ictuo BETA
Start planning free

Privacy Policy

Last updated: April 21, 2026

1. About us (Data Controller)

This Privacy Policy explains how your personal data is processed in connection with the Victuo service (the "Service"). Victuo is a brand operated by ISTRO LABS S.R.L., a company registered in Romania. References in this Policy to "Victuo", "we", "us", or "our" mean ISTRO LABS S.R.L., which is the data controller for your personal data.

Our registered address is Str. Nerva Traian nr. 27-33, Bl. B, Et. 1, Biroul 6, Bucuresti, Sector 3, Romania. Our Trade Registry number is J2026026913005, and our Romanian Unique Registration Code (CUI) is 54542426. You can reach us at [email protected].

We are the data controller for the purposes of applicable data protection laws, including the General Data Protection Regulation (GDPR) and Romanian data protection legislation.

2. What data we collect

We collect the following categories of personal data.

Account data. When you create an account, we collect your email address, your display name, and the authentication provider you use (email, Google, or Apple).

Trip data. When you plan a trip, we collect the details you enter, including dates, location, crew size, crew information, dietary preferences and restrictions, and the meal plans and shopping lists generated by the Service.

Guest preference data. When a trip organiser invites guests via a shareable link, we may collect the guest's name and age group, their dietary restrictions and allergy information, and their food, cuisine, and drink preferences. See clause 7 for how guest data is handled specifically.

Billing data. If you buy paid access, our payment provider may process your payment details, billing address, tax status, invoice details, transaction status, and fraud-prevention signals. We receive limited billing records such as plan purchased, payment status, invoice or receipt references, and payment provider customer or checkout identifiers.

Usage data. We collect basic information about how the Service is used, including pages visited, features used, and performance metrics. In the Victuo web app and iOS app, we also collect operational reliability telemetry for error monitoring, stability diagnostics, and performance troubleshooting. If you opt in within the Victuo web app, we also collect limited product analytics so we can understand which planning flows are used and where users encounter friction. Our marketing website uses Google Analytics only with your consent.

3. Legal basis for processing

We process your personal data under the following legal bases set out in the GDPR:

  • Performance of a contract (Article 6(1)(b)) — to provide the Service to you, including your account, your trips, and your meal plans;
  • Legitimate interests (Article 6(1)(f)) — to improve and develop the Service, to monitor stability, investigate faults, troubleshoot performance and connectivity issues, and to maintain security;
  • Consent (Article 6(1)(a)) — for analytics cookies on our marketing website, for optional product analytics in the Victuo web app, and for any processing that requires consent under applicable law;
  • Explicit consent for special category data (Article 9(2)(a)) — where dietary restrictions and allergy information may constitute health data, we rely on your explicit consent to process it for meal planning and provisioning purposes.

Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

4. How we use your data

We use your personal data to provide and operate the Service, to generate meal plans and provisioning outputs, to store and synchronise your trips across your devices, to improve the Service using aggregated and anonymised data, and to maintain the security and integrity of the Service and prevent abuse.

Automated planning recommendations

Victuo generates automated planning recommendations from the trip, crew, boat, route, and preference information you provide. These outputs are planning aids only and do not make decisions with legal effects or similarly significant effects for you.

Operational reliability telemetry

In the Victuo web app and iOS app, we use Sentry as a processor for production reliability monitoring. This telemetry helps us investigate crashes, unexpected errors, failing plan generation flows, degraded network conditions, and other operational faults that affect your ability to use the Service.

This telemetry may include internal account or user identifiers, app version and build number, browser or device basics, route or screen name, connectivity state, request identifiers, and sanitised operation metadata such as trip region, crew count, trip duration, retryability, and whether a fallback path was used.

We configure this telemetry not to include raw trip payloads, guest answers, authentication tokens, or free-text notes. We also do not enable session replay or screen recording in this phase of the Service.

Optional product analytics in the web app

If you explicitly enable Product analytics in the Victuo web app settings, we use PostHog as a processor to collect limited, manual analytics events about key product flows such as sign-in, plan generation, plan regeneration, and meal swaps.

This optional analytics stream may include an internal user identifier, app version and build number, route name, operation name, and sanitised planning metadata such as trip region, crew count, trip duration, retryability, and whether a fallback path was used.

We configure this analytics to avoid autocapture, advertising profiling, session replay, and screen recording. We also do not send raw trip payloads, guest answers, authentication tokens, or free-text notes to PostHog in this phase of the Service.

We do not sell or rent your personal data to any third party.

5. Authentication

Victuo supports authentication using email and password, Sign in with Google, or Sign in with Apple.

When you sign in with Google or Apple, we receive only your email address and your profile name. We do not access your contacts, calendars, photos, or any other data from your Google or Apple account.

6. Data storage and international transfers

Your data is stored in a database located in the European Union. Some trip data may also be cached locally in your browser to improve performance and enable offline access.

Reliability telemetry may be processed by Sentry and its sub-processors to help us monitor and diagnose production failures. Where that processing involves transfers outside the European Economic Area, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent lawful transfer mechanisms.

If you opt in to product analytics in the web app, that analytics may also be processed by PostHog and its sub-processors for product analysis and service improvement. Where that processing involves transfers outside the European Economic Area, we rely on appropriate safeguards such as Standard Contractual Clauses or equivalent lawful transfer mechanisms.

