This Privacy Policy explains how Naprio LTD, trading as Naprio Studios ("we," "us," or "our"), collects, uses, discloses, and safeguards your personal data when you use the Venture mobile application (the "App"). We are committed to processing your data lawfully, fairly, and transparently in accordance with the UK GDPR, EU GDPR, and all other applicable data protection legislation.
1.Data Controller
The data controller responsible for your personal data is:
Company: Naprio LTD (trading as Naprio Studios)
Company Number: 17024491
Registered Address: 71–75 Shelton Street, London, England, WC2H 9JQ
Email: [email protected]
Website: napriostudios.com
2.Information We Collect
2.1 Information You Provide Directly
- Account info: Email, password, and optional profile details (name, DOB, photo, bio).
- Preferences: Travel interests, semantic tags, and "vibe" selections.
- User content: Reviews, ratings, notes, travel plans, and saved places.
- Search queries: Text entered into the semantic search feature.
- Reports you submit: When you report another user or piece of content, we collect the report, the reason you select, and any related details you provide.
2.2 Information Collected via SDKs and Automated Means
We use Software Development Kits (SDKs) and other tools to collect data automatically:
- Device info: Device type, OS version, and unique device identifiers.
- Usage data: Interactions, screens viewed, and session duration.
- Location data: Precise geographic location (with permission) collected on a "one-shot" basis for recommendations and passport stamps. We do not track you continuously.
- Analytics & crash data: Collected via the Firebase SDK to improve App performance.
- Advertising data: Collected via the Google AdMob SDK (identifiers and ad interaction data).
2.3 Safety and Moderation Data
To keep the community safe and to meet our legal obligations, we collect and generate data relating to content moderation and account enforcement:
- Reports about you: Reports submitted by other users concerning your account or your User Content, including the reason and details of the report.
- Moderation records: A record of enforcement decisions affecting your account — for example warnings, strikes, temporary suspensions, and terminations — together with the reason for, and timing of, each action.
- Evidence of reported content: Where content is reported, we may retain a copy of the reported content (such as a reported image, username, or biography) as evidence so that the report can be reviewed and any decision can be justified or appealed, even if the original content is subsequently changed or deleted.
3.Lawful Basis for Processing
| Purpose | Data Used | Lawful Basis (GDPR) |
|---|---|---|
| Account & discovery | Email, preferences | Contract |
| AI personalisation | Search queries, history | Contract |
| Location features | GPS coordinates | Consent |
| Social features | Profile data, UGC | Consent |
| Analytics / security | Device IDs, logs | Legitimate interest |
| Safety, moderation & enforcement | Reports, User Content, moderation records, evidence of reported content | Legitimate interest (keeping users safe and enforcing our Terms) and, where applicable, legal obligation (compliance with online safety and content-moderation law) |
| Marketing / ads | Email, ad IDs | Consent |
4.AI-Powered Content and Automated Processing
4.1 AI Personalisation
The App uses artificial intelligence (Google Gemini) to rank places and interpret search queries. Your data is not used to train, fine-tune, or improve the underlying AI models.
4.2 AI Hallucinations
You acknowledge that AI systems are subject to "hallucinations" or "confabulations," where the AI may generate information that is factually incorrect or entirely fabricated. We do not guarantee the accuracy of AI-generated content.4.3 Automated Decisions and "Human-in-the-Loop"
While our AI enhances discovery, it does not make decisions with legal effects. Moderation and account-enforcement decisions (such as warnings, strikes, suspensions, and terminations) involve human review and are not made solely by automated means. If you believe an automated recommendation, or a moderation decision, has significantly impacted you, you have the right to request a human review of the logic used, and to appeal an enforcement decision, by contacting [email protected].
5.Data Sharing & Transfers
We share data with third-party processors (Supabase, Google, Apple, RevenueCat) only to provide the service. For transfers to the United States, we rely on Standard Contractual Clauses (SCCs) and the EU–US Data Privacy Framework to ensure your data remains protected.
6.Data Retention
- Account data: Lifetime of account + 30 days.
- Server logs: Purged after 90 days.
- Location data: Used transiently; only the resulting country code (for stamps) is stored.
- Deleted content: Purged from backups within 30 days.
- Moderation records and evidence: Where we take enforcement action, or where retention is necessary to keep the community safe, to enforce our Terms, to handle appeals, or to comply with a legal obligation, we may retain moderation records and associated evidence of reported content for as long as reasonably necessary for those purposes, after which they are deleted. Retaining a minimal moderation record after an account is terminated allows us to enforce bans and respond to appeals or legal requests.
7.Data Security
We implement encryption (TLS/HTTPS) at rest and in transit. Our database utilises Row-Level Security (RLS) to ensure you can only access your own data. Evidence of reported content is held in private storage and is accessible only to authorised moderators through secure, time-limited links. In the event of a high-risk data breach, we will notify the ICO and affected users within 72 hours.
8.Your Rights (EEA and UK)
Under the GDPR, you have the right to access, rectify, erase ("Right to be Forgotten"), or export your data. You may also object to processing based on legitimate interests. Please note that, where we are required to retain certain moderation records or evidence to keep the community safe, to enforce our Terms, or to comply with a legal obligation, we may not be able to delete that limited data on request. To exercise these rights, email [email protected]. We respond to all requests within one calendar month.
9.California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the right to know what information we collect and to request its deletion. We do not "sell" your personal information.
9.1 Global Privacy Control (GPC)
We honour Global Privacy Control (GPC) signals. If your browser or device transmits a GPC "Do Not Track" signal, we will treat that as a valid request to opt-out of the "sharing" of your data for cross-context behavioural advertising.
10.Children's Privacy
The App is not directed at children under 13 (or 16 in the EEA/UK). If we discover we have inadvertently collected data from a child, we will delete it immediately.
11.Changes to This Policy
We may update this policy periodically. Significant changes will be notified via an in-app prompt. Your continued use of the App constitutes acceptance of the updated policy.
12.Contact Us
For any privacy-related queries or to exercise your data rights, please contact: