1. Information We Collect
Account data, including your email address, authentication identifiers, profile name, and optional profile photo.
Travel content you provide, including trip names, destinations, dates, itinerary items, booking confirmations, boarding passes, traveler names, booking references, seat details, baggage information, notes, source documents, and AI chat prompts or trip context when you use AI features.
Booking-intake data, including forwarded booking emails, PDF attachments, inbound booking addresses, WhatsApp or Loop iMessage messages and attachments, pending trip choices, sender identifiers, and an optional booking phone number used to match messages to your account.
App settings, including privacy choices, notification preferences, trial status, scan usage, subscription status, and saved profile details.
Subscription and purchase data, including RevenueCat app user ID, product ID, entitlement status, purchase environment, renewal, cancellation, expiration, and related app-store receipt or webhook metadata.
Technical data required to run the service, including device push notification tokens, platform type, app configuration, security-related request metadata, and server logs.
Optional usage analytics, only if you enable Share Usage Analytics in Privacy & Security settings.
2. How We Use Information
To create your account, authenticate you, and sync your trips and settings across devices.
To extract itinerary and boarding-pass details from booking documents you upload, forward by email, or send through supported messaging channels.
To provide booking inboxes, WhatsApp booking intake, Loop iMessage booking intake, trip selection flows, and replies confirming import status.
To provide premium features, enforce scan limits, start trials, restore purchases, and manage subscriptions.
To send push notifications and Live Activity updates when you enable those features.
To provide travel images and photographer attribution in the app.
To respond to support requests, prevent abuse, debug reliability issues, secure TripGlide, and improve the product.
3. Processors and Service Providers
Supabase: authentication, database storage, profile image storage, Edge Functions, account deletion, push token storage, settings sync, usage records, analytics events, and subscription status mirrors.
Google Gemini API: AI document extraction and AI chat features. Booking documents, boarding passes, and trip context may be sent to Gemini only when the relevant AI consent is enabled or when you use an AI feature.
RevenueCat, Apple App Store, and Google Play: subscription offerings, purchases, restores, entitlements, payment processing, refunds, subscription management, receipts, and subscription webhook events.
Resend, SendGrid, Twilio WhatsApp, LoopMessage, Spectrum, iMessage infrastructure, and related messaging providers: inbound booking messages, webhook delivery, media retrieval, reply messages, forwarded booking emails, and attachments.
Unsplash: travel image search, image delivery, download tracking required by Unsplash, and photographer attribution.
Apple Push Notification service and Firebase Cloud Messaging: delivery of native push notifications when enabled.
4. AI Document Processing
AI document processing is off by default. If you enable AI Document Processing or use an AI feature, TripGlide may send booking confirmations, boarding passes, and related trip context to Google Gemini to extract travel details or answer trip-related questions.
If Store Sensitive Booking Details is off, TripGlide asks the extraction service to exclude traveler names, booking references, baggage allowance, seat numbers, and similar sensitive fields where possible.
If Keep Source Documents Offline or Keep Boarding Passes Offline is off, raw document files are not retained on your device after extraction. Server-side intake may temporarily process attachments to complete an import.
AI and extracted content may be incomplete or inaccurate, so you should review important travel details against the original booking provider.
5. Analytics and Privacy Controls
Usage analytics is optional and disabled by default. If enabled, TripGlide sends limited event names, timestamps, and sanitized properties to Supabase.
Analytics events are designed not to include names, emails, phone numbers, destinations, booking references, tokens, session identifiers, or raw travel documents.
You can change AI processing, sensitive detail storage, local document storage, boarding-pass storage, analytics, push notifications, and Live Activities in the app's Privacy & Security and Notifications settings.
6. Data Sharing
We do not sell your personal data. We do not use your travel documents for third-party advertising.
We share information with processors only to provide TripGlide, process subscriptions, deliver notifications, import bookings, generate travel imagery, secure the service, comply with law, or respond to your requests.
We may disclose information if required by law, to protect TripGlide and users, or as part of a business transfer involving the service.
7. Data Retention and Deletion
Account data is kept while your account is active.
Trips, itinerary items, settings, scan usage, trial records, booking phone number, and profile images are kept until you delete them, clear local data where applicable, or delete your account.
Source booking documents and boarding pass files are kept on your device only when the corresponding local storage settings are enabled.
Pending booking choices from email, WhatsApp, or Loop iMessage are temporary and are intended to expire or be deleted after the import flow is completed or abandoned.
Subscription events may be retained as long as needed for billing records, fraud prevention, accounting, tax, dispute resolution, and legal compliance.
Optional analytics events may be retained for product improvement and reliability analysis, then deleted or aggregated when no longer needed.
Server logs and security records are retained for a limited period needed to operate, debug, secure, and protect the service.
You can delete your TripGlide account in the app under Privacy & Security. Account deletion removes your TripGlide account and associated app data from active systems, subject to backups, logs, legal obligations, anti-abuse records, and subscription or payment records we must keep.
Deleting your TripGlide account does not automatically cancel an active Apple App Store or Google Play subscription; you must cancel subscriptions through the applicable store account settings.
8. Security
We use reasonable technical and organizational safeguards, including authentication, row-level access controls, server-side validation, webhook verification, and storage ownership checks where applicable.
No method of transmission or storage is completely secure, but we continuously work to protect your information.
9. Your Rights
Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your data.
You can update many settings inside TripGlide. Contact us to submit a request that is not available in the app.
10. Children's Privacy
TripGlide is not directed to children under 13, and we do not knowingly collect personal information from children under 13.
11. International Processing
TripGlide and its providers may process information in the United States and other countries where our providers operate. Data protection laws in those countries may differ from those in your location.
12. Contact and Changes
For privacy questions, contact vin@tripglide.online.
We may update this Privacy Policy from time to time. Material updates will be reflected by updating the effective date above.