Privacy Policy

Effective date: January 15, 2026

Last updated: January 21, 2026

GDPR Compliant
CCPA Compliant

1. Introduction

OurTrips ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our trip planning service.

Please read this privacy policy carefully. By using OurTrips, you consent to the data practices described in this policy. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

We collect information that you provide directly to us, as well as information collected automatically when you use our Service. Below is a comprehensive breakdown of the data we collect.

Account Information

Data you provide when creating and managing your account.

  • Email address – Used for authentication, notifications, and account recovery
  • Password – Stored in hashed format, never in plain text
  • Display name – Shown to trip collaborators
  • Profile photo – Optional, displayed on your profile and in trips
  • Account preferences – Notification settings, theme preferences, language

Trip Data

Content you create while planning and managing trips.

  • Trip details – Names, descriptions, destinations, dates, and cover images
  • Itinerary items – Activities, accommodations, transportation, and scheduled events
  • Location data – Places, addresses, and coordinates for itinerary items
  • Expense records – Amounts, categories, payers, and split information
  • Packing lists – Items, categories, and assignment to members
  • Tasks and polls – Task descriptions, assignments, poll options, and votes
  • Journal entries – Text content, timestamps, and associated media
  • Comments and notes – Discussion content within trips

User-Uploaded Content

Files and media you upload to the platform.

  • Photos – Trip photos with optional EXIF metadata (location, date taken)
  • Documents – Travel documents, confirmations, and PDFs you upload
  • File metadata – File names, sizes, types, and upload timestamps

Usage and Analytics Data

Information collected automatically as you use our Service.

  • Device information – Device type, operating system, browser type, screen resolution
  • Usage patterns – Pages visited, features used, clicks, time spent, navigation paths
  • Performance data – Page load times, errors, and crash reports
  • Log data – IP address, access times, referring URLs, and session identifiers
  • Approximate location – Country/region based on IP address (not precise GPS)

Communication Data

Information from your interactions with us.

  • Support requests – Messages, tickets, and feedback you send us
  • Email communications – Responses to our emails and notification preferences
  • Survey responses – Feedback and preferences you share in optional surveys

3. How We Collect Your Data

We collect data through multiple methods to provide and improve our Service. Understanding these methods helps you make informed decisions about your privacy.

Forms and Direct Input

Information you actively provide through:

  • Registration and login forms
  • Profile settings and preferences pages
  • Trip creation and editing forms
  • Expense entry and tracking forms
  • File upload interfaces (photos, documents)
  • Contact and support forms

Cookies and Local Storage

Small files stored on your device that remember preferences and enable functionality:

  • Session cookies for authentication state
  • Preference cookies for theme and language settings
  • Local storage for offline functionality
  • See our detailed Cookie Policy below

Analytics and Performance Monitoring

Automated collection to understand usage and improve performance:

  • Vercel Analytics for page views and user flows
  • Error tracking for identifying and fixing bugs
  • Performance metrics (page load times, responsiveness)
  • Feature usage statistics (aggregated, anonymized when possible)

Third-Party Integrations

Data received from integrated services you connect:

  • Google authentication (if using Google sign-in)
  • Google Maps/Places API for location searches
  • Payment processors for subscription management

Server Logs

Technical logs automatically generated by our servers:

  • IP addresses and access timestamps
  • HTTP request details (method, path, status codes)
  • User agent strings (browser/device identification)
  • Error messages and stack traces (for debugging)

5. How We Use Your Information

We use the information we collect for various purposes, including:

  • Providing, maintaining, and improving our Service.
  • Processing transactions and sending related information.
  • Sending you technical notices, updates, security alerts, and support messages.
  • Responding to your comments, questions, and customer service requests.
  • Monitoring and analyzing trends, usage, and activities in connection with our Service.
  • Detecting, investigating, and preventing fraudulent transactions and other illegal activities.
  • Personalizing and improving your experience on our Service.

6. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

  • With Your Consent: When you explicitly agree to sharing with specific parties.
  • Trip Collaborators: Information you share within trips is visible to other trip members.
  • Service Providers: With vendors who perform services on our behalf (hosting, analytics, support).
  • Legal Requirements: When required by law or to protect our rights and safety.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets.

7. Third-Party Services

We use trusted third-party services to help operate and improve OurTrips. These services may process your data as described below. Each service operates under their own privacy policies and data processing agreements.

