How we handle your data

We collect information you provide directly: name, phone number, email address, profile photo, and trip details you create or import. When you connect Gmail, we access your email messages solely to identify travel confirmation emails (flights, hotels, car rentals, and similar bookings). We do not read, store, or process any other email content.

If you choose to connect your Gmail account, Trippy requests read-only access to your messages. We use this access exclusively to: • Identify travel booking confirmation emails from airlines, hotels, rental car companies, and similar providers • Extract structured trip details (dates, destinations, confirmation numbers) to populate your Trippy itinerary • Avoid re-processing emails we have already scanned We do not read personal correspondence, marketing emails, or any messages unrelated to travel bookings. Raw email content is never stored on our servers — only the structured trip data extracted from it. You can disconnect Gmail at any time from Settings, which immediately revokes our access.

We do not sell your personal information. We share data only as follows: • With other users: trip details you share within a group trip are visible to members of that trip • With service providers: we use Supabase (database), Postmark (email), and Twilio (SMS) to operate the service • With Anthropic: email text is sent to Anthropic's Claude API solely for parsing travel details. Anthropic's data use is governed by their privacy policy • As required by law: we may disclose information if required to do so by a court order or legal process

We retain your account data for as long as your account is active. Trip data, photos, and messages are kept until you delete them or close your account. Gmail scan metadata (which message IDs we've processed) is retained to prevent duplicate imports. You can delete your account at any time from Settings → Danger Zone, which permanently removes all your data from our systems.

You have the right to access, correct, or delete your personal information at any time. You can: • Edit your profile information in Settings • Disconnect Gmail in Settings to revoke email access • Delete individual trips, posts, or photos • Delete your entire account and all associated data from Settings → Danger Zone For any privacy requests, contact us at privacy@jointrippy.com.

We use industry-standard security measures including encrypted connections (TLS), row-level security on our database, and OAuth 2.0 for third-party integrations. Gmail tokens are stored encrypted and used only server-side — they are never exposed to client applications. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Trippy is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at privacy@jointrippy.com and we will delete it.

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification. Continued use of Trippy after changes constitutes acceptance of the updated policy.

Questions about this policy? Contact us: Email: privacy@jointrippy.com Mailing address: SUPERVILLAINOUS INC, 7841 W. Highland Road, Red Oak, TX 75154