We do not transfer personal data outside the European Economic Area except where necessary to provide the Service. Where such transfers occur, we rely on appropriate safeguards as required by GDPR, such as adequacy decisions, Standard Contractual Clauses, or equivalent legally recognised mechanisms.

7. Guest data

Trip organisers may invite guests to submit their preferences through a shareable link. Guests do not need to create an account.

When a guest submits their preferences, we collect their name and age group, their dietary restrictions and allergy information, and their food and drink preferences. This data is visible only to the trip organiser who issued the invitation, is stored in the EU, and is retained for as long as the associated trip exists.

Guests have the same rights as other data subjects under GDPR and may request access, correction, or deletion of their data by contacting [email protected].

8. Data retention

We retain your data only for as long as it is needed for the purposes set out in this Policy.

Account and trip data. Retained for as long as your account is active. You may delete individual trips at any time, and you may delete your account at any time — account deletion is permanent and removes your personal data from our live systems within 30 days.

Guest data. Retained for as long as the associated trip exists, and deleted when the trip is deleted.

Consent records. Retained for up to 24 months to demonstrate compliance with Article 7(1) GDPR. If you delete your account, personal identifiers are removed from consent logs, and anonymised records may be retained for audit purposes.

Encrypted backups. Residual copies of deleted data may persist in our encrypted backups for up to 90 days before being overwritten in the ordinary course of backup rotation. Data in backups is not used for any active processing.

Operational reliability telemetry. Diagnostic telemetry is retained for a limited period that reflects our incident investigation and service reliability needs. As a general rule, we aim to keep this telemetry no longer than 90 days unless a longer period is required to investigate a security, fraud, or reliability incident.

Optional product analytics. If you opt in to product analytics in the web app, those analytics events are retained only for as long as reasonably necessary to understand feature usage, improve core flows, and support product analysis. We review this retention periodically and do not use this analytics stream for advertising.

9. Cookies

The Victuo app uses only essential cookies required for authentication and core functionality.

If you opt in to product analytics in the Victuo web app, the application may also use PostHog cookies or equivalent browser storage to remember analytics state, recognise your browser, and associate your opted-in analytics events. This optional analytics is not used for advertising or marketing profiling.

The reliability telemetry described in this Policy is separate from these optional analytics controls and is not used for advertising or marketing profiling.

Our marketing website uses analytics cookies (Google Analytics) only with your explicit, prior consent. You can withdraw your consent at any time.

For full details on the cookies we use, please see our Cookie Policy.

10. Your rights

Under GDPR and other applicable data protection laws, you have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request deletion of your data ("right to be forgotten");
  • request restriction of processing in certain circumstances;
  • object to processing based on legitimate interests;
  • request portability of your data in a structured, commonly used format;
  • withdraw consent at any time where processing is based on consent;
  • lodge a complaint with a data protection supervisory authority.

To exercise any of these rights, or for any question about how we handle your personal data, contact us at [email protected]. We will respond within the timeframes required by applicable law — ordinarily within one month.

11. Third-party services

We rely on the following providers to deliver the Service:

  • a cloud database and authentication provider, hosted in the European Union, which stores your account and trip data and handles sign-in;
  • a reliability monitoring provider (Sentry), which receives sanitised diagnostic telemetry from the Victuo web app and iOS app so we can monitor crashes, investigate failures, and troubleshoot production performance issues;
  • an optional product analytics provider (PostHog), which receives consent-gated web app analytics events so we can understand usage of key product flows and improve the Service;
  • an analytics provider for our marketing website, used only with your consent;
  • third-party sign-in providers (Google and Apple), where you choose to authenticate using those services;
  • a map service provider, which receives technical location data such as the map viewport you are viewing.
  • a payment provider, where paid plans are enabled, which processes checkout, payment authentication, tax calculation, invoices, receipts, chargebacks, and fraud-prevention signals.

These providers act as data processors where applicable and are bound by data processing agreements. Fonts used across the Service are self-hosted and are not served from third-party providers. We do not sell personal data to any third party.

12. Security

We implement appropriate technical and organisational measures to protect your personal data, including HTTPS encryption in transit, secure authentication, and row-level security controls on our database.

No system can be made completely secure, but we take reasonable steps to protect your data against unauthorised access, alteration, disclosure, or destruction. If a data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority and, where required, affected users without undue delay.

13. Children

The Service is not intended for individuals under 16, and we do not knowingly collect personal data from children under 16.

If you are a parent or guardian and you believe your child has provided us with personal data, please contact us at [email protected] and we will take steps to delete it.

14. Supervisory authorities

You have the right to lodge a complaint with a data protection supervisory authority.

Because Victuo is operated from Romania, our lead supervisory authority under GDPR is the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) — dataprotection.ro.

If you are based elsewhere in the EU or EEA, you may also lodge a complaint with the data protection authority in your country of residence. A full list is available at edpb.europa.eu.

United Kingdom. The Information Commissioner's Office (ICO) — ico.org.uk. Your rights under the UK GDPR and the Data Protection Act 2018 apply.

Australia. The Office of the Australian Information Commissioner (OAIC) — oaic.gov.au. We take reasonable steps to ensure compliance with the Australian Privacy Principles under the Privacy Act 1988.

If you are based elsewhere and your local law provides stronger protections or additional rights, those rights continue to apply.

15. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Where changes are material, we will take reasonable steps to notify you through the Service or by email.

Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

16. Contact

For privacy-related questions or to exercise your rights, contact us at [email protected].