Privacy Policy

We may collect the following types of information:

Account Information

When you create an account, we may collect:

• Name
• Email address
• Phone number
• Profile photo
• Authentication details
• Payment app handles you provide (e.g. Venmo, Cash App, and your GreenLight link). We use these only to generate deep links into the corresponding payment app. We never process or move money; settlement happens entirely inside the third-party payment app.

Travel Companions (Dependents)

To help coordinate trips, you may add “travel companions” (also called dependents) such as children or elderly family members who do not have their own account. For each companion you choose to add, we collect the information you enter:

• Display name
• Birth date (optional — used to tailor activity suggestions by age)
• Profile photo (optional)

This information is provided and managed entirely by you as the account holder, is visible only to members of the trips you add the companion to, and is deleted when you remove the companion or delete your account. See Children's Privacy below for how we treat information about minors.

Location Information

When you turn on location sharing inside a trip, we collect your device's precise GPS coordinates (latitude, longitude, and accuracy) and share them with other members of that trip. Sharing is off by default; you can disable it at any time from the Map tab. We retain only your most recent ping per trip and overwrite it on each update.

Authentication Information

To help secure your account, we use One-Time Password (OTP) verification delivered as an emailed numeric code or SMS text message. When you choose phone sign-in, we collect your mobile phone number solely for the purpose of sending authentication codes.

SMS Messaging

Program description. Tripinate uses SMS text messages exclusively to deliver one-time authentication codes (OTP) when you sign in or verify your phone number. We do not send marketing, promotional, or advertising text messages.

Consent. By providing your mobile phone number during sign-in or account creation, you consent to receive transactional SMS messages from Tripinate containing authentication codes required to access your account.

Message frequency. Message frequency varies. You will receive at most one SMS per sign-in or verification attempt you initiate. No recurring marketing messages are sent.

Message and data rates. Standard message and data rates from your wireless carrier may apply to each SMS you receive.

How to opt out. To stop receiving SMS messages from us, reply STOP to any message we send. After opting out, you will no longer be able to use phone-based sign-in; you may continue to sign in with an emailed one-time code.

Help. Reply HELP to any message for assistance, or contact us at info@stigtechllc.com.

Consent is not a condition of purchase. Your consent to receive SMS messages is not required to use any feature of the Service. You may sign in using an emailed one-time code at any time without providing a phone number.

No third-party sharing for marketing. Mobile information and SMS consent are not shared with third parties or affiliates for marketing purposes. We do not sell, rent, or disclose your mobile phone number or SMS consent status to any third party for their own marketing or promotional use. Your phone number is shared only with Twilio (our SMS delivery provider) solely to transmit authentication codes on our behalf.

User Content

You may upload or share:

• Photos and images
• Trip details
• Reservations
• Itineraries
• Tasks
• Chat messages and announcements (in-app group and one-on-one messaging)
• Comments
• Expense tracking information
• Transportation information

In-app messages and announcements are stored so trip members can see the conversation history, and are visible to the members of the trip or conversation they belong to. They are removed when the trip is deleted.

Email Import

As a convenience, you may forward confirmation emails (for example, reservations or wishlist links) to a dedicated import address. When you do, we receive and process the contents of the email you send — including its text, and any attachments — to extract trip details on your behalf. Inbound email is processed by SendGrid and analyzed by Anthropic's API (see the AI Features and Third-Party Services sections). If you never forward an email, none of this data is collected.

Photos and Media Storage

We store photos in different ways depending on their purpose:

• Wishlist photos— Photos you upload to a trip's wishlist are stored in a private, access-controlled bucket. They are accessible only to members of that specific trip, via temporary secure links that expire automatically.
• Profile and trip photos— Your profile photo, dependent photos, and trip background (hero) images are stored in a publicly accessible location. Anyone with the direct file URL can view these images, so avoid uploading sensitive or private content to these fields.
• Trip memories photos (if enabled)— If you choose to store trip memories or photos directly within the app rather than linking an external album, those photos are stored in a private, access-controlled bucket and are visible only to members of the specific trip they belong to. When you choose to use an AI feature (such as Trip Recap), a limited number of your photos may be temporarily transmitted to Anthropic's API for analysis as described in the Artificial Intelligence Features section below.

Artificial Intelligence Features

Tripinate offers optional AI-powered features including Trip Recap, social media caption suggestions, and natural language photo search. These features are entirely opt-in and activated only when you tap the corresponding button.

When you use an AI feature, the following data may be transmitted to Anthropic's API to generate a response:

• Trip details (name, destination, dates)
• Reservation names and locations
• Journal notes you have written on your photos
• Up to 8 of your trip memory photos (sent as image data for visual analysis — for example, to identify scenes, food, or locations visible in the photos)

How Anthropic handles this data.Anthropic does not use data submitted through the API to train its models. Data transmitted to the API is processed transiently to generate the AI response and is not retained by Anthropic beyond the completion of the request, in accordance with Anthropic's API usage policies.

You are in control. AI features are never triggered automatically. No photos or notes are sent to any AI provider unless you explicitly initiate a feature. You may use the app fully — including uploading photos and writing notes — without ever activating any AI feature.

Device & Usage Information

We may automatically collect:

• Device type
• Operating system
• IP address
• App usage data
• Log information

Notifications

If enabled, we may send:

• Trip reminders
• Announcements
• Reservation updates
• Transportation updates
• Security notifications

You can disable notifications at any time from your device's notification settings. Transactional messages required to operate the Service (such as sign-in codes and security alerts) may continue to be sent.

