Privacy Policy

Last updated: April 17, 2026

This Privacy Policy explains how Tripski ("we", "us", "our") collects, uses, stores, shares, and protects your information when you use the Tripski mobile application, website, and related services (collectively, the "Service"). It also describes your privacy rights and how you can exercise them. By using the Service you agree to this Privacy Policy.

1. Who We Are

Tripski is operated by Skylex, LLC, located in Colorado, United States. Questions about this policy can be sent to privacy@tripski.app.

2. Data We Collect

2.1 Account data

• Email address and a hashed password (or an OAuth identifier if you sign in with Apple or Google).
• Username, avatar image, travel preferences, country of residence, and date of birth (optional).
• Firebase Cloud Messaging device token, used to deliver push notifications.
• Subscription tier and in-app purchase receipts processed by Apple or Google.

2.2 Content you create

• Trips, experiences, itinerary items, expenses, reviews, walking tours, and group membership records.
• Photos, videos, and audio clips (memories) you upload, including any EXIF metadata (timestamp, geolocation) you choose to retain.
• Text you write: captions, notes, trip descriptions, and planner requests.

2.3 Location data

• Foreground location, used when the app is open to show nearby places, drop pins on the map, and detect the experience you are currently visiting.
• Background location, used only if you enable "Always Allow" permission and passive trip tracking. On iOS this uses Apple's CLVisit API (low-power dwell detection); on Android it uses periodic 15-minute checks via Workmanager. Raw GPS samples are clustered locally on your device into dwell "suggestions" that you confirm or dismiss.
• You can disable passive tracking at any time in Settings → Privacy and in your device's system location settings.

2.4 Health data (optional)

If you connect Apple Health or Google Health Connect, Tripski reads daily steps, distance, floors climbed, and active energy during your trip dates to power your activity index. This data is written to our servers so it can be shared with travel companions on the same trip. You can disconnect this integration in system settings at any time.

2.5 Device and usage data

• Device model, OS version, app version, locale, and timezone.
• Crash logs and stack traces (via Firebase Crashlytics and Sentry).
• Aggregate analytics events (via Firebase Analytics) — screen views, trip creation, experience logging, and subscription events. Analytics are disabled in debug builds.
• IP address, which is logged transiently by our hosting providers for security and abuse prevention.

3. How We Use Your Data

• Provide the Service — store your trips, experiences, and memories; sync them across your devices; share them with co-travelers you invite.
• Personalize recommendations — generate daily suggestions, trip plans, and place matches. Your content may be sent to service providers (see §5) solely to fulfill your request.
• Communicate with you — send push notifications, transactional email (verification, password reset, trip invitations), and — only if you opt in — product updates.
• Protect the Service — detect abuse, fraud, and security incidents; enforce our Terms of Service.
• Improve the product — debug crashes, measure feature adoption, and prioritize fixes. We do not sell your personal data.

4. Legal Bases (EEA / UK)

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under GDPR / UK GDPR:

• Contract — to deliver the Service you signed up for.
• Consent — for background location, health data, marketing communications, and analytics where required. You can withdraw consent at any time.
• Legitimate interests — security, fraud prevention, and product improvement, balanced against your rights.
• Legal obligation — to comply with applicable laws and respond to lawful requests.

5. Third Parties We Use

We share data with the following service providers only to the extent needed to operate the Service:

• Supabase — primary database, authentication, storage, and edge functions (US region).
• Firebase (Google) — authentication fallback, push notifications, crash reporting, analytics.
• Sentry — crash and error reporting in production builds.
• Planning and search providers — third-party services used for trip planning, recommendations, and itinerary generation. Requests and retrieved content may be transmitted to these providers to generate responses.
• Google Maps / Google Places and Apple MapKit — map tiles, place search, and geocoding.
• Mapbox, Unsplash, TripAdvisor — place imagery and reference data.
• Apple App Store and Google Play — in-app purchase processing. Tripski never sees your payment card details.
• Twilio SendGrid — transactional email delivery.

Each provider is bound by its own privacy policy and data-processing agreement. Data may be processed in the United States and other countries that may offer less protection than your jurisdiction.

6. Sharing Between Users

Some content is social by design. Your username, avatar, public trips, shared memories, and reviews may be visible to other users. You control the visibility of each trip and memory via the public / followers / private setting attached to it. When you invite a traveler to a trip or a group, they see every experience, expense, and memory on that trip.

7. Data Retention

• Account data is retained while your account is active.
• Trip and memory content is retained until you delete it or your account.
• Background location samples are retained for up to 30 days and then aggregated or deleted.
• Pending suggestions expire after 3 days.
• Crash and analytics data is retained for up to 14 months per Firebase defaults.
• Account deletion removes your profile, trips, experiences, memories, reviews, and uploaded media within 30 days. Backups are purged within 90 days. Some records may be retained longer if required by law (e.g., payment records for tax compliance).

8. Your Rights

Regardless of where you live, you can:

• Access and download a copy of your data via Settings → Profile Settings → Download my data in the Tripski app.
• Correct inaccurate information via in-app edits.
• Delete your account via Settings → Profile Settings → Delete account, or by emailing privacy@tripski.app.
• Object to or restrict specific processing. Contact us to exercise these rights.
• Withdraw consent for optional processing (background tracking, health data, marketing emails) at any time.
• Lodge a complaint with your local data protection authority (EEA/UK) or Attorney General (US states with privacy laws).

California, Colorado, Connecticut, Utah, Virginia, and other US-state residents have additional rights under applicable state privacy laws, including the right to opt out of "sale" or "sharing". Tripski does not sell personal information and does not share personal information for cross-context behavioral advertising.

9. Children

Tripski is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact privacy@tripski.app and we will delete it.

10. Security

We use industry-standard transport encryption (HTTPS/TLS), encrypted storage at rest, row-level security on our database, and hardened service accounts. No system is perfectly secure; we recommend you use a strong, unique password and enable biometric unlock on your device.

11. International Transfers

Our primary infrastructure is hosted in the United States. If you access the Service from outside the US, you consent to the transfer of your data to the US and other jurisdictions where our providers operate. Where required, we rely on Standard Contractual Clauses and equivalent safeguards.

12. Changes to this Policy

We may update this policy to reflect changes in features, law, or business practices. Material changes will be communicated via in-app notice or email before taking effect. The "Last updated" date at the top of this page shows when the most recent version was published.

13. Contact Us

Skylex, LLC — Privacy Office
Email: privacy@tripski.app
General support: contact@tripski.app