Leave Privacy Policy

Effective date: June 17, 2026

Who We Are

Leave Travel Technologies Inc. operates Leave and is responsible for the personal information described in this policy. For privacy requests, contact privacy@leave.app. For general support, contact support@leave.app.

Information Collected

  • Authentication information from Apple, Google, or email login.
  • User ID, username, profile, friends, blocks, and trip memberships.
  • Invitations and invite links.
  • Chat, polls, reactions, notes, tasks, and itinerary content.
  • Photos, receipts, screenshots, and travel documents.
  • Expense amounts, splits, balances, settlement status, and payment handles.
  • Precise location when enabled.
  • AI prompts, attachments, outputs, and relevant trip context.
  • Apple purchase information and RevenueCat customer/transaction identifiers.
  • IP address, device type, operating system, app version, logs, and diagnostics.
  • Push-notification tokens.
  • Support requests and beta feedback.
  • Waitlist email and marketing-consent records.

How Information Is Collected

Information may come from you, other members of your trip, your device, Apple or Google authentication, Apple purchase systems and RevenueCat, and service providers operating Leave.

How We Use Information

  • Provide Leave accounts, trips, chat, documents, location sharing, expenses, and settlement records.
  • Authenticate users, protect accounts, prevent abuse, and enforce our Terms and Community Guidelines.
  • Operate AI imports, summaries, research, extraction, and draft workflows you choose to use.
  • Process App Store purchases, RevenueCat entitlements, refunds, and revocations.
  • Send account, invite, push-notification, support, beta, and marketing messages where allowed.
  • Analyze reliability, crashes, diagnostics, and product usage to maintain and improve Leave.
  • Comply with legal obligations and respond to privacy, safety, or abuse requests.

Service Providers

Provider/categoryPurposePossible data
Azure cloud hosting and storageOperate the API, host infrastructure, and store uploadsAccount, trip, photo, receipt, document, and log data
Firebase and Firebase CrashlyticsPush notifications and crash diagnosticsPush tokens, device identifiers, app version, error context, and diagnostics
OpenAI and Google GeminiProcess user-requested AI featuresPrompts, selected attachments, images, receipts, documents, and relevant trip context
Google Places and Google authenticationSearch places, resolve trip locations, and support Google sign-inSearch terms, coordinates, place requests, and authentication information
AppleApple sign-in, App Store purchases, and TestFlight/App Store distributionApple account identifiers, purchase information, transaction status, and app-distribution data
RevenueCatValidate purchases and manage paid entitlementsUser ID, product, transaction, purchase, refund, and entitlement status
Email providerSend verification, support, invite, waitlist, and marketing emailsName, email address, message content, delivery metadata, and consent records
AWS Rekognition, when enabledImage safety moderationUploaded images submitted for moderation checks

AI Processing

When you choose to use an AI feature, Leave may send the text, files, images, receipts, travel documents, and relevant trip context selected for that request to third-party AI providers. Leave does not send this information to an AI provider merely because it exists in your account.

The app asks for permission before your first AI request. AI outputs may be incomplete or incorrect, so review AI-generated summaries, extracted details, research, and drafts before relying on them or adding them to a trip.

Sharing

Trip content is shared with active trip members according to the feature and trip settings. Location is shared only when enabled for a trip. Reports and moderation information may be reviewed by Leave and, where appropriate, trip administrators. We may also disclose information to service providers, legal authorities, or others when required to operate, secure, enforce, or comply with law.

International Processing

Leave and its service providers may process information in Canada, the United States, and other countries where providers operate. Privacy protections may differ from those in your province, state, or country.

Retention

DataRetention practice
Live trip locationApproximately 30 minutes after the last update, and cleared when location sharing is disabled.
Location-share request state30 days after the last request.
Realtime delivery eventsApproximately 10 minutes for delivery and reconnect support.
Uploaded trip contentUntil deleted by the user, removed by moderation, deleted with the trip, or removed during account deletion where the content is account-owned.
Shared trip records after account deletionShared expenses, messages, notes, tasks, documents, and itinerary records may remain for other trip members with the deleted user's profile anonymized.
Purchase and entitlement recordsRetained as needed to validate purchases, handle refunds or revocations, prevent abuse, and maintain tax/accounting records.
Support requests and beta feedbackRetained while needed to respond, maintain support history, and protect the service.
Waitlist and marketing-consent recordsRetained while the waitlist or marketing subscription is active and to keep proof of consent or unsubscribe.
Logs and diagnosticsApplication infrastructure logs are configured for a 30-day retention window where managed by Leave infrastructure; provider diagnostics follow the provider settings used for the service.
Deleted account data in backupsMay remain in encrypted backups until those backups expire under the production database backup schedule; backups are not used for normal account access.

Privacy Choices

You can access your information, correct profile information, delete your account, withdraw optional AI consent, disable location sharing, revoke device permissions, unsubscribe from marketing, and submit a privacy complaint. Visit Privacy Choices or email privacy@leave.app.

Security

We use administrative, technical, and organizational safeguards designed to protect personal information. No online service can guarantee perfect security.