of emerging threats and maintain a robust security posture.

Monitoring and Alerts: Our systems have logging and monitoring in place to detect suspicious activities or anomalies. If any unusual behavior is detected (such as multiple failed log-in attempts or a sudden spike in certain errors), our team is alerted to investigate and take action. We also have an incident response plan so that if a security incident or data breach were to occur, we can react quickly to mitigate any harm and notify affected users as required by law.

Access and Update: You can review and update the personal information in your profile at any time. The App provides account settings where you can edit details such as your name, email, and any other profile info you have provided. Keeping your information accurate and up-to-date helps us serve you better.

Account Deletion (Right to Erasure): You have the right to request deletion of your account and the personal data associated with it. If you no longer wish to use Eighty Days, you may contact us to delete your account (see Contact Information below). Upon such a request – and after necessary verification – we will erase your personal data from our active systems, provided there's no legal obligation to retain it. Account deletion will be carried out in line with applicable laws and technical feasibility. (For example, under GDPR, users have a right to erasure of their data in many circumstances.) We will honor deletion requests and remove your info from our records (or anonymize it) within a reasonable timeframe.

Permissions Control: If you granted the App certain device permissions (such as location access), you can revoke those permissions at any time in your device's settings. For instance, if you previously allowed location services but change your mind, simply disable location permission for Eighty Days in your phone's privacy settings; the app will then stop collecting your location data. You are always free to adjust these settings, and the App will respect the new preferences. Keep in mind some features may be limited without the relevant permissions (e.g., the app might not show location-based suggestions without location access).

Opt-Out of Analytics/Tracking: We do not serve third-party ads, but we do use analytics to improve the product. If you prefer not to participate in certain analytics or personalized experiences, you may have options to opt out. For example, your device settings (for Android or iOS) may allow you to opt out of personalized advertising or reset your advertising ID, which Google Analytics for Firebase honors in limiting ad-personalization data. In the future, we may also provide in-app toggles to disable some analytics or tracking features if feasible. We respect "Do Not Track" signals and similar user choices where applicable.

Withdrawal of Consent: Where any processing is based on your consent (for example, if in the future we request consent for a new data use), you have the right to withdraw that consent at any time. If you withdraw consent, we will stop the processing that was based on consent. (Note: using core features of the app is typically based on contract necessity – e.g., we need to process your data to provide the service – rather than consent. But for any optional features that rely on consent, you're in control.)

Non-Discrimination: Exercising your privacy rights will not affect the quality of service you receive. We will not deny you the App or charge you different prices just because you opted out of certain data uses or requested to exercise your rights. All users are treated equally, whether or not they choose to share additional data.

Data Portability: If applicable, you can request a copy of the personal data you have provided to us, in a common portable format, so you can transfer it to another service. (This right may be limited to certain data and contexts, but we will assist as much as possible if you need your data exported.)

1. Introduction

EightyDays (an app by Colourblind Ventures Pvt. Ltd.) ("we", "us", or "our") provides an automated travel-discovery service. This Policy explains how we handle information received through the Instagram Messaging API when you interact with our official Instagram account. Our service is designed with Privacy-by-Design principles, ensuring that your media is processed in real-time without permanent storage.

2. Information We Receive (Data Minimization)

We only access the minimum data necessary to fulfill your request. When you voluntarily send an Instagram Reel to us via Direct Message (DM), we receive:

Instagram Scoped User ID (PSID): A temporary ID used solely to send a reply.

Message Type: To confirm the message is a Reel.

Temporary Media URL: A short-lived CDN link provided by Meta to access the shared Reel.

We do not collect your Instagram password, friend list, profile details, or any messages that are not Instagram Reels. Non-Reel messages (text, images, or other media) are ignored and not processed.

3. Purpose of Processing

We process the shared Reel for the sole purpose of extracting publicly mentioned place names to generate a curated travel list for the user. We do not use this data for profiling, advertising, or any other secondary purpose.

4. Zero-Storage & Data Retention Policy

We adhere to a strict No-Storage Policy for Instagram media:

In-Memory Processing: Reels are downloaded temporarily into volatile server memory (RAM).

Instant Deletion: Once the place names are extracted, the Reel media is immediately purged from our memory. We do not save Reels to any database, hard drive, or cloud storage.

No Message Logs: We do not store the content of your DMs or your Instagram handle.

24-Hour Rule: All automated responses are sent within 24 hours of receipt. If processing is not completed within this window, all associated temporary data is discarded.

5. Third-Party AI Processing (Google Gemini)

To analyze Reel content, we use the Google Gemini Pro (Paid Enterprise Tier) API.

Data Isolation: We only send the Reel media to the AI; no user identifiers or account information are shared.

No Model Training: Per our service agreement, the data sent to Google Gemini is not used to train or improve their AI models.

Security: Data is transmitted via encrypted HTTPS protocols.

6. Data Sharing and Prohibitions

No Sale of Data: We never sell, rent, or trade any data received from the Meta platform.

No Advertising: Instagram data is never used for ad targeting or marketing.

No User Tracking: We do not track your activity across other websites or apps.

7. User Control

Because we do not store your data or maintain user profiles, you are always in control. You may stop processing at any time by:

Ceasing to send Reels to our account.

Blocking our Instagram account.

Deleting your conversation thread on your own device.

This policy is intended to comply with the Meta Platform Terms and Developer Policies. We regularly review our backend processes to ensure continued adherence to data safety standards.

We use the Instagram Messaging API to process Reels shared by the user to create travel itineraries. We do not store or share private message content beyond the processing of the specific request.

Colourblind Ventures Pvt. Ltd. (Eighty Days Support)

Email: hello@eightydays.ai