Supabase

Database & Authentication Provider

  • Data shared: Account info, trip data, user content, file storage
  • Purpose: Primary database hosting, authentication, file storage
  • Location: US (with EU data residency available)
View Supabase Privacy Policy

Google Maps Platform

Maps & Location Services

  • Data shared: Location searches, place selections, map interactions
  • Purpose: Location search, map display, place details
  • Location: Global (US-based company)
View Google Privacy Policy

Vercel

Hosting & Analytics

  • Data shared: IP addresses, page views, performance metrics
  • Purpose: Website hosting, CDN delivery, basic analytics
  • Location: Global edge network
View Vercel Privacy Policy

Stripe

Payment Processing

  • Data shared: Payment information, billing details, transaction history
  • Purpose: Subscription payments, billing management
  • Location: Global (PCI-DSS compliant)
View Stripe Privacy Policy

Email Service Provider

Transactional Email Delivery

  • Data shared: Email addresses, email content, delivery metadata
  • Purpose: Sending notifications, invitations, and updates
  • Location: US

Data Processing Agreements

We have Data Processing Agreements (DPAs) in place with all third-party service providers that process personal data on our behalf, ensuring GDPR compliance and appropriate safeguards for your information.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, understand usage patterns, and improve our Service. This section explains what cookies we use and why.

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and understand how you interact with them.

Types of Cookies We Use

Cookie TypePurposeDurationRequired?
EssentialAuthentication, security, session managementSession / 7 daysYes
FunctionalPreferences (theme, language), remembered settings1 yearOptional
AnalyticsUsage statistics, page views, feature usage90 daysOptional

Specific Cookies We Use

sb-*-auth-tokenEssential

Supabase authentication token. Keeps you logged in securely.

themeFunctional

Remembers your preferred color scheme (light/dark/system).

cookie_consentEssential

Stores your cookie preferences to respect your choices.

Local Storage

In addition to cookies, we use browser local storage to enable offline functionality and improve performance. This includes caching trip data for offline access and storing UI state preferences.

Managing Your Cookie Preferences

You can control cookies through:

  • Our cookie banner: Manage preferences when first visiting
  • Browser settings: Block or delete cookies in your browser
  • Profile settings: Adjust analytics preferences in your account

Note: Disabling essential cookies may prevent you from using core features like logging in or saving trips.

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

When you delete your account, we will delete your personal data within 30 days, except for data we are required to retain for legal, regulatory, or security purposes.

10. Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit and at rest.
  • Regular security assessments and penetration testing.
  • Access controls and authentication mechanisms.
  • Employee training on data protection practices.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.

11. Your Privacy Rights

We respect your rights over your personal data. Depending on your location, you may have certain rights regarding your personal information. Below is a comprehensive explanation of each right and how to exercise them.

Right to Access Your Personal Data

You have the right to request a copy of all personal information we hold about you. This includes:

  • Your account information (email, display name, profile settings)
  • All trips you've created or participated in
  • Your itinerary items, expenses, packing lists, and journal entries
  • Photos and documents you've uploaded
  • Your activity logs and interaction history
  • Any data collected through cookies and analytics

How to access: Go to Settings → Privacy → Download My Data, or email us at privacy@ourtrips.com with the subject line "Data Access Request."

Right to Rectification and Deletion (Right to Be Forgotten)

You have the right to correct inaccurate data and request complete deletion of your personal information.

Rectification (Correction)

If any of your personal data is inaccurate or incomplete, you can:

  • Update your profile information directly in Settings → Profile
  • Edit trip data, itineraries, and other content within the app
  • Contact us to correct data you cannot modify yourself

Deletion (Right to Be Forgotten)

You can request complete deletion of your personal data. Upon deletion:

  • Your account and profile will be permanently removed
  • Trips you own will be deleted (collaborators will be notified)
  • Your contributions to shared trips will be anonymized
  • All uploaded photos and documents will be permanently erased
  • Analytics and usage data linked to you will be deleted

Note: Some data may be retained for legal compliance (e.g., financial records for tax purposes) for up to 7 years. This will be explained in our response to your request.

How to delete: Go to Settings → Account → Delete Account, or email privacy@ourtrips.com with the subject line "Deletion Request." Requests are processed within 30 days.

Right to Data Portability and Export

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can transfer this data to another service provider.

Export Formats Available

  • JSON: Complete structured export of all your data
  • CSV: Spreadsheet-compatible format for trips, expenses, and lists
  • PDF: Human-readable summary of your account and trip data
  • Original files: ZIP archive of all uploaded photos and documents

What's Included in Your Export

  • Account profile and preferences
  • Complete trip data with all details
  • Itineraries, activities, and accommodations
  • Expense records and settlements
  • Packing lists and task assignments
  • Journal entries and comments
  • All uploaded media and documents

How to export: Go to Settings → Privacy → Export My Data. Select your preferred format and we'll email you a download link within 24-48 hours. For large accounts, this may take up to 7 days.

