ATRA
Last updated 5 July 2026 · applies to the Atra app, the web planning desk, and this website
MiraiTech, established in Belgium, is the data controller for all processing described here. Contact for anything privacy-related: info@miraitech.be. We will confirm requests within 72 hours and answer within 30 days as the GDPR requires.
| Data | Purpose | Legal basis (GDPR Art. 6) |
|---|---|---|
| Email, display name, credentials | Creating and securing your account (authentication runs on Supabase) | Contract — Art. 6(1)(b) |
| Swipes, saves, trip edits (your “travel DNA”) | Personalising recommendations and itineraries — the core of the service you sign up for | Contract — Art. 6(1)(b) |
| Trips, bookmarks, imported links, notes | Building and displaying your itineraries; sharing them when you choose to | Contract — Art. 6(1)(b) |
| Early-access email (this website’s form) | Inviting you to Atra, in order of signup | Consent: Art. 6(1)(a), withdraw any time |
| Technical logs (IP, timestamps, errors) | Keeping the service secure and working | Legitimate interest — Art. 6(1)(f) |
| Payment status (when paid plans launch) | Billing, invoices, tax records | Contract + legal obligation — Art. 6(1)(b)/(c) |
Atra builds a taste profile from your swipes (128 dimensions across vibe, pace, food, light, stays and company). It is used for one thing: choosing which places and plans to show you. It is private by default, blends with your crew’s only inside trips you plan together, and produces no decisions with legal or similarly significant effects (GDPR Art. 22). It is never used for advertising and never sold.
This website sets no cookies and runs no analytics or third-party trackers. The app uses only the technical storage needed to keep you signed in — nothing for advertising, nothing cross-site.
We use a small set of processors, each bound by a data-processing agreement: Supabase (authentication and database), Railway (API hosting), Cloudflare (media storage and delivery), Netlify (this website and its signup form), and Google (AI processing that turns your kept places into itinerary text). We share data with no one else, and never for their own purposes.
Some providers process data in the United States. Transfers rely on the EU–US Data Privacy Framework or Standard Contractual Clauses, with the data minimised to what the provider needs to do its job.
Under the GDPR you can, at any time and free of charge:
Write to info@miraitech.be. If you are not satisfied, you can lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données) or with the supervisory authority of your own EU country.
Atra is for people aged 16 and up. We do not knowingly process data of anyone younger; if that happens, we delete it.
If this policy changes in a way that matters, we tell you in the app or by email before it takes effect — never silently.