Privacy Policy

Tripsyc (“we,” “us,” or “our”) operates the Tripsyc website and iOS application (together, the “Service”). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

By using the Service, you agree to the collection and use of information as described in this policy. This policy should be read alongside our Terms of Service.

1. Information We Collect

Information you provide directly

• Email address — used for authentication (magic link / OTP) and trip invitations
• Name — displayed to members of your trip groups
• Profile information — home city, bio, travel style preference, profile photo
• Trip data — trip names, dates, destination suggestions and votes, budget amounts (stored privately), expense records, itinerary items, packing lists, task assignments, and notes
• Chat messages and photos — content you post within trip group chats and photo uploads
• Calendar availability — dates you mark as free, tentative, or busy within the app

Information collected automatically

• Usage data — pages visited, features used, actions taken, timestamps
• Device information — browser type and version, operating system, device type, IP address
• Log data — server logs including request paths, error reports, and performance metrics

Information from third parties

• Google OAuth — if you sign in with Google, we receive your name and email address from Google

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the Service
• Authenticate your identity and maintain your session
• Send transactional emails (sign-in codes, trip invitation notifications, decision updates)
• Calculate and display anonymous group data (budget comfort zones, availability overlap) without revealing individual details
• Enable collaboration features within your trip groups
• Monitor and analyze usage to improve performance, security, and user experience
• Detect and prevent fraud, abuse, and policy violations
• Comply with legal obligations

We do not use your data for advertising. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

3. Budget Privacy

Your individual budget amount is stored encrypted and is never shared with other trip members, the trip creator, or any third party. Only an anonymous aggregate range is calculated and displayed to the group when at least four members have submitted budgets. This aggregation is computed server-side and individual values are never surfaced to any user.

4. Data Sharing and Disclosure

With other users (within your trip groups)

Your name, profile photo, travel style, home city, availability, votes, messages, and expenses are visible to members of your shared trip groups. Your email address is visible to trip organizers. Your budget amount is never visible to anyone.

With service providers

We share data with the following third-party providers to operate the Service:

• Supabase — database hosting and authentication infrastructure
• Vercel — web application hosting and edge network
• Email delivery provider — to send sign-in codes and notifications
• Apple App Store / Google Play — for iOS/Android app distribution

These providers process data only as necessary to provide their services and are bound by confidentiality and data processing agreements.

Legal requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Tripsyc, our users, or the public.

5. Cookies and Local Storage

We use a single session cookie to maintain your authenticated state. This cookie is strictly necessary for the Service to function and cannot be disabled while using the Service.

We do not use third-party advertising cookies, cross-site tracking cookies, or analytics platforms that set persistent tracking identifiers. We may use local storage in your browser for performance purposes (such as caching UI preferences). No advertising networks have access to your browsing behavior through the Service.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you request deletion of your account, we will delete or anonymize your personal information within a reasonable time, subject to legal retention obligations.

Trip data (messages, expenses, itineraries) may persist in the accounts of other trip members after you leave a trip, as it is shared group content.

7. Your Rights and Choices

You have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — update or correct inaccurate information via your account settings
• Deletion — request deletion of your account and personal data by emailing hello@tripsyc.com
• Portability — request a copy of your data in a portable format
• Objection — object to certain processing of your data

California residents (CCPA/CPRA): Because we do not sell personal information or use it for cross-context behavioral advertising, many CCPA provisions may not apply. However, California residents may contact us to exercise rights to know, delete, and correct their data. We will not discriminate against you for exercising these rights.

EU/EEA/UK residents (GDPR/UK GDPR): Our legal bases for processing your data include: (a) performance of a contract — to provide the Service you requested; (b) our legitimate interests — to operate, secure, and improve the Service; and (c) legal obligations. You have the right to lodge a complaint with your local data protection authority (e.g. the ICO in the UK, or your national DPA in the EU). For international transfers, we rely on standard contractual clauses or equivalent safeguards where required.

8. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information immediately. If you believe a child has provided us their data, please contact us at hello@tripsyc.com.

9. Security

We take reasonable technical and organizational measures to protect your data, including encrypted connections (HTTPS/TLS), hashed authentication tokens, HTTP-only secure cookies, and access controls on our database infrastructure.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

10. International Data Transfers

The Service is operated from the United States. If you are located outside the US, your information may be transferred to, stored in, and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to this transfer. We rely on appropriate safeguards (such as contractual protections with our service providers) where required by law.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top. Material changes will be communicated to you via email or a prominent notice in the Service. Your continued use of the Service after any change constitutes acceptance of the updated policy.

12. Contact Us

For any questions, requests, or concerns about this Privacy Policy or your personal data, please contact us at: hello@tripsyc.com