Privacy PolicyTerms →

Legal

Privacy Policy

Effective Date: May 28, 2026  ·  Last Updated: May 28, 2026

TripAlong ("TripAlong," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect, why we collect it, how we use and share it, and what rights you have. It applies to our mobile app, website at tripalong.app, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this Policy. If you do not agree, do not use the Service.

1. Information We Collect

We collect information you provide directly, information generated by your use of the Service, and information from third parties.

1.1 Account and Registration Information

  • Full name
  • Email address
  • Password (stored as an encrypted hash — we never store your plaintext password)
  • Age
  • Profile photo
  • Sign-in method (email/password or Google OAuth)

1.2 Profile Information You Choose to Share

You control what you add to your public profile. This may include:

  • Bio / about text
  • City and country of residence
  • Additional photos (photo grid)
  • Travel DNA preferences: travel style, daily pace, social energy, planning style, experience level, travel-with preference
  • Languages spoken, interests, countries visited, and bucket-list destinations

Profile information (excluding private account details) is visible to other logged-in users of the Service as part of the core functionality of TripAlong.

1.3 Trip and Activity Data

  • Trips you create, including destination, dates, description, and cover image
  • Trips you join or are invited to
  • Trip membership information (who is in each trip group)
  • Trip status and activity

1.4 Communications and Messages

We collect messages you send in group trip chats and direct messages ("DMs") on the platform. Message content is stored on our servers to deliver it to recipients, to power features like message history, and to enable us to enforce our safety policies.

Please do not share highly sensitive personal information (financial details, government ID numbers, passwords) in messages.

1.5 Usage and Technical Data

When you use the Service, we automatically collect:

  • Log data: IP address, device type, operating system, browser type, pages visited, features used, timestamps, error reports
  • Device identifiers (e.g., device ID, advertising ID where applicable)
  • App performance and crash report data
  • Referring URLs and session duration

1.6 Information from Third-Party Sign-In (Google OAuth)

If you sign in with Google, we receive from Google the information you authorize Google to share, which typically includes your name, email address, and profile photo. We use this solely to create and authenticate your account. We do not receive your Google password.

2. How We Use Your Information

We use the information we collect to:

3. How We Share Your Information

3.1 With Other Users (Core Functionality).

TripAlong is a social platform. Sharing certain information with other users is necessary for the Service to function:

You can control the visibility of your profile by adjusting your privacy settings in the app. However, certain information (your name, profile photo) remains visible to trip members once you join a trip.

3.2 With Service Providers.

We share information with trusted vendors and service providers who help us operate the Service:

  • Supabase — database, authentication, and file storage (supabase.com/privacy)
  • Google — sign-in authentication and analytics
  • Vercel — web hosting and deployment

These service providers are permitted to process your information only as necessary to provide their services to us and are bound by confidentiality obligations.

3.3 For Legal Compliance and Safety.

We may disclose your information when we believe in good faith that disclosure is necessary to:

3.4 Business Transfers.

If TripAlong is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you (via email or in-app notice) before your information becomes subject to a different privacy policy.

3.5 With Your Explicit Consent.

We may share your information with third parties for purposes not described in this Policy when we have your explicit consent to do so.

3.6 What We Do NOT Do.

  • We do not sell your personal information to third parties, data brokers, or advertisers
  • We do not share your information with advertisers for targeted advertising
  • We do not share your private messages except as required by law or as necessary to enforce our Terms

4. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service to you.

If you delete your account, we will delete or anonymize your personal information within 30 days, except where:

Messages you sent in group chats may remain visible to other members after you delete your account, attributed to a deleted user. We may retain aggregate, anonymized data that cannot identify you indefinitely for analytics and research.

5. Security

We implement industry-standard technical, administrative, and physical security measures to protect your information, including:

However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You use the Service at your own risk and are responsible for maintaining the security of your own devices and account credentials.

If you suspect your account has been compromised, contact us immediately at support@tripalong.app.

In the event of a data breach that affects your rights and freedoms, we will notify you and applicable authorities as required by law.

6. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information. To exercise any of these rights, contact us at privacy@tripalong.app with subject line "Privacy Request." We will respond within 30 days.

6.1 Access.

You may request a copy of the personal information we hold about you.

6.2 Correction.

You may update or correct inaccurate personal information by editing your profile directly in the app, or by contacting us.

6.3 Deletion.

You may request deletion of your account and personal data at any time via Settings → Danger Zone → Delete Account, or by emailing privacy@tripalong.app. We will delete your data within 30 days, subject to the exceptions in Section 4.

6.4 Data Portability.

You may request a copy of your personal data in a structured, portable format by contacting us at privacy@tripalong.app.

6.5 Opt-Out of Non-Essential Communications.

You may opt out of push notifications and email updates by adjusting notification settings in the app. Note that we may still send you essential service-related communications (e.g., account security alerts).

6.6 California Residents — CCPA/CPRA Rights.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

To submit a California privacy request, contact privacy@tripalong.app. We may need to verify your identity before processing your request.

6.7 EEA, UK, and Swiss Residents — GDPR Rights.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR) or equivalent legislation:

Legal Bases for Processing. We process your data on the following legal bases: (a) Contract performance — to provide the Service you requested; (b) Legitimate interests — for safety, fraud prevention, and service improvement; (c) Consent — for optional features like push notifications; (d) Legal obligation — where required by law.

You may lodge a complaint with your local supervisory data protection authority. In the EU, you can find your authority at edpb.europa.eu. We would, however, appreciate the chance to address your concerns first — please contact privacy@tripalong.app.

7. Children's Privacy

TripAlong is intended exclusively for users who are 18 years of age or older. We do not knowingly collect personal information from anyone under the age of 18. Our Service is not directed at children.

If we learn that we have collected personal information from a person under 18 without verifiable parental consent, we will delete that information as quickly as possible. If you believe we may have information from or about a person under 18, please contact us at legal@tripalong.app immediately.

8. International Data Transfers

TripAlong is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your home country.

For transfers of personal data from the EEA, UK, or Switzerland to the United States, we rely on appropriate legal mechanisms such as the European Commission's Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure an adequate level of protection.

By using the Service from outside the United States, you acknowledge that your information will be processed in the United States.

9. Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., local storage, session tokens) to keep you logged into the Service, remember your preferences, and understand how users interact with the Service.

  • Essential cookies: Required for the Service to function (authentication, session management). These cannot be disabled.
  • Analytics cookies: Help us understand usage patterns to improve the Service. You may opt out via browser settings.

We do not use third-party advertising cookies or sell data to ad networks. You can control cookie preferences through your browser settings, though disabling essential cookies will prevent the Service from functioning properly.

10. Third-Party Links and Services

The Service may contain links to or integrations with third-party websites and services (e.g., Google Maps, external booking sites). This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you interact with. We are not responsible for the privacy practices of third parties.

11. Do Not Track

Some browsers have a "Do Not Track" ("DNT") feature that signals to websites that you do not want your online activity tracked. Because there is no standard for how companies respond to DNT signals, we do not currently respond to DNT signals. We will reassess this position if an industry standard is adopted.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page. For material changes — changes that significantly affect how we use your information or your rights — we will notify you by posting a prominent notice in the app or sending an email to your registered address at least 30 days before the changes take effect.

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. If you do not agree to the revised Policy, you must stop using the Service and delete your account.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

TripAlong — Privacy Team

Privacy requests: privacy@tripalong.app

Legal inquiries: legal@tripalong.app

General support: support@tripalong.app

We commit to responding to all privacy-related inquiries within 30 days. For urgent security concerns, please use the subject line "URGENT — Privacy" in your email.