Cookies and Sessions

We use essential, HTTP-only session cookies to keep you signed in and to remember your authentication state. We do not use advertising cookies, cross-site trackers, or third-party analytics cookies.

We use your information to:

• Provide and improve the Service
• Authenticate users
• Manage trips and group collaboration
• Send notifications and reminders
• Store and display shared content
• Maintain security and prevent fraud
• Respond to support requests
• Generate AI-powered content (trip recaps, captions, search results) when you explicitly activate those features — using only the data described in the Artificial Intelligence Features section

We do not sell your personal information.

We may share information:

• With other trip participants based on your activity and permissions
• With third-party service providers that support the app (such as hosting, authentication, analytics, storage, and notifications)
• If required by law or legal process
• To protect the security and integrity of the Service

The Service relies on the following third-party providers, each of which may process limited data strictly to operate the Service on our behalf:

• Supabase— database, authentication, and file storage.
• Twilio— SMS delivery for one-time authentication codes. Twilio receives your phone number solely to transmit the code and is bound by its own privacy policy and data processing agreement. Twilio does not use your number for any other purpose.
• Resend— delivery of transactional sign-in emails (one-time codes), sent on our behalf via our authentication provider. Resend receives your email address solely to transmit these messages.
• SendGrid— inbound email parsing for the optional Email Import feature. SendGrid receives only the emails you choose to forward to an import address.
• Google Maps Platform— place search and autocomplete, place photos, and map directions. When you search for a place or open directions, your query or the selected location is sent to Google to return results.
• OpenStreetMap (Nominatim)— converting shared GPS coordinates into a readable address (reverse geocoding) for the live location map.
• Vercel— web hosting and content delivery.
• Google Photos— optional integration when you choose to link an external shared album to a trip. When this option is used, we store only the album link, not your photos. If you instead choose to store trip memories directly within the app, those photos are stored by Supabase on our behalf and are not shared with Google.
• Anthropic— AI language and vision model provider, used to power optional features including Trip Recap, caption suggestions, and memory search. When you activate one of these features, relevant trip data (details, notes, reservations, and up to 8 photos) is transmitted to Anthropic's API solely to generate the requested output. Anthropic does not use API data to train its models and does not retain your data beyond the completion of the API request. These features are user-initiated; no data is sent to Anthropic automatically or in the background.

We do not share data with advertising networks or data brokers.

We take reasonable measures to protect your information from unauthorized access, disclosure, or misuse, including:

• Encryption in transit. All data exchanged between your device and the Service is encrypted using industry-standard TLS (HTTPS).
• Encryption at rest. Our database and uploaded files (such as photos and documents) are stored on infrastructure that encrypts data at rest.
• Encrypted chat messages. The contents of in-app chat messages are additionally encrypted at the application level (AES-256) and are not stored in readable form in our database.
• Access controls. Trip information is protected by row-level security and is accessible only to members of that specific trip.

However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.

You retain ownership of the content you upload to the Service.

By uploading content, you grant us a limited license to store, process, display, and share the content as necessary to provide the Service functionality.

You are responsible for:

• Maintaining the confidentiality of your account
• Protecting your login credentials
• Activities occurring under your account

The Service is intended for family and group trip coordination and may allow parents or legal guardians to create or manage trip participation profiles for children under the age of 13.

We do not knowingly allow children under 13 to independently create accounts without parental involvement.

Any information related to a child under 13 must be provided and managed by a parent or legal guardian through their own account. Parents and guardians are responsible for:

• Managing child participation in trips
• Controlling shared content involving children
• Monitoring account activity associated with their family

If you believe a child has provided personal information directly without parental consent, please contact us so we can review and remove the information if necessary.

We take reasonable measures to help protect children's information and limit collection to what is necessary for the functionality of the Service.

We may retain information as long as necessary to:

• Provide the Service
• Maintain trip history
• Comply with legal obligations
• Resolve disputes
• Enforce agreements

Deleting your account. You can delete your account yourself at any time from Profile → Delete my account. Deletion has a 30-day grace period: your account is immediately deactivated and you are signed out, but your data is retained for 30 days so you can change your mind. To restore your account during that window, simply sign back in. After 30 days, your profile, personal data, dependents' information, and your personal uploads (such as avatars and forwarded import emails) are permanently removed, except where retention is required by law or to resolve a pending dispute. You may also email us at the address in section 11 for assistance.

Trip data created jointly with other family members (such as shared wishlist or memory photos and messages) may remain visible to those members in de-identified form, with your name replaced by a placeholder.

Your Privacy Rights

Depending on where you live (for example, the EU/UK under GDPR or California under the CCPA/CPRA), you may have the right to access, correct, export, or delete the personal information we hold about you, and to object to or restrict certain processing. You can access and correct most information directly in the app, delete your account as described above, or contact us at the address in section 11 to exercise these rights. We do not sell your personal information, and we will not discriminate against you for exercising your rights.

Electronic communications. By providing your email address or phone number, you consent to receive transactional messages required to operate the Service — including sign-in codes, security alerts, and reservation reminders — at those addresses. For SMS messages, standard message and data rates from your wireless carrier may apply. To opt out of SMS at any time, reply STOP to any message we send; reply HELP for assistance.

We may update this Privacy Policy periodically. Continued use of the Service after updates constitutes acceptance of the revised policy.

If you have questions about this Privacy Policy, contact us at:

info@stigtechllc.com