Privacy Policy

This Privacy Policy explains how Tripo ("we", "us", "our") collects, uses, shares, and protects your personal data when you use our mobile application and related services (the "Service"). By using Tripo, you agree to the practices described below.

In short: we only collect what we need to run the app, we never sell your data, and you can request access, correction, or deletion at any time by emailing support@tripo.app.

1. Who we are

Tripo is operated by [Your Company Legal Name], registered at [Company Address]. For any privacy-related question, contact us at support@tripo.app.

2. Data we collect

Account information

When you sign in with Google or another supported provider, we receive your name, email address, profile picture, and a unique user identifier. We do not receive your Google password.

Trip and profile content

We store the information you choose to share inside the app: trips you create or join, members you invite, itineraries, polls, expenses, messages, photos, accommodation bookings, and any preferences you set in your profile.

Device and usage data

To keep the app running smoothly we collect:

Device type, operating system version, and language
App version and crash reports
Anonymous usage events (e.g. which screens are viewed) to improve the product
IP address, used only for security and abuse prevention

Location data

If you grant the permission, Tripo uses your approximate or precise location to surface relevant destinations, guides, and venues near you. You can revoke this permission at any time in your device settings.

Camera and photos

If you grant the permission, you can attach photos to trips, expenses, and profiles. The app only accesses the photos you actively select or capture.

3. How we use your data

Provide the Service: create your account, sync your trips, deliver messages, and process bookings.
Personalize content: recommend guides, programs, and destinations that match your interests and location.
Communicate with you: send transactional emails (booking confirmations, password resets) and, only if you opt in, occasional product updates.
Improve the Service: analyze aggregate usage trends and fix crashes.
Protect users: detect fraud, abuse, and violations of our Terms.
Comply with the law: respond to valid legal requests and enforce our agreements.

4. Legal bases (GDPR)

If you are located in the European Economic Area or the United Kingdom, we process your data under the following legal bases:

Contract: to deliver the Service you signed up for.
Legitimate interests: to keep the app secure, prevent fraud, and improve our product.
Consent: for optional features such as location, camera access, and marketing communications. You can withdraw consent at any time.
Legal obligation: when we must retain or disclose information by law.

5. Sharing your data

We share data only with trusted service providers who help us operate Tripo. They are bound by contract to use your data only for the purposes we define. Current providers include:

Auth0 (Okta, Inc.) — authentication and identity management
Google LLC — Google Sign-In and Firebase services (analytics, push notifications)
Cloud hosting providers — to store data and run the API
Stripe, Inc. — if you make a payment inside the app, payment details are sent directly to Stripe and never stored on our servers

We never sell your personal data. We may share information when required by law, to protect users' safety, or as part of a business transfer (merger, acquisition), in which case we will notify you in advance.

6. International transfers

Your data may be processed in countries outside your own, including the United States. When we transfer personal data outside the EEA or UK, we rely on Standard Contractual Clauses or other safeguards approved by relevant authorities.

7. Data retention

We keep your account data for as long as your account is active. If you delete your account, we erase your personal data within 30 days, except where we are legally required to retain certain records (for example, invoices for accounting purposes).

8. Your rights

You have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data (right to be forgotten)
Object to or restrict certain processing
Request your data in a portable format
Withdraw your consent at any time
Lodge a complaint with your local data protection authority

To exercise any of these rights, email us at support@tripo.app. We will respond within 30 days.

9. Children

Tripo is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

10. Security

We use industry-standard safeguards — encryption in transit (TLS), encrypted storage, access controls, and regular reviews — to protect your data. No system is perfectly secure, so we cannot guarantee absolute security, but we take incidents seriously and will notify you and the competent authority of any breach affecting your data, as required by law.

11. Cookies and similar technologies

The mobile app uses local storage and device identifiers to keep you signed in and remember your preferences. Our marketing website may use a small number of cookies for analytics; you can decline non-essential cookies via your browser settings.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email at least 14 days before the changes take effect. Continued use of Tripo after the effective date means you accept the updated policy.

13. Contact us

Questions, requests, or complaints? Email us at support@tripo.app and we will get back to you promptly.