FILE No. E94DBD Fri, 15 May 2026 OPERATOR: CIVILIAN CLEARANCE: TRAVEL PREP
Know the risk before you go — or where you are now.
CONFIDENTIAL

Privacy

Travel Risk Calculator collects the minimum amount of data needed to deliver a useful safety briefing. No account is required to run an assessment, and we do not sell user data to anyone.

What we collect when you run an assessment

  • The form inputs you submit — origin city, destination city, travel method, traveler profile, etc. These are stored alongside the assessment so the result page can be reloaded.
  • Your IP address — used for rate limiting (so one IP can't run unlimited assessments) and stored only in binary form in our database. We do not geolocate your IP for any other purpose.
  • A short session cookie named FIELDBRIEF_SID for CSRF protection on form submissions.
  • The result you produced, anonymously linked to a random slug (e.g., /assessment/abc123…). If you save it to an account, it becomes associated with your user id; otherwise it is anonymous.

We never collect: real names, payment information, government IDs, biometrics, health information beyond what you voluntarily enter into the traveler-profile field.

What we collect when you use an account

An optional account (email + password) lets you save trips, build a watchlist, and use the public REST API. We store:

  • your email address — only for login and account-recovery emails;
  • an Argon2id hash of your password — never the password itself;
  • a timestamp of your last login;
  • the trips, itineraries, and watchlist items you create.

You can delete your account at any time by emailing [email protected]. We will remove your account and associated trips within 30 days.

Browser geolocation

The "I am here now" mode can request browser geolocation to pre-fill your current city. This permission is requested by your browser, not by us, and is only used in-memory. We do not store your precise coordinates unless you save the resulting assessment.

Cookies

We use one strictly necessary cookie: FIELDBRIEF_SID (HttpOnly, SameSite=Lax) for session and CSRF protection. We do not use tracking cookies or fingerprinting. We do not run third-party analytics.

Advertising and Google partner disclosure

If and when we serve ads on this site, the network will be Google AdSense (initially). Google AdSense and its partners may use cookies to serve ads based on a user's prior visits to this and other websites. This is industry-standard contextual and personalized advertising — see how Google uses information from sites or apps that use our services for the full Google policy.

You can opt out of personalized ads served by Google at any time at Google Ads Settings. If you visit from the European Economic Area, the United Kingdom, Switzerland, or another region with consent requirements, you will see a consent management interface before any personalized ads are served. You can decline personalized ads (or all ads) without losing access to any feature of the site.

For our full ad policy — where ads will and will not appear, what we will not accept — see our Advertising page.

Live data sources we query on your behalf

When you run an assessment we make requests to public APIs to fetch real-time information:

  • Open-Meteo (weather, air quality);
  • US State Department RSS feed (travel advisories);
  • GDACS RSS feed (disaster alerts);
  • CDC RSS feed (health notices);
  • Google News RSS (headlines);
  • An AI provider (currently Ollama Cloud) to synthesize the prose summary;
  • A search provider (Ollama Cloud Web Search, with SearXNG fallback) to fetch supporting snippets.

These requests originate from our server, not your browser, so the external services do not see your IP. We do, however, pass them the city and country you're asking about (because that's the whole point of the query).

Data retention

  • Anonymous assessments: retained indefinitely so the slug-based URL keeps working.
  • Account data: retained for as long as the account exists.
  • Rate-limit logs: 7 days.
  • Server access logs: 14 days.
  • AI usage logs (for budget and abuse prevention): 90 days.

Your rights

If you have an account and are subject to GDPR, UK GDPR, CCPA, or similar privacy law, you have the right to:

  • access the personal data we hold on you;
  • request correction of inaccurate data;
  • request deletion of your account and associated data;
  • request a portable export of your trips and watchlist;
  • object to processing.

Email [email protected] with "Privacy request:" at the start of the subject line. We will respond within 30 days.

Changes to this policy

This privacy policy was last updated on May 15, 2026. We will publish notice of material changes here. Email is sent to account holders for changes affecting their data.

Contact

Privacy questions: [email protected]. For non-privacy questions, use the contact form.