Privacy Policy

Last updated: 1 June 2025

Welcome to Hidden Gems ("we", "us", "our"). We are committed to protecting your personal data and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://hiddengems.aitools.rs.

1. Information We Collect

We may collect the following categories of personal information:

• Account data: your name, email address, and hashed password when you register.
• Tour data: your city, vibe, duration, and time-of-day inputs when you generate a tour.
• Usage data: pages visited, browser type, IP address, and referral source (via server logs).
• Consent records: whether and when you gave marketing consent.

We do not collect payment information. We do not sell your data.

2. How We Use Your Information

• To operate, maintain, and improve our AI-powered tour service.
• To send you account-related emails (verification, password reset).
• To send occasional feature or product updates — only if you gave marketing consent.
• To comply with applicable laws and regulations.
• To detect and prevent fraud or abuse.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your data under:

• Contract performance — providing the tour service you requested.
• Legitimate interests — security, fraud prevention, service improvement.
• Consent — marketing emails (you may withdraw at any time).

4. Third-Party Services

We use the following sub-processors:

• Anthropic (Claude AI) — your city/vibe inputs are sent to Anthropic's API to generate tours. See Anthropic's Privacy Policy.
• Google Maps Platform — place names and coordinates are resolved via Google Maps APIs. See Google's Privacy Policy.
• Your hosting provider — server infrastructure where data is stored.

5. Data Retention

We retain account data for as long as your account is active or as needed to provide services. Generated tours are stored indefinitely unless you request deletion. You can request deletion at any time by emailing hello@hiddengems.aitools.rs.

6. Your Rights

Under GDPR and applicable privacy laws, you have the right to:

• Access — request a copy of your personal data.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Restriction — limit how we process your data.
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — unsubscribe from marketing at any time.

To exercise any right, email us at hello@hiddengems.aitools.rs. We will respond within 30 days.

7. Cookies

We use a single session cookie (hg_sess) to keep you logged in. This cookie is essential for the service to function and is deleted when you close your browser. We do not use tracking, advertising, or analytics cookies.

8. Security

We implement industry-standard security measures: bcrypt password hashing, HTTPS encryption, CSRF protection, and HTTP-only session cookies. No method of transmission over the internet is 100% secure.

9. Children's Privacy

Our service is not directed to children under the age of 16. We do not knowingly collect data from children. If you believe we have, please contact us immediately.

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users by email of material changes. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

For any privacy-related questions or requests, please contact:
Hidden Gems
Email: hello@hiddengems.aitools.rs