No Stress Travel No Stress Travel

Privacy Policy

Last updated: May 11, 2026

This is a courtesy translation. The legally binding version is in Serbian, available here: Your privacy.

1. Who we are

The data controller within the meaning of the Personal Data Protection Act of the Republic of Serbia and the General Data Protection Regulation (GDPR) is:

MARINA BOŽANIĆ PR KONSALTING I IZRADA SOFTVERSKIH REŠENJA QUANTESSA BEOGRAD (STARI GRAD)
Short name: QUANTESSA
Legal form: sole trader
Registered office: Prizrenska 9, 11000 Beograd (Stari Grad municipality), Republic of Serbia
Registration number: 68508126
PIB: 115624665
Email: info@quantessa.rs

Quantessa develops and operates the No Stress Travel app.

2. What data we collect

We only collect data necessary for the app to function and to be able to contact you:

  • Account data: email address, password (hashed, never in plain text), display name.
  • App usage data: routes you save ("My Routes"), selected free city, language you use.
  • Data for AI Smart Day Planner: preferences you enter (trip duration, pace, traveling with children, interests, free note). We send this data to the Anthropic Claude API to generate a personalized route for you — see section 4.
  • Technically necessary IP address (anonymized in logs), device and browser type, visited pages — via Google Analytics 4, only after your consent.
  • Communication: the content of messages you send us by email.

We do not collect: data about payment cards (processed by the payment processor — Lemon Squeezy), real-time location data, contact data from your phone, or any biometric data.

3. Legal basis and purpose of processing

  • Performance of contract (Art. 12 para. 1 item 2 PDPA / Art. 6.1.b GDPR) — for providing app services: creating an account, saving a route, generating an AI route.
  • Consent (Art. 12 para. 1 item 1 PDPL / Art. 6.1.a GDPR) — for analytical and marketing cookies, newsletter (if you sign up).
  • Legitimate interest (Art. 12 para. 1 item 6 PDPL / Art. 6.1.f GDPR) — for responding to messages, preventing abuse, and system security.

4. Who we share data with

We do not sell your data to third parties. We use the following processors (under a data processing agreement):

  • Anthropic, PBC (USA) — Claude AI API for generating personalized routes. What is sent: your preferences, city name, and list of attractions. What is NOT sent: email, name, password. Anthropic does not use your data to train AI models (contractual guarantee).
  • Google LLC (USA/Ireland) — Google Places API (information about restaurants, parking, and attractions), Google Maps (links to the map), Google Analytics 4 (visit statistics — only with your consent).
  • OpenWeatherMap (UK) — weather forecasts for cities. None of your personal data is transmitted.
  • GetYourGuide AG (Germany) — affiliate partner for booking tickets and tours. By clicking their link you leave our site; your data on their platform is subject to their privacy policy.
  • Booking.com B.V. (Netherlands) — affiliate partner for booking accommodation. Same principle as GetYourGuide.
  • Lemon Squeezy (USA/Ireland) — Processing payments for the Pro plan. We do not see your card number — it goes directly to Lemon Squeezy.
  • Hosting provider — server in the EU region for storing the application and database.

Transfers outside Serbia/EU are carried out in accordance with the EU standard contractual clauses.

5. How Long We Retain Your Data

  • Account data: until you delete your account or until we deactivate it due to inactivity (more than 24 months without logging in).
  • Saved routes: for as long as the account exists or until you manually delete them.
  • Anthropic API logs: Anthropic does not retain data for more than 30 days (except where strictly necessary to address abuse).
  • Analytics data (GA4): up to 14 months.
  • Email communication: up to 3 years from the last message exchange.

6. Your Rights

In accordance with the PDPL and GDPR, you have the right to:

  • request access to your data and a copy in a machine-readable format;
  • request the correction of inaccurate data;
  • request the deletion of your data ("right to be forgotten") — in some cases we will be required to retain part of it due to legal obligations;
  • restrict processing;
  • withdraw your consent at any time;
  • lodge a complaint with the Commissioner for Information of Public Importance and Personal Data Protection (poverenik.rs).

Send your request to info@quantessa.rs — we respond within 30 days.

7. Data Security

Passwords are stored in hashed form (bcrypt), traffic with the server is encrypted (HTTPS/TLS), database access is restricted, and all processors are contractually bound to security standards. In the event of a data breach, we will notify the competent authority within 72 hours and you without delay, in accordance with the law.

8. Cookies

The app uses technically necessary cookies (for sessions, language, CSRF protection) and, with your consent, analytical and marketing cookies. See details in Cookie Policy.

9. Minors

The app is not intended for persons under the age of 16. We do not knowingly collect data about minors. If we determine that we have accidentally done so, we will delete such data without delay.

10. Policy Changes

We may update this policy. The date of the last update is indicated at the top of the page. We will announce material changes within the app or by email to registered users at least 14 days before they take effect.