Privacy Policy
Last updated: March 14, 2026
1. Introduction
Welcome to TripSync – Travel Companion ("TripSync", "we", "our", or "us"). We are committed to protecting your privacy and the privacy of all our users, including children. This privacy policy explains how we collect, use, store, and protect your personal information when you use our mobile application.
Our app is rated 4+ and is suitable for all ages. We take special care to ensure compliance with children's privacy laws, including the Children's Online Privacy Protection Act (COPPA) in the United States and similar laws worldwide.
2. Information We Collect
We collect only the minimal information necessary to provide our service. Below is a summary of the data we collect and how it is linked to your identity.
2.1 Account Information
| Data Type | Purpose |
|---|---|
| Full Name | Account creation, personalization, and display to trip members |
| Email Address | Account creation, authentication, password reset, and essential communications |
| Password | Account authentication (stored securely via Supabase Auth; we never store plaintext passwords) |
| Profile Avatar | Optional profile photo to personalize your account |
2.2 Trip & Activity Data
| Data Type | Purpose |
|---|---|
| Trip Details | Trip name, destination, dates, and cover image – created and managed by you |
| Itinerary Items | Stops, places, and activities you add to your trip itinerary |
| Circle/Subgroup Data | Groups within a trip that you create or join |
| Chat Messages | Messages you send within trip group chats |
| Invitations | Invite codes and invitation records for trip collaboration |
2.3 Location Data (Opt-In Only)
| Data Type | Purpose |
|---|---|
| GPS Coordinates | Real-time location sharing with trip members (latitude, longitude, accuracy) |
Important: Location data is collected only when you explicitly enable location sharing. You have full control over this feature with three modes:
- Off – No location data is collected (default)
- Trip Only – Share your location with members of a specific trip
- All Trips – Share your location across all your active trips
You can also set a time-limited duration for location sharing, after which it automatically stops. You may disable location sharing at any time.
2.4 Device Information
| Data Type | Purpose |
|---|---|
| Push Notification Token | Delivering push notifications for trip updates, invitations, and alerts |
| Face ID / Biometric Capability | Used locally on your device for app unlock; biometric data is never transmitted to our servers |
2.5 Information We Do NOT Collect
We do not collect:
- Physical addresses or phone numbers
- Payment or financial information
- Browsing or search history
- Photos or videos (beyond your optional profile avatar)
- Health or fitness data
- Contacts or social graph information
- Advertising identifiers
- Third-party analytics or tracking data
3. How We Collect Information
3.1 Authentication
We use email and password authentication powered by Supabase Auth. When you sign up, you provide your full name, email address, and password. We do not use social sign-in providers (e.g., Apple or Google Sign-In).
3.2 User-Provided Data
All trip details, itinerary items, messages, and profile information are provided directly by you through the app interface.
3.3 Automatic Collection
- Push notification tokens are collected automatically when you grant notification permissions.
- Location data is collected automatically only after you explicitly enable location sharing via the app's settings.
4. How We Use Your Information
We use the information we collect solely for app functionality:
- To create and manage your account
- To enable trip planning, collaboration, and coordination with other members
- To display itineraries, subgroups, and chat within your trips
- To share your real-time location with trip members (only when you opt in)
- To deliver push notifications about trip invitations, updates, and alerts
- To provide customer support when you contact us
- To improve our app and develop new features
We do not use your information for:
- Third-party advertising or behavioural tracking
- Selling or sharing your data with third parties for marketing purposes
- Profiling or automated decision-making
5. Children's Privacy
Our app is designed to be safe for users of all ages, including children under 13. We are committed to complying with the Children's Online Privacy Protection Act (COPPA) and similar laws worldwide.
For Parents and Guardians
If your child is under 13 (or the applicable age of consent in your jurisdiction), we require verifiable parental consent before collecting any personal information.
Parents and guardians have the right to:
- Review the personal information collected from their child
- Request deletion of their child's personal information
- Refuse to allow further collection of their child's information
- Withdraw consent at any time
What We Collect from Children: Only the minimal information described in Section 2 (name and email address) is collected for app functionality. We do not collect any additional information beyond what is described above.
Third-Party Services: We do not enable third-party analytics, advertising, or any services that track children in our app.
To exercise any of these rights or if you have questions about your child's data, please contact us at the email address provided in Section 12.
6. Data Sharing and Third Parties
We do not sell, rent, or share your personal information with third parties for their marketing purposes. We only share data with the following service provider, which helps us operate the app:
| Service Provider | Purpose |
|---|---|
| Supabase | Database hosting, user authentication, real-time data sync, and file storage (processes data on our behalf) |
Supabase is bound by contractual obligations to keep your information confidential and use it only for the purposes we specify. Supabase is compliant with major privacy regulations, including GDPR.
We do not integrate any third-party analytics, advertising networks, or tracking SDKs.
7. Data Storage and Security
We take the security of your personal information seriously and implement industry-standard security measures:
- All data transmission is encrypted using TLS/SSL protocols
- Data at rest is encrypted in Supabase's secure database infrastructure
- Passwords are securely hashed through Supabase Auth — we never store or access plaintext passwords
- Access to personal data is restricted to authorized personnel only
- Face ID / biometric data is processed entirely on your device using Apple's Local Authentication framework and is never transmitted to or stored on our servers
- We regularly review and update our security practices
While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.
8. Data Retention
We retain your personal information only for as long as necessary to provide you with our services and as described in this privacy policy.
- Location data is retained only while location sharing is active and is automatically disassociated when sharing is turned off or expires.
- When you delete your account, we will delete your personal information within 30 days, except where we are required to retain it by law or for legitimate business purposes (such as fraud prevention or record-keeping requirements).
9. Your Rights and Choices
Depending on your location, you may have the following rights regarding your personal information:
| Right | Description |
|---|---|
| Access | Request a copy of the personal information we hold about you |
| Correction | Request correction of inaccurate or incomplete information |
| Deletion | Request deletion of your personal information |
| Data Portability | Request a copy of your data in a structured, machine-readable format |
| Withdraw Consent | Withdraw your consent to data processing at any time |
| Object | Object to certain types of data processing |
In-app controls you have right now:
- Location sharing: Toggle on/off at any time; set time-limited durations
- Push notifications: Manage via your device settings
- Profile information: Edit your name and avatar directly in the app
To exercise any of these rights, please contact us using the information in Section 12. We will respond to your request within 30 days.
10. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer your data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with this privacy policy and applicable laws.
11. Changes to This Privacy Policy
We may update this privacy policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the new privacy policy in the app and updating the "Last updated" date at the top of this policy. We encourage you to review this policy periodically.
12. Contact Us
If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:
Email: tripsync.humankit@gmail.com
Response Time: We aim to respond to all inquiries within 48 hours.
For Parental Consent Requests: Please include "Parental Consent" in the email subject line.
Compliance
This privacy policy complies with:
- Apple App Store Review Guidelines (Section 5.1 – Privacy)
- Children's Online Privacy Protection Act (COPPA)
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
TripSync – Travel Companion
Stay Connected, Wherever You Wander