goatt legal

Privacy Policy

This policy explains how goatt handles personal information across the public website, the authenticated web app, and the mobile applications used to plan and manage trips together.

Privacy Policy

Last updated: March 18, 2026

This Privacy Policy explains how goatt ("goatt," "we," "our," or "us") collects, uses, shares, and protects information when you use our website, authenticated web application, mobile applications, invitation flows, and related services (collectively, the "Services").

This policy applies to both the public-facing website and the goatt mobile apps. If you use the web app after signing in, this policy applies there as well.

Information We Collect

Depending on how you use the Services, we may collect the following categories of information:

  • Account information. Your name, email address, password, email verification status, and profile photo.
  • Social sign-in information. If you choose to sign in with Google or Apple, we receive information needed to authenticate you, such as your verified email address, provider identifier, and any name information supplied by that provider or by you.
  • Trip and collaboration content. Information you create or upload in the Services, including trips, dates, cover photos, album links, traveler lists and roles, trip sites, chat messages, comments, reactions, packing lists, packing item status, expenses, payment records, and activity log entries.
  • Invitation data. Information used to invite people to a trip, such as the invitee's name, email address, optional phone number, invitation token, and invitation status.
  • Subscription and billing data. Trial status, subscription status, plan selection, Stripe customer and subscription metadata, and related billing-period records. Payment card details are processed by Stripe and are not stored directly by goatt.
  • Technical and session data. Information created when you access the Services, such as authentication tokens, session and security cookies used by the web app, device and browser details, IP address, app or browser version, timestamps, and server or security log data.
  • Communications data. Records related to invitations, account verification, billing, support, and other transactional communications we send or receive.

How We Use Information

We use personal information to:

  • create and manage user accounts;
  • authenticate users and maintain secure sessions;
  • support trip planning and group collaboration features;
  • send invitations, verification emails, billing notices, and service-related messages;
  • provide subscription checkout, billing management, and trial administration;
  • keep records of trip activity and user actions within shared trips;
  • troubleshoot bugs, monitor performance, protect the Services, and prevent abuse; and
  • comply with legal obligations and enforce our terms, policies, and permissions.

How Trip Sharing Works

goatt is built for shared trip planning. That means information you add to a trip may be visible to other people who are part of that same trip, subject to their role and permissions in the app.

For example, trip members may be able to see shared trip details, traveler lists, chats, comments, expenses, payment records, packing lists, activity logs, and invitations associated with that trip. If you do not want other trip participants to see something, do not add it to shared trip spaces.

How We Share Information

We may share information in the following circumstances:

  • With other trip participants. Shared trip content is visible to users who have access to the same trip.
  • With service providers. We use third-party providers that help us run the Services, such as hosting and infrastructure providers, email delivery providers, Google and Apple for sign-in services you choose to use, and Stripe for subscription billing and payment processing.
  • With advertising or embedded content providers. Some signed-in web pages may display third-party advertising or embedded code. When that happens, the ad or content provider may receive technical information from your browser or device and may collect data under its own privacy practices.
  • For legal or security reasons. We may disclose information if we believe it is necessary to comply with law, respond to legal process, protect users, investigate misuse, or enforce our rights.
  • As part of a business transaction. Information may be transferred as part of a merger, acquisition, financing, reorganization, or sale of assets, subject to applicable law.

Cookies, Tokens, and Similar Technologies

The web version of goatt uses cookies and similar technologies that are reasonably necessary to operate the site and keep users signed in securely. These technologies may be used to maintain sessions, protect against unauthorized requests, remember login state, and support core site behavior.

The mobile apps may store authentication tokens and limited app data on your device so you can remain signed in and use the app properly.

If we display third-party ad code or embedded content on the web app, those third parties may also use cookies, scripts, or similar technologies. Their collection and use of data is governed by their own policies, not this one.

Subscription Billing

goatt offers subscription functionality through Stripe. If you subscribe, Stripe processes your payment information on our behalf. We may receive limited billing-related information from Stripe, such as your customer identifier, subscription status, plan, and billing period, but we do not store your full payment card number in our application database.

Trip payment entries inside the app are collaboration records entered by users for planning and tracking purposes. They are not a replacement for Stripe's payment processing for subscriptions.

Data Retention

We keep information for as long as reasonably necessary to provide the Services, maintain accounts, support shared trips, comply with legal obligations, resolve disputes, and enforce agreements.

Retention periods may vary by data type. For example:

  • account and trip data may be kept while your account remains active;
  • invitation, billing, and security records may be kept longer when needed for business, legal, or fraud-prevention purposes; and
  • backup, log, and archived records may remain for a limited period after deletion.

If you delete your account, we will delete or de-identify information as required by applicable law and as reasonably practicable within our systems. Some records may remain for legal, billing, security, integrity, or shared-trip reasons.

Your Choices

You may be able to:

  • update your profile information in the Services;
  • choose whether to use email/password login or supported Google or Apple sign-in options;
  • decline trip invitations;
  • manage or cancel your subscription through the available billing tools; and
  • request account deletion through available account settings or support channels.

Depending on where you live, you may also have legal rights to request access to, correction of, deletion of, or a copy of certain personal information.

Security

We use reasonable administrative, technical, and organizational measures designed to protect personal information. However, no method of transmitting or storing data is completely secure, and we cannot guarantee absolute security.

You are responsible for keeping your login credentials secure and for using the Services in a way that protects the privacy of the people you invite or collaborate with.

International Processing

goatt may process and store information in the United States and in other locations where our service providers operate. By using the Services, you understand that your information may be transferred to and processed in jurisdictions that may have different data-protection laws than the place where you live.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated version here and update the "Last updated" date above. Your continued use of the Services after an update becomes effective means the updated policy will apply to your future use of the Services.

Contact

If you have questions, requests, or concerns about this Privacy Policy or your personal information, please use the contact or support channel made available through goatt's website or applications.