TripOS

Privacy Policy

Last updated: March 1, 2026

TripOS (“we,” “us,” “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our Service.

1. Data We Collect

Information you provide directly

  • Account information: Name, email address, and profile picture (provided via Google OAuth)
  • Trip preferences: Destinations, travel dates, vibes, budget, pace, dietary restrictions, and other itinerary customization choices
  • User-generated content: Comments, votes, and trip notes
  • Preferences: Trip preferences, vibe selections, and planning settings

Information collected automatically

  • Usage data: Pages visited, features used, itinerary interactions, and session duration
  • Device information: Browser type, operating system, screen resolution, and device type
  • Log data: IP address, access times, and referring URLs

2. How We Use Your Data

We use the data we collect for the following purposes:

  • Provide the Service: Generate personalized itineraries, manage your trips, and enable collaboration
  • Improve the Service: Analyze usage patterns to enhance features and user experience
  • Communication: Send trip notifications, account updates, and (with your consent) marketing communications
  • Payment processing: Manage subscriptions and billing through our payment processor
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal compliance: Fulfill legal obligations and respond to lawful requests

3. Data Storage and Security

Your data is stored in secure, encrypted databases hosted on reputable cloud infrastructure providers. We implement industry-standard security measures including:

  • Encryption in transit (TLS/SSL) and at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication for internal systems
  • Automated backups and disaster recovery procedures

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

4. Third-Party Services and APIs

To provide our Service, we integrate with several third-party APIs and services. Each has its own privacy practices:

Google (Authentication & Places)

Used for sign-in via Google OAuth and for retrieving place data (ratings, opening hours, addresses). Your Google account data is accessed only with your permission. See Google Privacy Policy.

Mapbox (Maps & Routing)

Used for map rendering and route calculations. Location data is sent to Mapbox for distance and duration estimates. See Mapbox Privacy Policy.

OpenAI (AI Generation)

Used for generating personalized itineraries. Your trip preferences (not personal identifiers) are sent to OpenAI for processing. See OpenAI Privacy Policy.

OpenWeather (Weather Data)

Used for providing weather forecasts for your trip dates and destinations. Location coordinates are shared for weather lookups. See OpenWeather Privacy Policy.

5. Data Sharing

We do not sell your personal data. We share data only in the following circumstances:

  • Collaboration: When you share a trip, your name and comments are visible to collaborators and anyone with the share link
  • Service providers: With third-party services listed above, solely to operate the Service
  • Legal requirements: When required by law, regulation, or legal process
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate safeguards for your data

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a machine-readable format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing of your personal data for specific purposes
  • Withdrawal of consent: Withdraw consent at any time where processing is based on consent

To exercise any of these rights, use the account controls inside the app, or reach out through the support channel listed on the site.

7. Data Deletion

You can delete your account and all associated data at any time:

How to delete your data

  1. Sign in to your TripOS account
  2. Navigate to Settings
  3. Scroll to the “Danger Zone” section
  4. Click “Delete Account” and follow the confirmation steps

Account deletion will permanently remove your profile, all trips, comments, votes, and preferences. This action cannot be undone. Data may be retained for up to 30 days in backup systems before being fully purged.

Deletion requests made from inside the app are processed within 30 days.

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential cookies: Required for authentication and core functionality (session management, CSRF protection)
  • Analytics cookies: Help us understand how the Service is used (page views, feature adoption, error tracking)
  • Preference cookies: Remember your settings and preferences (theme, timezone)

We do not use cookies for advertising or behavioral targeting. You can manage cookie preferences through your browser settings, but disabling essential cookies may affect Service functionality.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us through the app and we will promptly delete it.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses and adherence to applicable data protection frameworks.

11. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account deletion:

  • Personal data is deleted within 30 days from active systems
  • Backup data is purged within 90 days
  • Aggregated, anonymized data may be retained indefinitely for analytics and Service improvement
  • Data required for legal compliance is retained as mandated by law

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website and updating the “Last updated” date. We encourage you to review this policy periodically.