Todo Nuevo México

Todo Nuevo México

Privacy Policy

Last updated June 10, 2026

This Privacy Policy explains how Darell Trujillo LLC (“we,” “us”) handles information in connection with Todo Nuevo México (the “Service”). We aim to collect as little personal information as possible.

Information we collect

  • Account email. If you sign in, we collect your email address to send a one-time sign-in link and to associate your saved itineraries with your account. We use passwordless sign-in — we never set or store a password.
  • Itineraries you create. The activities, events, days, and notes you add to your adventures, stored so you can return to them.
  • Trip-planner inputs. The preferences you submit to the AI planner (such as region, activity types, and free-text notes) to generate a suggested itinerary.
  • Privacy-respecting analytics. We run our own self-hosted, cookielessanalytics (Umami) on our own infrastructure to understand which pages and features are used — pageviews, key actions (such as generating a plan or running a search), and response times. It sets no analytics cookies, does not fingerprint you, records no session replay, and honors your browser's Do-Not-Track setting. We also keep aggregate, non-identifying counters of how AI crawlers and referrers reach the Service, plus the basic session data needed to keep you signed in.

How we use information

We use information to operate and secure the Service, to authenticate you, to save and email your itineraries when you ask, to generate trip suggestions, and to understand aggregate usage so we can improve. We do not sell your personal information, and we do not use it for third-party advertising.

Service providers

We rely on a small number of processors who handle data only to provide their service to us:
  • Supabase — database, authentication, and hosting of your account and itineraries.
  • Railway — application and background-worker hosting.
  • Resend — delivery of sign-in links and itinerary emails.
  • xAI — the AI trip planner; your planner inputs and candidate place names are sent to generate a suggestion. We do not send your email address or account identity.
  • Map tile providers (e.g. MapTiler / Protomaps) — to render maps you view.

Cookies and sessions

We use only the cookies necessary to keep you signed in and to operate the Service. Our analytics are cookieless. We do not use third-party advertising, analytics, or cross-site tracking cookies.

Data retention and your choices

We keep your account and itineraries until you ask us to delete them. You can request access to, correction of, or deletion of your personal information at any time by emailing us; we will honor verified requests as required by applicable law.

Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from them.

Security

We use reasonable technical and organizational measures to protect information, including row-level access controls that scope saved data to its owner. No method of transmission or storage is perfectly secure.

Changes

We may update this Policy from time to time; the “last updated” date above reflects the latest revision.

Contact

Questions, or a data request? Email [email protected].

See also our Terms of Service.