Back

Privacy Policy

Last updated: May 2026

Blaze Travel Mate ("Blaze") is operated by Nadia Santucci, a sole trader (the "Seller"), who is the data controller responsible for your personal data. This policy explains what we collect, why, and your choices.

What we collect

  • Account: email address (and name/photo if you sign in with Google or Apple).
  • Your trips: destinations, dates, itinerary items, documents, expenses, and packing lists you add.
  • Preferences: currency, units, week start (stored on your device).
  • Basic analytics: anonymized crash and usage data to keep the app reliable.
  • Billing data: if you subscribe to Blaze Pro, Paddle collects your payment details directly — we never see your full card number.

How we use it & legal basis

We process your personal data on the following legal bases (GDPR Art. 6):

  • Performance of a contract — to create your account, store and display your trips, and provide Blaze Pro features you've purchased.
  • Legitimate interests — to keep the app secure, prevent fraud, fix bugs, and improve the product through anonymized analytics.
  • Consent — for any optional features (e.g. push notifications) where you've opted in. You can withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, and other laws.

We do not sell your data or use it for advertising.

Who we share it with

We share data only with service providers strictly necessary to run Blaze:

  • Hosting & database provider — stores your account and trip data in encrypted databases with row-level security.
  • Paddle.com Market Ltd ("Paddle") — our payments provider and Merchant of Record. If you purchase Blaze Pro, Paddle processes your payment, handles billing, tax compliance, invoicing, and refunds. Paddle receives your name, email, billing address, and payment details directly. See Paddle's privacy notice.
  • Authentication providers (Google, Apple) — if you choose to sign in with them.
  • Authorities — only where required by law.

Storage & security

Data is stored in encrypted databases. Access is restricted by row-level security so only you can see your data. We use appropriate technical and organisational measures (encryption in transit and at rest, access controls).

Sharing trips

When you share a trip via a share link, anyone with that link can view the trip's itinerary in read-only mode. You can revoke a link at any time.

Your rights

If you are in the EU/EEA, UK, or California, you have the right to access, correct, port, restrict, or delete your personal data, object to processing, and withdraw consent. You can also lodge a complaint with your local supervisory authority. Use the in-app export and delete tools in Settings → Danger zone, or email us — we respond within 30 days.

Data retention

We keep your data for as long as your account is active. When you delete your account, personal data is removed immediately. Billing records held by Paddle may be retained for as long as required by tax law. Aggregated, anonymized analytics may be retained.

Children

Blaze is not directed at children under 13. We do not knowingly collect data from children under 13.

International transfers

Your data may be processed in countries other than your own. Where data leaves the UK/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

Contact

Privacy questions, data access, or deletion requests: hello@zekiwellness.com.