1. Introduction
Peachspring Atlas is an independently developed and operated software project that provides China travel information, trip-planning tools, plan checks, custom itinerary tools, and related digital services.
This Privacy Policy explains how Peachspring Atlas ("Peachspring Atlas," "we," "us," or "our") collects, uses, stores, and shares personal information when you visit our website, create an account, upload travel materials, purchase a trip product, or otherwise use our services.
Website: https://www.peachspringatlas.com
2. Scope
This Privacy Policy applies to:
- public Guides, POI pages, and other website content;
- Google sign-in and Peachspring Atlas accounts;
- standard and custom Trip Projects;
- plan checks and route customization;
- uploaded images, screenshots, PDFs, and pasted text;
- OCR, AI-assisted fact extraction, and itinerary adaptation;
- payments, orders, entitlements, refunds, and disputes;
- generated itineraries and PDF exports;
- account support, data export, and deletion requests.
This policy does not govern third-party websites or services that operate under their own privacy policies.
3. Information We Collect
3.1 Information collected when you browse
We may collect information needed to operate, secure, and improve the website, including:
- pages and features requested;
- date and time of access;
- browser, device type, language, and basic technical information;
- necessary cookies or similar technologies;
- security, abuse-prevention, and diagnostic information.
If we use non-essential analytics, advertising, or similar technologies, we will provide any notices and choices required by applicable law.
3.2 Google account information
When you sign in with Google, we may receive:
- a stable Google account identifier;
- your email address;
- your display name;
- your profile picture;
- information needed to verify the sign-in request.
We use the stable Google account identifier to map your Google identity to your Peachspring Atlas account. Your email address, name, and profile picture are profile information and are not public by default.
The first version of the service requests only openid, email, and profile. We do not request access to Gmail, Google Drive, Google Calendar, Google Contacts, or offline Google account access. We do not store Google access tokens or refresh tokens for the first sign-in release.
3.3 Trip and preference information
When you plan or customize a trip, we may collect information such as:
- origin country or city;
- arrival and departure cities;
- travel dates and trip length;
- destination cities and preferred places;
- flight, train, hotel, ticket, and transfer information;
- addresses, times, booking windows, and must-visit preferences;
- itinerary edits, saved drafts, accepted versions, and PDF exports;
- system recommendations and your decisions about those recommendations.
Trip Projects are private to the signed-in owner unless we clearly provide and you choose another sharing feature in the future.
3.4 Uploaded files and extracted travel facts
You may choose to upload travel-related images, screenshots, PDFs, or text. These materials may contain names, booking details, travel dates, locations, reservation numbers, or information about other travelers.
Please remove information that is not needed for trip planning, including full passport numbers, complete payment-card information, passwords, access tokens, unrelated personal documents, and unnecessary information about other people.
We may use approved storage, security-scanning, OCR, and AI service providers to:
- identify the type of document;
- extract hotel, flight, train, ticket, date, time, and location facts;
- identify missing or conflicting information;
- prepare a proposed itinerary adjustment for your review.
Extracted facts and proposed changes do not silently modify your itinerary. You must review and approve facts or itinerary changes before they are applied.
3.5 Payment and order information
If you purchase a paid product, we may collect:
- the product and associated Trip Project;
- price, currency, and purchase time;
- order, payment, refund, dispute, and entitlement status;
- payment-provider references needed for reconciliation and support.
Payments are intended to be processed by a hosted payment provider. Peachspring Atlas does not intend to store full payment-card numbers. The payment provider may collect and process payment information under its own privacy policy.
3.6 Support, security, and legal records
We may collect information you provide in support requests, privacy requests, or account communications. We may also maintain minimized records of account activity, legal notices, consent choices, login events, abuse prevention, and security incidents.
4. How We Use Information
We may use personal information to:
- create, authenticate, and secure your account;
- restore a task you started before signing in or paying;
- create, save, review, customize, and deliver Trip Projects;
- process files and prepare travel facts for your review;
- check route feasibility and explain timing, distance, booking, or transport conflicts;
- provide AI-assisted recommendations and executable itinerary options;
- process orders, payments, entitlements, refunds, and disputes;
- generate and securely deliver itinerary PDFs;
- provide support and respond to privacy requests;
- prevent fraud, abuse, unauthorized access, and security incidents;
- maintain, debug, and improve the service;
- comply with applicable legal obligations and protect legal rights.
We do not turn private tickets, hotel bookings, flight details, uploaded files, or private itinerary facts into public POI content.
5. Legal Bases
Where applicable law requires a legal basis, we may process personal information based on:
- performance of a contract or steps you request before entering a contract;
- our legitimate interests in operating, securing, and improving the service;
- your consent for optional activities;
- compliance with legal obligations;
- establishment, exercise, or defense of legal claims.
The applicable basis depends on the information, feature, and jurisdiction. Optional consent is separated from processing that is necessary to provide the service.
6. AI and Automated Assistance
Peachspring Atlas uses AI as an assistive layer, not as an unrestricted decision-maker.
