Privacy Policy
Last updated: June 15, 2026
1. Who we are (Data Controller)
Jouvida ("Jouvida", "we", "our", or "us") is an independent, non-commercial project that operates the Jouvida website at jouvida.com and the Jouvida mobile application (together, the "Service"). For the purposes of the EU General Data Protection Regulation (GDPR) and the Turkish Personal Data Protection Law No. 6698 (KVKK), Jouvida is the data controller for personal data processed through the Service.
For any privacy question or to exercise your rights, contact us at mustafasahin307@gmail.com.
2. What data we collect
Account data (only if you sign in): when you sign in with Google or Apple, we receive your email address and display name to create and identify your account. Browsing Jouvida does not require an account.
Content you create: the destinations you save, collections and trips you build, places you mark as visited, and any notes you add.
Approximate location: only if you grant permission, we use your approximate location in your browser to show nearby destinations. It is processed in your device/session and is not stored on our servers.
Technical & usage data: with your consent, Google Analytics collects standard analytics data (pages viewed, approximate region, device/browser type, referring page). Your hosting provider also processes server logs (e.g. IP address) as needed to deliver and secure the site.
Local storage on your device: we store your theme choice, your cookie-consent choice, and (when not signed in) your saved places and last map position in your browser's local storage. This stays on your device.
3. Legal bases for processing (GDPR Art. 6)
- Consent — Google Analytics and any non-essential cookies run only after you accept them. You can withdraw consent at any time.
- Performance of a contract — creating and operating your account and saving your content so the Service works for you.
- Legitimate interests — keeping the Service secure, preventing abuse, and ensuring it functions reliably (essential cookies/local storage and server logs).
4. How we use your data
- Provide the map, search, destination pages, collections and trips
- Create and manage your account and your saved content
- Understand aggregate usage to improve the Service (only with consent)
- Keep the Service secure and prevent misuse
We do not sell your personal data, and we do not use it for advertising or profiling.
5. Cookies & analytics
We use a small number of essential cookies / local-storage items that are required for the site to work, and — only with your consent — Google Analytics. No analytics or advertising cookies are set before you accept. You can accept or reject when you first visit, and change your choice anytime via the “Manage cookies” option in our Cookie Policy. Full details are in our Cookie Policy.
6. Service providers (processors)
We rely on a few trusted providers that process data on our behalf:
- Supabase — database, authentication and storage. Our data is hosted in the EU (eu-west-1, Ireland).
- Vercel — website hosting and content delivery (server logs).
- Google Sign-In and Apple Sign-In — authentication, if you choose to log in.
- Google Analytics — usage analytics, only with your consent.
- OpenFreeMap — map tiles (your IP is visible to the tile server to deliver the map).
- YouTube (privacy-enhanced “no-cookie” mode) — destination videos are embedded via youtube-nocookie.com, which does not set tracking cookies unless you play a video.
Each provider processes data under its own privacy terms and our instructions.
7. International transfers
Your primary data is stored in the EU. Some providers (e.g. Google, Apple, Vercel) may process data outside the EU/EEA, including in the United States. Where that happens, transfers are covered by appropriate safeguards such as the European Commission’s Standard Contractual Clauses and/or the EU–US Data Privacy Framework.
8. How long we keep data
We keep your account and content for as long as your account is active. If you delete your account, your personal data is permanently deleted (see section 10). Analytics data is retained in aggregate for a limited period in line with Google Analytics settings. Local-storage items remain on your device until you clear them.
9. Your rights
Under the GDPR and KVKK you have the right to:
- access the personal data we hold about you
- rectify inaccurate data
- erase your data ("right to be forgotten")
- restrict or object to processing
- data portability
- withdraw consent at any time (e.g. for analytics)
To exercise any of these, email mustafasahin307@gmail.com. You also have the right to lodge a complaint with your local data protection authority (in the EU, your national supervisory authority; in Türkiye, the Personal Data Protection Authority — KVKK).
10. Deleting your account & data
If you have an account, you can permanently delete it and all associated data yourself from your account page (Account → Delete account). Deletion is immediate and irreversible. You can also email us and we will complete any deletion request within 30 days.
11. Children
The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.
12. Security
Data is stored using Supabase infrastructure with row-level security and encrypted connections. No method of transmission or storage is completely secure, but we take reasonable measures to protect your data.
13. Changes to this policy
We may update this Privacy Policy from time to time. We will revise the “Last updated” date above and, for material changes, provide a notice within the Service.