Privacy Policy

oneway.guide (“we”, “us”) is an independent micro-SaaS operated by Mehmet Akif Arslan. For any privacy-related question you can reach us at support@oneway.guide.

• Account data: email, display name, profile photo (if you sign in with Google).
• Trip preferences:city, dates, budget, interests, travel style, dietary needs, passport country, accommodation address — all supplied by you in the creation wizard.
• Order data: Stripe session and payment IDs, purchase amount, guide credits used. We do not receive or store your card number.
• Generated content: the JSON of each guide you generate, so we can re-render it and re-send the PDF.
• Technical data: IP address (for rate limiting), browser language, minimal server logs for debugging and abuse prevention.

• Generate and deliver your personalized travel guide.
• Process your payment and email you your receipt.
• Provide customer support and investigate issues.
• Protect the service from abuse (rate limits, fraud prevention).
• Comply with legal and tax obligations.

We do not use your data for advertising, profiling, or behavioural tracking, and we do not sell it to anyone.

To run the service we share the minimum necessary data with the following providers:

Some of these providers are based in the United States, so your data may be transferred outside your country under standard contractual clauses.

We do not use analytics cookies, advertising cookies, or third-party trackers. The only client-side storage we use is:

• sessionStorage to remember your wizard progress during a single session (cleared when you close the tab).
• Firebase Auth cookies strictly required to keep you signed in.

• Account & guides: kept while your account is active so you can re-access your guides.
• Orders & invoices: retained for up to 10 years when required by accounting and tax law.
• Server logs: rotated within 30 days.
• On account deletion we remove your account data and anonymize remaining order records, preserving only the legal minimum.

Regardless of where you live, you can ask us to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and associated data.
• Export your data in a portable format.
• Object to or restrict certain processing.
• Withdraw consent at any time.

Send requests to support@oneway.guide. We respond within 30 days. EU users also have the right to complain to their national data protection authority.

oneway.guide is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided data, email us and we will delete it.

Passwords are hashed by Firebase Authentication; payment data is handled by Stripe and never touches our servers. Traffic is encrypted end-to-end via HTTPS. No system is perfectly secure; we work to keep ours reasonable for the product we offer.

If we update this policy, the “Last updated” date above will change. Material changes will be announced by email to active users.