Privacy Policy

tour-savannah.com (“we,” “us”) operates a paid, AI-guided walking tour of Savannah's historic district. This Privacy Policy explains what we collect, why, and how long we keep it. If anything here is unclear, email support@tour-savannah.com.

Email address.When you purchase access, Stripe Checkout collects your email and passes it to us. We use it to deliver your access code, support the “lost my code” magic-link recovery flow, and contact you if there's a service issue with your purchase.

Access-code state. We store a per-code record in our key-value store. It contains: the code we generated for you, the product purchased (2-hour or 8-hour), purchase timestamp, expiration timestamp, remaining minutes, and an opaque session token issued when you redeem (used to enforce one-device-at-a-time access).

Authentication cookie. When you redeem your code, we set a single httpOnly cookie containing a signed token that identifies your code and current session. The cookie lives only on your device. It is not used for tracking outside the tour.

Geolocation (walking mode only).While the walking tour is active, your browser shares your current location with our front-end so the experience can react to which landmark you're near. We do not transmit or store your location on our servers. Your live position is used in-browser to drive the geofence and is sent to your AI guide as conversational context (e.g., “the visitor is currently near Madison Square”) so it can narrate appropriately.

Microphone audio.While you're connected to your AI guide, your microphone audio is streamed in real time to Anam.ai, our avatar partner. The audio is used to drive the conversation. It is not retained as audio on our servers.

Conversation transcripts.Anam.ai stores text transcripts of your conversations with your AI guide. We retain access to those transcripts and review them when a visitor requests a refund, files a chargeback, makes a claim about the accuracy or appropriateness of the avatar's responses, or when we investigate a service incident or abuse report. We do not review transcripts for marketing, training, advertising, or behavioral analysis.

Web analytics. We use Vercel Web Analytics (cookieless, aggregated page-view counts) and Google Analytics 4 to understand which pages visitors reach, what device and browser they used, and how they got here. Google Analytics 4 sets cookies on your device (typically _ga and _ga_*) and collects IP address for coarse geo-derivation (country and region, not street address). We do not use these tools for advertising, retargeting, or cross-site tracking, and we do not sell the data. You can opt out of Google Analytics with browser settings that disable cookies, with Do Not Track headers (where honored), or with the official Google Analytics Opt-out browser add-on.

Product analytics (session recordings and heatmaps). We use Microsoft Clarity to understand how visitors interact with the site so we can fix confusing UI and broken flows. Clarity records anonymous information about your visit: mouse movement, clicks, scroll, page-to-page navigation, the URLs you visit on our domain, your device and browser, and your approximate location derived from IP (country and region). It sets cookies on your device (typically _clck and _clsk). Clarity automatically masks sensitive content in recordings (form fields like passwords and payment inputs are not captured). We have also added masks on top of Clarity's defaults so the following are blurred in recordings: your email address on the feedback form, the free-text message you type into the feedback form, and your live conversation with your AI guide (both what you type and what the guide says back). We do not enable Clarity's “identify” feature, so your recordings are not linked to your email or your access code. We do not use Clarity for advertising, retargeting, or cross-site tracking, and we do not sell the data. Microsoft processes this data under its own privacy terms. You can opt out by enabling Do Not Track in your browser (Clarity honors it) or by blocking theclarity.ms domain.

We do not collect or store:

• Your credit card number, expiration date, CVV, or billing address — Stripe processes payment directly and we never see your card details
• Social Security Numbers, government IDs, driver's license numbers, or other sensitive identifiers
• Phone numbers (unless you mention one to the avatar in conversation)
• Browsing history outside our domain
• Persistent device fingerprints or third-party advertising identifiers
• Cookies for advertising, retargeting, or cross-site behavioral profiling (see the “Web analytics” paragraph above for the limited analytics cookies we do set)

We rely on the following providers to deliver the service. Each operates under its own privacy policy:

• Stripe— payments and email-at-checkout capture
• Vercel + Upstash Redis— hosting and our key-value store
• Resend— outbound email delivery
• Anam.ai— real-time avatar streaming and transcript storage
• OpenStreetMap contributors + CartoDB— base map tiles
• Vercel Web Analytics— cookieless, aggregated page-view analytics
• Google Analytics 4— cookie-based page and event analytics (see “Web analytics” above for what this includes and how to opt out)
• Microsoft Clarity— session recordings, heatmaps, and friction-signal analytics (see “Product analytics” above for what this includes and how to opt out)

• Email + code state— kept indefinitely so we can honor the magic-link recovery flow even years after purchase. You may request deletion (see below).
• Authentication cookie— expires when your access code expires (26 or 56 hours after purchase, depending on the product).
• Conversation transcripts (Anam.ai)— retained per Anam's policies, generally for a window long enough to support refund and claim review.
• Geolocation— not retained; live-only.
• Microphone audio— not retained as audio.

You can:

• Request a copy of the data we hold about you
• Request deletion of your records — email, code state, and any transcripts we can identify
• Withdraw consent for transcript review (note: this may affect our ability to honor a refund or claim related to your avatar interaction)

Email support@tour-savannah.com with your request. We aim to respond within 14 days.

This service is not directed to children under 13. We do not knowingly collect data from anyone under 13.

We may update this policy as the product evolves. The “Effective” date at the top reflects the current version. Material changes will be reflected here; we don't currently maintain an email list to push updates.

Questions, requests, or complaints: support@tour-savannah.com.