Privacy Policy

1. Who we are

Trippple Travel, Inc. ("Trippple," "we," "us," "our") is a Delaware C-Corporation operating the Trippple mobile app and the website at trippple.travel.

Mailing address: 1521 Concord Pike Ste. 201, Wilmington, DE 19803
Contact: hello@trippple.travel

This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and the rights you have over it.

2. Information we collect

We collect only the information needed to provide and improve the Service.

2.1 Information you provide directly

• Account profile: name, email address, profile photo (avatar), display name, username, gender, birthday.
• Home base: the city you set as your home base, including its latitude/longitude and Google Place ID.
• Travel preferences (vibes): your self-reported preferences across chill ↔ active, budget ↔ bougie, planned ↔ spontaneous, and an overall "vibe check."
• User-generated content: the lists, places, reviews (text, ratings, photos, tags), comments, and visited cities you create or save.
• Social graph: friend connections, friend requests you send or receive.

2.2 Information collected through device permissions (only when you grant them)

• Photo library: when you attach photos to a list or review.
• Location (while using the app): to show nearby places and personalize recommendations. We do not collect background location.
• Camera: when you take a photo to attach to a list or review.
• Microphone: when you record audio for content you create in the app.

You can grant or revoke any of these permissions in your device settings at any time.

2.3 Information collected automatically

• Authentication tokens: stored securely on your device using the iOS Keychain (expo-secure-store) or Android Keystore. These let you stay signed in without re-entering credentials.
• Device-scoped preferences: local app preferences (such as your last-viewed city or recently viewed timestamps) stored in the device's local storage (AsyncStorage).
• Service logs: standard request logs from our backend (timestamp, endpoint, status code) used for security and debugging. These are not used for advertising or tracking.

We do not use third-party analytics, crash-reporting, or advertising SDKs in the app today. If we add any in the future, we will update this Policy and notify users in advance.

3. How we use your information

We use your information to:

• Provide and operate the Service (sign you in, save your lists, sync your data across devices)
• Personalize recommendations (your vibes, visited cities, and saved places help suggest relevant places and people)
• Enable social features (friend requests, sharing lists, collaboration)
• Communicate with you (transactional emails about your account, security notices, replies to support requests)
• Maintain security (detecting abuse, fraud, and unauthorized access)
• Comply with legal obligations

4. How we share your information

We share information only as described below.

4.1 With other Trippple users

Content you choose to share — lists you make public, places you add to shared lists, your profile, your friend connections — is visible to other users according to your sharing settings. Private lists remain private.

4.2 With service providers (named)

We use the following providers, each of which receives only the data needed to perform their service:

• Google Sign-In (Google LLC) — for federated authentication, when you choose to sign in with Google.
• Google Places (Google LLC) — for place metadata (names, photos, hours) when you add or view a place.
• Mapbox (Mapbox, Inc.) — for map rendering.
• Render (Render Services, Inc.) — for application hosting and our backend API.

Each provider is bound by its own privacy and security obligations.

4.3 For legal reasons

We may disclose information when we believe in good faith that disclosure is required by law (subpoena, court order), to protect the rights, property, or safety of Trippple, our users, or the public, or to enforce our Terms of Service.

4.4 In a business transfer

If Trippple is acquired, merged, or sells substantially all its assets, your information may be transferred to the acquiring entity, subject to the protections of this Policy.

4.5 What we do not do

• We do not sell your personal information.
• We do not share your personal information for cross-context behavioral advertising.
• We do not use advertising networks or analytics SDKs in the app.

5. Data retention

We keep your personal information for as long as your account is active. If you delete your account, we delete or de-identify your personal information within 30 days, except where we are legally required to retain it (for example, financial records, fraud investigations, or compliance with law-enforcement requests).

You can request account deletion at any time by emailing hello@trippple.travel from your registered email address, or by using the in-app delete-account option (when available).

6. Security

We use industry-standard safeguards to protect your information:

• All traffic between the app and our servers is encrypted in transit using TLS.
• Authentication tokens are stored in the iOS Keychain or Android Keystore — never in plain-text storage.
• Access to user data within Trippple is limited to personnel who need it to operate the Service.

No system is perfectly secure. If a breach affects your information, we will notify you and the appropriate regulators in accordance with applicable law.

7. Children's privacy

Trippple is not directed to children under 13, and we do not knowingly collect personal information from anyone under 13. If we learn that a user is under 13, we will delete their account and any associated data.

If you believe a child under 13 has registered for Trippple, please contact us at hello@trippple.travel.

8. Your rights — region-specific

8.1 California residents (CCPA / CPRA)

If you are a California resident, you have the right to:

• Know what categories of personal information we have collected about you, the sources, the purposes for collection, and the categories of third parties with whom we share it.
• Access the specific pieces of personal information we have collected about you.
• Correct inaccurate personal information.
• Delete your personal information, subject to certain exceptions.
• Limit the use of sensitive personal information (we do not use sensitive personal information for any purpose other than providing the Service).
• Opt out of "selling" or "sharing" — we do not sell your personal information, and we do not share it for cross-context behavioral advertising.
• Non-discrimination — we will not discriminate against you for exercising any of these rights.

Categories of personal information collected (CCPA categories): identifiers (name, email, account ID), customer records (account profile), commercial information (none — Trippple is free), internet/electronic activity (in-app usage tied to your account), geolocation (when granted), audio/visual (photos, when granted), and inferences (recommendations based on your stated vibes and saved places).

To exercise any right, email hello@trippple.travel from your registered email address. We will verify your identity and respond within 45 days. You may designate an authorized agent to make a request on your behalf.

8.2 EU and UK residents (GDPR / UK-GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights:

• Access to a copy of your personal data
• Rectification of inaccurate data
• Erasure ("right to be forgotten") subject to legal exceptions
• Restriction of processing
• Portability of data you provided to us, in a machine-readable format
• Objection to processing based on legitimate interests
• Withdraw consent for any processing based on consent (without affecting prior lawful processing)
• Lodge a complaint with your supervisory authority

Lawful bases: we process personal data on the bases of (a) performance of a contract with you (running the Service), (b) legitimate interests (security, abuse prevention, product improvement using aggregated/de-identified data), (c) consent (for device permissions like camera, photos, microphone, location), and (d) legal obligation where applicable.

International transfers: our backend is hosted in the United States. When we transfer personal data from the EEA, UK, or Switzerland to the US, we rely on the European Commission's Standard Contractual Clauses (SCCs), incorporated by reference into our agreements with service providers, plus supplementary safeguards as appropriate.

EU representative: [INSERT EU REPRESENTATIVE — only required if we engage in regular EEA monitoring; not required at launch]

To exercise any right, email hello@trippple.travel.

8.3 Canada (PIPEDA)

If you are in Canada, you have the right to access and correct your personal information and to withdraw consent for collection, use, or disclosure (subject to legal or contractual restrictions). To make a request, email hello@trippple.travel.

If we cannot resolve a complaint to your satisfaction, you can complain to the Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca/.

9. Cookies and tracking

The Trippple mobile app does not use cookies or web tracking technologies. The Trippple website uses only essential cookies for site functionality. See our Cookie & Tracking Notice for full details.

10. Changes to this Policy

If we make material changes, we will notify you in advance by email (to the address on your account) and by an in-app notice, and we will update the "Last updated" date above. Continued use of the Service after a material change means you accept the updated Policy.

11. Contact us

For any privacy question or to exercise any right under this Policy:

Email: hello@trippple.travel
Mail: Trippple Travel, Inc. — 1521 Concord Pike Ste. 201, Wilmington, DE 19803