Privacy Policy
Draft placeholder — not reviewed by a lawyer. Do not rely on this as a complete or legally accurate description of data handling until it has had real legal review.
Last updated: July 14, 2026
1. What we collect
- Account info: your email address and password (password is hashed by our auth provider, never stored in plain text)
- Travel bookings you enter, paste, or forward: flights, hotels, car rentals, cruises, activities, and their attachments (PDFs/images)
- Passport numbers, driver’s license and insurance policy numbers, and similar identifiers — encrypted at rest, separately from the rest of the database
- Credit card metadata you choose to enter for coverage tracking: card name, network, and last 4 digits only — never a full card number
- Health insurance and auto insurance details you enter for coverage summaries
- Your home ZIP code, used only to determine your time zone for reminder emails
- Companion/traveler names and their travel documents, if you add them
- Push notification device tokens, if you enable notifications
- The content of emails you forward to your TripTov inbound address, including attachments
2. How we use it
To build and maintain your trip timeline, generate reminders, run the insurance/visa advisors you use, sync to Google Calendar if you connect it, and reply to emails you forward with a confirmation of what was filed. We do not use your data for advertising, and we do not sell it.
3. Who else sees it (subprocessors)
TripTov runs on infrastructure from these providers, each processing only what’s needed for their function:
- Anthropic — reads forwarded/pasted confirmation text and attachments to extract structured booking data, and powers the visa/insurance/packing advisors
- Resend — delivers outbound emails (reminders, receipts, sign-in codes) and receives your forwarded booking emails
- Google — only if you connect Google Calendar: creates and updates events on a calendar in your Google account
- Supabase — hosts the database, file storage, and authentication
- Vercel — hosts the application
- OpenStreetMap / Nominatim — converts addresses to map coordinates for the trip map view
We don’t share your data with anyone else, including for marketing purposes.
4. Security
Passport numbers, license numbers, policy numbers, and similar identifiers are encrypted at rest. Uploaded documents are stored in a private bucket, never publicly accessible. Every table in our database is access-controlled so only your own account can read or write your rows. Sign-in requires an emailed verification code in addition to your password.
5. How long we keep it
We keep your data as long as your account exists. Deleting your account (Profile → Data & account) permanently and immediately removes it — this cannot be undone.
6. Your rights
You can download a full export of your data at any time, and permanently delete your account, both from Profile → Data & account. Depending on where you live, you may have additional rights (e.g. under GDPR or CCPA) to access, correct, or restrict processing of your data — contact us to exercise them.
7. Children
TripTov is not intended for children under 16, and we don’t knowingly collect data from them.
8. Changes
We’ll flag material changes to this policy in the app.
9. Contact
Questions or data requests: [contact email to be added].