Privacy Policy

Effective April 2026

Our Commitment to Your Privacy

At Rondavu.ing, we believe personalization is powerful, but privacy is sacred. We're built by one person (Tad), and we treat your data the way we'd want ours treated. This policy explains exactly what we collect, why we collect it, and what we'll never do with it.

What Data We Collect

Account Information

When you sign up, we collect your email address, first name, and ZIP code. We use these to authenticate you, contact you about your subscription, and provide location-based outing suggestions.

Google Calendar Data

With your explicit permission, we integrate with your Google Calendar using read-only access. We read your calendar events to:

  • Understand your availability and commitments
  • Avoid suggesting outings when you're busy
  • Personalize timing and venue recommendations

We never modify your calendar, and you can revoke access at any time through Google Account settings—no penalty, no questions asked.

Usage Data

We track which outing suggestions you open, save, or ignore. This helps us learn what you actually want to do, so recommendations get better over time.

Preferences & Interests

You tell us your budget, neighborhood preferences, group size preferences, and activity interests. We store these to power personalized suggestions.

Payment Information

We don't store your credit card or payment details. Stripe, our payment processor, handles all card information securely. We only see your subscription status and billing history.

How We Use Your Data

  • •Generate personalized outing suggestions based on your location, preferences, budget, and calendar availability
  • •Send weekly email digests with your curated outing picks
  • •Improve the serviceby understanding which suggestions resonate and which don't
  • •Authenticate you via magic links and Google OAuth
  • •Manage your subscription and send billing-related emails

What We Don't Do

  • ✗We don't sell or share your data with advertisers, marketers, or third parties for profit
  • ✗We don't use tracking cookies or fingerprinting to follow you across the web
  • ✗We don't share your calendar events with venues, restaurants, or any other service
  • ✗We don't use your data for behavioral targeting or manipulation
  • ✗We don't use your data for any purpose you didn't consent to

Cookies & Sessions

We use minimal cookies:

  • Session cookie: A JWT token to keep you logged in. It expires when you close your browser or after 30 days of inactivity.
  • No tracking cookies:We don't use Google Analytics, Facebook Pixel, or similar tracking tools.

Product Analytics

To make Rondavu.ing better and to help you build a habit of seeing your friends, we record when and how you use the product. This is first-party data only — stored in our own database, never shared with Google Analytics, Meta, or any other third-party analytics or advertising company.

What we record:

  • When you log in and log out, and how long your session lasts.
  • When you open the weekly magazine (both opening the email and visiting the page).
  • Which outings you add to your calendar, which venues you add to your list, and which calendars you connect.
  • When you invite friends, and when invited friends sign up.
  • Subscription events (started, renewed, cancelled) for billing and reporting.

What we don't record:

  • Your raw IP address. We store only a one-way cryptographic hash, used solely for abuse detection.
  • Precise geolocation, mouse movements, keystrokes, or session replays.
  • Anything you do on other websites.

You can download or delete all of this data at any time from your account settings. When you delete your account, all of this data is anonymized — tied to no user — so that aggregate product health metrics stay intact while nothing remains linked to you personally.

Third-Party Services

Google Calendar API

We use Google's OAuth 2.0 to securely access your calendar. Google handles authentication; we only see what you authorize. You can revoke access anytime at myaccount.google.com/permissions.

Stripe Payments

Stripe is our payment processor. They comply with PCI DSS Level 1 standards and handle all card data encryption. We never see your full card number. See their privacy policy at stripe.com/privacy.

Resend Email

We use Resend to send transactional emails (sign-in links, weekly digests, billing confirmations). Resend processes email data according to their privacy policy at resend.com/privacy.

Railway Hosting

We host on Railway, which provides cloud infrastructure. Your data is stored in PostgreSQL databases on Railway infrastructure in the US.

Anthropic (AI-Generated Recommendations)

Your outing suggestions are generated using Claude, an AI model made by Anthropic. To do this, we send Anthropic your preferences, location, and availability — but not your name or email. Anthropic does not use this data to train their models. See their privacy policy at anthropic.com/legal/privacy.

How Long We Keep Your Data

  • While you're subscribed: We keep all your data to provide the service (account info, preferences, usage history, calendar sync).
  • After you cancel: We keep your account and preferences for 90 days in case you want to resubscribe without re-entering everything.
  • After 90 days: We delete your account, preferences, and usage history. We retain email address only to prevent duplicate signups.
  • Calendar data:We don't store your calendar events. We read them in real-time from Google Calendar.
  • Payment history: Stripe retains transaction records for tax and compliance purposes.

Your Rights

Delete Your Account

You can delete your account anytime from your account settings. We'll immediately delete your data except email address (kept 90 days to prevent duplicates).

Export Your Data

Email us at tad@tjornhom.com and we'll send you a JSON export of all your account data within 5 business days.

Revoke Google Calendar Access

You can revoke our calendar access anytime at myaccount.google.com/permissions. We'll immediately stop reading your calendar.

Unsubscribe from Emails

Every email has an unsubscribe link. We also offer preference management in your account settings.

Contact Us

Any questions or data requests? Email tad@tjornhom.com.

How We Protect Your Data

  • HTTPS encryption for all connections
  • Password hashing with bcrypt (we use magic links, not passwords, anyway)
  • JWT tokens with secure expiration
  • Database firewalls and access controls
  • Regular security audits and dependency updates

If we discover a security breach, we'll notify affected users within 48 hours.

Compliance

We're based in the US (Minnesota) and comply with relevant data protection laws:

  • GDPR (EU users): You have the right to access, correct, delete, or port your data. Contact us for requests.
  • CCPA (California users):You have the right to know, delete, and opt-out of sale (we don't sell data anyway).

Changes to This Policy

We may update this policy as the service evolves. If we make material changes, we'll email you and update the effective date. Continued use after changes means you accept the new policy.

Questions? Get in Touch

Privacy is personal. If you have any questions about this policy or how we handle your data:

tad@tjornhom.com

Tad Tjornhom
Founder, Rondavu.ing
PO Box 90162
Saint Paul, MN 55190

Last updated: April 2026