Privacy Policy

Last updated: May 7, 2026

This policy may be updated at any time without prior notice.

1. Who We Are

WaiAN is an AI-powered Bali travel concierge operated by Wander. When this policy says "we", "us", or "our", it refers to Wander and the WaiAN platform.

2. Data We Collect

We collect the following data when you use WaiAN:

  • Account data: name, email address, and password (hashed).
  • Chat messages: the content of your conversations with the AI, stored as structured JSON in our database.
  • Itineraries: generated travel plans including activities, locations, preferences, and notes.
  • Token usage: the number of input and output tokens consumed per chat session, used for billing and cost analysis.
  • Usage counters: your monthly AI reply count and itinerary count, used to enforce plan limits.
  • Session data: authentication tokens stored in httponly cookies, managed by our authentication system (Better-Auth).
  • Device data: IP address and user agent, stored as part of session management.

3. How We Use Your Data

  • To provide and personalize the AI travel planning service.
  • To enforce plan limits and credit balances.
  • To generate and store your itineraries.
  • To calculate internal API cost analytics (aggregated, not sold).
  • To send transactional emails (email verification, password reset).
  • To prevent abuse and enforce our Terms of Service.

We do not sell your personal data to third parties.

4. Third-Party Services

WaiAN relies on external APIs to function. By using WaiAN, you acknowledge that certain data is transmitted to these third parties:

  • Google Gemini API:your chat messages and context are sent to Google's Gemini API for AI response generation. Google's data handling is governed by Google's Gemini API Terms.
  • Google Maps / Geocoding API: activity names and addresses from your itineraries are sent to Google for geocoding (converting addresses to coordinates). Results are cached in our database to minimize repeated transmissions.
  • SMTP Email Provider: your email address is used to send verification and password reset emails.

5. Data Storage & Security

Your data is stored in a MySQL database hosted on a private server. Authentication sessions use httponly cookies to prevent client-side JavaScript access. Passwords are hashed using bcrypt and never stored in plain text.

While we take reasonable measures to protect your data, no system is 100% secure. UseWaiAN at your own discretion.

6. Data Retention

We retain your data for as long as your account is active. Deleted accounts are soft-deleted; contact us to request permanent deletion. Chat messages and itineraries associated with deleted accounts may be retained for up to 90 days before purging.

7. Your Rights

  • Access: you may request a copy of the personal data we hold about you.
  • Deletion: you may request deletion of your account and associated data by contacting us at wahyu@wsrajasa.com.
  • Correction: you may update your name and email from your profile settings.

8. Cookies

We use httponly session cookies for authentication. We do not use advertising cookies or third-party tracking cookies.

9. Children's Privacy

WaiAN is not directed at children under 13. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy at any time without prior notice. Continued use ofWaiANafter changes constitutes your acceptance of the updated policy. The "Last updated" date at the top of this page reflects when changes were last made.

11. Contact

For privacy-related inquiries, contact us at wahyu@wsrajasa.com.