Privacy Policy
Last updated: 16 July 2026
⚠️ Draft template — not legal advice. This document is a starting
point. It must be reviewed and completed by a qualified lawyer for your jurisdiction and your actual
data-processing practices before a public launch. Bracketed fields like [COMPANY] must be filled in.
[COMPANY] (“Puaro”, “we”) operates the Puaro service at puaro.chat. This policy explains what
personal data we process, why, and your rights. Data controller: [COMPANY], [ADDRESS]. Contact: [CONTACT EMAIL].
Data we process
- Account (if you sign in): name, avatar and age from your login provider, and any
“about you” text you add.
- Requests & content: your search queries, trip-plan answers, saved favorites,
places you add, chat messages and dialog history.
- Location: approximate coordinates (rounded to ~100 m before being sent to the AI model)
and city/area you provide, used only to find places near you.
- Behavioural profile (optional): inferred preference tags from your activity, used to
personalize recommendations. Processed only with your consent.
- Technical: a strictly-necessary session cookie, IP address (for rate-limiting/security).
Why we process it (purposes & legal basis)
- To provide recommendations and run your account — performance of a contract.
- Security and abuse prevention — legitimate interests.
- Optional analytics and personalization — your consent (withdrawable anytime).
Who we share it with (processors)
- AI & search: your request, location and relevant profile are sent to the configured
AI/search provider (e.g. Google) to generate results.
- Login: your chosen OAuth provider (e.g. Yandex) for authentication.
- Hosting & database: our cloud host (Railway) and managed Postgres.
- Optional tracing: if enabled, request/response metadata may be sent to an
observability tool. Disabled unless configured.
We do not sell your personal data.
Retention
We keep account and content data until you delete your account or ask us to erase it. You can delete your
account from your profile, which removes your data across our tables.
Your rights
See GDPR & Your Rights. To exercise any right, contact [CONTACT EMAIL].
International transfers
Some processors may store or process data outside your country; where required we rely on appropriate
safeguards (e.g. Standard Contractual Clauses). [DESCRIBE / CONFIRM WITH LAWYER].