Opt-Out Mechanisms for Marketing and Analytics

You have the right to opt out of marketing communications and analytics tracking at any time.

Marketing Communications

  • Email marketing: Unsubscribe via the link in any marketing email, or go to Settings → Notifications → Marketing Emails
  • Push notifications: Manage in Settings → Notifications, or through your device settings
  • Product announcements: Toggle off in Settings → Notifications → Product Updates
  • Partner offers: We never share your email with third parties for marketing without explicit consent

Note: You will still receive essential transactional emails (account security, trip invitations, password resets) even after opting out of marketing communications.

Analytics and Tracking

  • Cookie preferences: Click the "Cookie Settings" link in the footer to manage cookie categories
  • Analytics opt-out: Go to Settings → Privacy → Analytics and toggle off "Help improve OurTrips"
  • Do Not Track: We honor browser Do Not Track (DNT) signals
  • Global Privacy Control: We respect GPC signals as opt-out requests for data sharing

Third-Party Opt-Outs

How to Submit a Privacy Request

We've made it easy to exercise your privacy rights. Here's how to submit a request and what to expect.

Submission Methods

  • 1Self-service (fastest): Use the Settings → Privacy section in your account to access, export, or delete your data
  • 2Email: Send your request to privacy@ourtrips.com with your account email and request type
  • 3Web form: Complete the Privacy Request Form
  • 4Phone: Call 1-800-OURTRIP (toll-free in the US)

What to Include in Your Request

  • Your full name and email address associated with your OurTrips account
  • Type of request (access, rectification, deletion, portability, or opt-out)
  • Specific details about what data or actions you're requesting
  • Preferred response method (email or phone)

Verification Process

To protect your privacy, we verify your identity before processing requests:

  • For logged-in requests: Verified through your authenticated session
  • For email/phone requests: We'll send a verification code to your registered email
  • For sensitive requests: We may ask for additional verification (e.g., last 4 digits of payment method)

Response Timeline

  • Acknowledgment: Within 3 business days of receiving your request
  • Access requests: Fulfilled within 30 days (45 days for complex requests)
  • Deletion requests: Completed within 30 days
  • Export requests: Delivered within 7 days for standard accounts
  • Opt-out requests: Processed within 10 business days

If we need additional time, we'll notify you of the reason and extended timeline.

Authorized Agents

You may designate an authorized agent to submit privacy requests on your behalf. The agent must provide:

  • Written authorization signed by you
  • Proof of their identity
  • Your account information for verification

Additional Rights

  • Right to Object: You can object to processing of your personal data when we rely on legitimate interests as our legal basis
  • Right to Restrict Processing: You can request that we limit how we use your data while we address a concern or verify accuracy
  • Right to Withdraw Consent: Where we process data based on your consent, you can withdraw it at any time without affecting prior processing
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights
  • Right to Appeal: If we deny your request, you can appeal the decision by contacting privacy@ourtrips.com with the subject "Appeal"

We are committed to handling your privacy requests promptly and transparently. If you have any questions about your rights or how to exercise them, please contact us at privacy@ourtrips.com.

12. GDPR Rights (EEA Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on consent, contract performance, legal obligations, or legitimate interests.
  • Withdrawal of Consent: You may withdraw consent at any time where we rely on consent to process your data.
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.
  • Data Protection Officer: You may contact our DPO at dpo@ourtrips.com.

13. CCPA Rights (California Residents)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
  • Right to Delete: Request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out: We do not sell personal information, so no opt-out is necessary.
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a CCPA request, contact us at privacy@ourtrips.com or call us at 1-800-OURTRIP.

14. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

If we discover that we have collected personal information from a child under 13, we will delete that information as quickly as possible.

15. International Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from your country.

We take appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy, including the use of Standard Contractual Clauses approved by the European Commission for transfers of personal information to countries outside the EEA.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

For significant changes, we will provide additional notice, such as an email notification or a prominent notice within our Service. We encourage you to review this Privacy Policy periodically.

17. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

  • Privacy Inquiries: privacy@ourtrips.com
  • Data Protection Officer: dpo@ourtrips.com
  • Mailing Address: OurTrips, Inc., Privacy Department, 123 Travel Lane, San Francisco, CA 94102
  • Phone: 1-800-OURTRIP
← Back to home