Approved OCR or AI providers may process the minimum information needed to extract travel facts, explain the consequences of an edit, or prepare an itinerary proposal. AI output may be incomplete or inaccurate.
Peachspring Atlas uses structured data, route rules, map or travel-time information, saved versions, and user approval to reduce errors. AI output cannot independently grant account access, create payment entitlements, publish private information, or modify an itinerary without the required review and validation steps.
7. How We Share Information
We do not sell your private account, trip, booking, or uploaded-file information.
We may share the minimum information necessary with service providers that help us operate the service, such as providers for:
- Google sign-in;
- website hosting and content delivery;
- databases and private object storage;
- file validation and malware scanning;
- OCR, multimodal, and route-generation models;
- maps, geocoding, and travel-time calculations;
- hosted payments and refunds;
- logging, security, error monitoring, email, and customer support;
- optional analytics, where enabled.
We may also disclose information when reasonably necessary to comply with law, respond to valid legal process, protect users or the service, investigate fraud or abuse, or establish and defend legal rights.
We require service providers to process information only for approved purposes and with appropriate contractual and security controls. A current provider and processing-location list will be made available before production account, upload, and payment features are activated.
8. International Data Processing
Peachspring Atlas serves international travelers. We and our service providers may process information in countries other than the country where you live. Data-protection laws may differ between countries.
Where required, we will use appropriate contractual, organizational, or legal safeguards and will publish accurate information about the providers and processing locations used by the production service.
9. Data Retention
We retain personal information only for as long as reasonably necessary to provide the service, maintain security, resolve disputes, meet legal obligations, and enforce agreements.
Planned operational periods include:
- application sessions: generally up to 14 days, unless revoked earlier;
- failed or quarantined uploads with no active retry: targeted for deletion within 7 days;
- temporary OCR or processing artifacts: targeted for deletion within 30 days after completion or rejection;
- source files, Trip Projects, and route versions: retained while the relevant account or Trip Project remains active, unless you delete them;
- user-deleted source objects: targeted for removal from primary systems within 30 days, subject to short-term encrypted backups;
- rolling backups: generally targeted for 30 days;
- security and audit records: generally targeted for 90 days, unless needed for an active incident or dispute;
- order, refund, fraud, and dispute records: retained as required for payment processing, legal obligations, and dispute handling.
Actual production retention periods will be confirmed against the deployed systems and provider contracts before account, upload, and payment features are launched.
10. Security
We use reasonable technical and organizational measures designed to protect personal information, including:
- server-side verification of Google sign-in credentials;
- secure application sessions;
- ownership and authorization checks for private resources;
- encryption in transit and, where appropriate, at rest;
- private storage and time-limited authenticated downloads;
- file type, size, content, and security checks;
- access controls, secret management, logging minimization, and key rotation;
- payment-event verification, idempotency, and reconciliation;
- backup, recovery, deletion, and incident-response testing.
No service can guarantee absolute security. If you believe your account or information has been compromised, contact us promptly.
11. Your Rights and Choices
Depending on where you live and applicable law, you may have rights to:
- receive information about our processing;
- access personal information we hold about you;
- correct inaccurate or incomplete information;
- request deletion;
- request restriction of or object to certain processing;
- receive a portable, machine-readable copy;
- withdraw consent for optional processing;
- opt out of sale or legally defined sharing;
- exercise rights without unlawful discrimination.
Peachspring Atlas does not currently plan to sell personal information. If future processing could constitute a sale, targeted advertising, or legally defined sharing, we will update this policy and provide required choices before beginning that processing.
Account tools are planned to support data export and account deletion. We may need to verify your identity before fulfilling a request. Limited records may be retained or pseudonymized where required for legal, financial, fraud, security, or dispute purposes.
12. Cookies and Similar Technologies
We may use necessary cookies for account sessions, security, preferences, and core website functions.
If we use non-essential analytics, advertising, or similar technologies, we will provide a separate Cookie Policy and any consent or opt-out controls required by applicable law.
13. Children
Peachspring Atlas is not designed for children. Account, upload, and paid services are intended for users aged 18 or older.
We do not knowingly collect personal information from children in a manner that violates applicable law. If we learn that we have collected such information, we may restrict the account and take reasonable steps to delete the information.
14. Third-Party Services and Links
Our content and itineraries may reference or link to third-party maps, transport providers, hotels, attractions, payment providers, government websites, or other services. Their privacy practices are governed by their own policies, not this Privacy Policy.
15. Changes to This Policy
We may update this Privacy Policy when our services, providers, security practices, or legal obligations change. We will post the updated version and update the "Last updated" date.
If a change materially affects your rights or how we use personal information, we will provide an appropriate notice. Where a new consent is required, we will not rely only on a silent policy update.
16. Contact Us
Website: https://www.peachspringatlas.com
Peachspring Atlas is currently described as an independently developed and operated software project. We do not claim a registered company, registration number, registered office, or formal data-protection officer at this stage.