ATRA

Privacy policy

Last updated 5 July 2026 · applies to the Atra app, the web planning desk, and this website

The short version: your data stays yours. Your travel taste is private by default, is never sold, and is never used for advertising — there are no ads and no third-party trackers, on this site or in the app. Delete your account and your data goes with it. Below is the full picture the GDPR asks us to give you.

1. Who is responsible (controller)

MiraiTech, established in Belgium, is the data controller for all processing described here. Contact for anything privacy-related: info@miraitech.be. We will confirm requests within 72 hours and answer within 30 days as the GDPR requires.

2. What we process, why, and on what legal basis

DataPurposeLegal basis (GDPR Art. 6)
Email, display name, credentialsCreating and securing your account (authentication runs on Supabase)Contract — Art. 6(1)(b)
Swipes, saves, trip edits (your “travel DNA”)Personalising recommendations and itineraries — the core of the service you sign up forContract — Art. 6(1)(b)
Trips, bookmarks, imported links, notesBuilding and displaying your itineraries; sharing them when you choose toContract — Art. 6(1)(b)
Early-access email (this website’s form)Inviting you to Atra, in order of signupConsent: Art. 6(1)(a), withdraw any time
Technical logs (IP, timestamps, errors)Keeping the service secure and workingLegitimate interest — Art. 6(1)(f)
Payment status (when paid plans launch)Billing, invoices, tax recordsContract + legal obligation — Art. 6(1)(b)/(c)

3. Profiling, in plain terms

Atra builds a taste profile from your swipes (128 dimensions across vibe, pace, food, light, stays and company). It is used for one thing: choosing which places and plans to show you. It is private by default, blends with your crew’s only inside trips you plan together, and produces no decisions with legal or similarly significant effects (GDPR Art. 22). It is never used for advertising and never sold.

4. Cookies and trackers

This website sets no cookies and runs no analytics or third-party trackers. The app uses only the technical storage needed to keep you signed in — nothing for advertising, nothing cross-site.

5. Who touches the data (processors)

We use a small set of processors, each bound by a data-processing agreement: Supabase (authentication and database), Railway (API hosting), Cloudflare (media storage and delivery), Netlify (this website and its signup form), and Google (AI processing that turns your kept places into itinerary text). We share data with no one else, and never for their own purposes.

6. International transfers

Some providers process data in the United States. Transfers rely on the EU–US Data Privacy Framework or Standard Contractual Clauses, with the data minimised to what the provider needs to do its job.

7. How long we keep things

8. Your rights

Under the GDPR you can, at any time and free of charge:

Write to info@miraitech.be. If you are not satisfied, you can lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermings­autoriteit / Autorité de protection des données) or with the supervisory authority of your own EU country.

9. Age

Atra is for people aged 16 and up. We do not knowingly process data of anyone younger; if that happens, we delete it.

10. Changes

If this policy changes in a way that matters, we tell you in the app or by email before it takes effect — never silently.