Privacy Policy
Last updated: 2026-07-03.
What this site is
TravelMaestro (travelmaestro.eu) is a European public-transport trip planner. This policy explains what data we collect, why, and the rights you have over it under the GDPR.
Account & sign-in
Signing in uses Google OAuth. We store your Google account ID, email address, and (if provided) name and profile picture, so you can save and revisit trips. Your session is held in a single HTTP-only cookie — see "Cookies" below.
Saved trips
If you save a trip, we store the origin/destination, date, and the planned itinerary tied to your account. This is only used to show it back to you on your "Saved trips" page and is never shared with anyone else.
Search analytics (no personal data)
We log basic, non-personal search metrics (route counts, whether a flight was found, response time, and the *country* — never precise coordinates — of the origin/destination) to understand how well the planner is working. These records carry no name, email, IP address, or exact location, and are automatically deleted after 180 days.
Cookies
We set one cookie ourselves: a session cookie (HTTP-only, secure, 30-day expiry) that keeps you signed in. It carries no tracking payload — just your account reference.
We also load a Travelpayouts affiliate script site-wide, which supports the flight-booking links on this site financially. We haven't independently verified whether this third-party script sets its own cookies — treat it as a tracker until we can confirm otherwise. If you'd rather not have any third-party script run, use a browser content/script blocker; the planner works identically without it.
Booking & affiliate links
Booking links route through a first-party redirect (/go) so we can measure which links get used — we log only the destination hostname and path, never who clicked. Some of these links (Aviasales, Omio, Trainline, BlaBlaCar, Hotellook) may earn us a small commission at no extra cost to you, disclosed on every results page.
Third-party services we use
- Google (sign-in)
- MongoDB (database, hosted by us)
- Transitous / MOTIS (public-transport timetable data)
- Travelpayouts / Aviasales (flight fares, affiliate attribution)
- An OpenAI-compatible AI provider (price-estimate and summary text — never your personal data)
- Firecrawl (public web pages, for price-estimate grounding — never your personal data)
- A transactional email provider (only if you turn on price-drop alerts)
Your rights
Under the GDPR you can access, export, correct, or delete your data at any time. Signed-in users can export or delete their account directly from the Saved trips page. For anything else, email us (see the imprint page for contact details).
Contact
See the imprint page for who operates this site and how to reach us.