Privacy Policy

1. Introduction

Tripon ("we," "our," or "us") is a travel planning mobile application available on iOS. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application. By using Tripon, you agree to the collection and use of information in accordance with this policy.

We take your privacy seriously and are committed to protecting your personal data. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

2. Information We Collect

2.1 Information You Provide

• Account Information: When you sign in with Apple, we receive your name and email address (or a private relay email if you choose to hide your email). We also receive a unique Apple user identifier to create and manage your account.
• Profile Information: You may optionally provide a display name, bio, location, and profile photo.
• Trip Data: Destination names, countries, travel dates, trip notes, and cover images for your trips.
• Places: Names, addresses, geographic coordinates (latitude/longitude), categories, visit status, notes, and opening hours of places you save.
• Flight Information: Airline names, flight numbers, departure and arrival airports, departure and arrival times, booking references, and any associated notes.
• Accommodation Details: Hotel/lodging names, addresses, check-in/check-out dates and times, booking references, contact phone numbers, and notes.
• Expense Information: Expense amounts, currencies, categories, descriptions, and dates for budget tracking (premium feature).
• Packing Lists: Item names, categories, quantities, and packed/unpacked status.
• Feedback: When you submit feedback or bug reports, we collect the type, subject, and message content.

2.2 Information Collected Automatically

• Device Information: Device type, operating system version, device manufacturer and model, platform identifier, and language/locale settings.
• Usage Data: We collect analytics data about how you use the app, including features accessed, actions performed (such as creating trips, adding places, viewing the map), screen views, and interaction patterns.
• Push Notification Tokens: If you enable push notifications, we store your device's push notification token to send trip reminders and flight alerts.
• Error and Crash Data: We automatically collect crash reports, error logs, and diagnostic information to help us improve app stability.

2.3 Location Data

Tripon may request access to your device's location services to show your current position on the map and provide directions to saved places. We do not continuously track or store your real-time location. Your device location is only used in real-time for map visualization and is not transmitted to our servers. The only location data we store is the geographic coordinates of places you manually save to your trips.

2.4 Photos and Media

If you choose to set a profile photo, we request access to your device's photo library. Photos are processed locally on your device (cropped and compressed) before being uploaded. We do not access or scan your photo library beyond the specific image you select.

3. How We Use Your Information

We use the information we collect to:

• Create and manage your account.
• Provide, maintain, and improve the Tripon application and its features.
• Store and sync your trip plans, places, flights, accommodations, and other travel data.
• Send push notifications for trip reminders, flight departure alerts, and check-in reminders (when you opt in).
• Process and manage in-app purchases and subscriptions.
• Display advertisements to users on the free tier.
• Analyze usage patterns and app performance to improve user experience.
• Diagnose technical issues, fix bugs, and improve app stability.
• Enable social features such as friend connections and trip sharing.
• Respond to your feedback, inquiries, and support requests.
• Comply with legal obligations and enforce our terms of service.

4. Third-Party Services

We use the following third-party services that may collect and process your data according to their own privacy policies:

5. Data Storage and Security

Your data is stored on secure servers provided by Supabase. All data transmitted between the app and our servers is encrypted using TLS/HTTPS. We implement Row Level Security (RLS) policies on our database to ensure that users can only access their own data.

Some data is also stored locally on your device using encrypted local storage for offline access and performance purposes, including cached trip data, user preferences, and notification tokens.

While we use commercially reasonable safeguards to protect your information, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

6. Data Sharing and Disclosure

We do not sell your personal data to third parties.

We may share your information in the following circumstances:

• Third-Party Service Providers: We share data with the third-party services listed in Section 4, strictly for the purposes of operating the app (authentication, data storage, analytics, advertising, push notifications, and subscription management).
• Trip Sharing: If you choose to share a trip, the trip name, destinations, places, flights, and accommodation information become accessible to anyone with the share link. Expenses and private notes are never included in shared trips.
• Social Features: If you use friend features, your profile information (display name, bio, location, avatar) may be visible to other users based on your profile visibility settings (everyone, friends only, or private).
• Legal Obligations: We may disclose your information if required by law, court order, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

7. Advertising

Tripon displays advertisements through Google AdMob to users on the free tier only. When ads are displayed, Google may collect your device's Advertising Identifier (IDFA), device information, and interaction data to serve relevant advertisements.

Premium subscribers (Starter, Traveler, and Unlimited plans) do not see advertisements and no ad-related data is collected or shared with Google AdMob for those users.

You can limit ad tracking through your device's privacy settings (Settings > Privacy & Security > Tracking on iOS). You may also opt out of personalized advertising through your device's advertising settings.

8. Your Rights and Choices

8.1 Account Deletion

You can permanently delete your account and all associated data directly from the app (Settings > Delete Account). When you delete your account, the following data is permanently removed from our servers:

• Your user profile and authentication records
• All trips and associated data (places, flights, accommodations, expenses)
• Packing lists and trip notes
• Friend connections
• Subscription and limit records
• Push notification tokens
• Uploaded profile photos

Please note that historical analytics data collected by Firebase and data already processed by third-party services (RevenueCat, Google AdMob) may not be immediately deletable from those services. You may contact those services directly regarding their data retention policies.

8.2 Data Access and Portability

You can access all of your travel data within the app at any time. If you would like a copy of your data in a portable format, please contact us at the email address provided below.

8.3 Notification Preferences

You can enable or disable push notifications at any time through the app's settings or through your device's notification settings. Disabling notifications will prevent trip reminders and flight alerts.

8.4 Location Permissions

You can revoke location access at any time through your device's settings. The app will continue to function without location access, but you will not be able to see your current position on the map.

8.5 Profile Visibility

You can control who can see your profile by adjusting your profile visibility settings to "Everyone," "Friends Only," or "Private."

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you services. When you delete your account, your data is permanently deleted from our servers as described in Section 8.1.

Certain data may be retained for a limited period after account deletion for legitimate business purposes, including:

• Feedback submissions (to improve the app and respond to unresolved issues)
• Aggregated, anonymized analytics data (which cannot be used to identify you)
• Records required for legal compliance or dispute resolution

10. Children's Privacy

Tripon is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete that information promptly. If you believe we have collected data from a child under 13, please contact us immediately.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including the United States, where our third-party service providers (Supabase, Firebase, RevenueCat, Google) may maintain servers. These countries may have data protection laws that differ from those in your jurisdiction. By using Tripon, you consent to such transfers. We ensure that appropriate safeguards are in place with our service providers to protect your data.

12. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

• Right of Access: You can request a copy of your personal data.
• Right to Rectification: You can update or correct your data through the app or by contacting us.
• Right to Erasure: You can delete your account and all associated data from within the app.
• Right to Restrict Processing: You can request that we limit how we use your data.
• Right to Data Portability: You can request your data in a structured, machine-readable format.
• Right to Object: You can object to our processing of your data for direct marketing or analytics purposes.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

Our legal bases for processing your data include: performance of a contract (providing the app services), legitimate interests (analytics, improving the app), consent (push notifications, location access, ad tracking), and legal obligations.

13. California Users (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You can request deletion of your personal information.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

We do not sell your personal information as defined under the CCPA.

14. Guest Users

You may use Tripon without creating an account by continuing as a guest. In guest mode, your travel data is stored only on your device and is not uploaded to our servers. However, usage analytics and crash data may still be collected by Firebase, and advertisements may still be displayed via Google AdMob. Guest data will be lost if you uninstall the app or clear app data.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy within the app or on this page and updating the "Last updated" date. Your continued use of Tripon after any changes constitutes your acceptance of the revised policy. We encourage you to review this page periodically for the latest information.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: