TripcoTripco

Privacy Policy

Last updated: March 16, 2026

1. Introduction

Tripco ("we", "our", "us") is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data-protection laws. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have.

2. Data We Collect

  • Account data – name, email address, and hashed password when you register.
  • Trip data – trips, itineraries, expenses, food logs, tickets, and memories you create.
  • Media – photos and files you upload to your trips.
  • Usage data – basic technical information such as browser type and access timestamps needed for security and performance.

3. Legal Basis for Processing

We process your data on the following legal bases:

  • Contract performance – to provide the Tripco service you signed up for.
  • Legitimate interest – to secure the platform and improve functionality.
  • Consent – for optional cookies and analytics (you can withdraw at any time).

4. How We Use Your Data

  • To create and manage your account and trips.
  • To sync your data across devices.
  • To generate expense summaries and CSV exports.
  • To send essential service notifications (e.g., password changes).

5. Data Storage & Security

Your data is stored in Azure Cosmos DB and Azure Blob Storage with encryption at rest and in transit. Passwords are hashed using bcrypt and are never stored in plain text. Access tokens are short-lived JWTs.

6. Cookies

Tripco uses only essential cookies required for authentication and session management. No third-party advertising or tracking cookies are used. You may accept or decline cookies via the banner shown on your first visit.

7. Your Rights (GDPR)

Under GDPR you have the right to:

  • Access – request a copy of all personal data we hold about you (available via the "Export My Data" button on your Profile page).
  • Rectification – update inaccurate data through your profile settings.
  • Erasure ("Right to be Forgotten") – permanently delete your account and all associated data via the Profile page.
  • Data portability – export your data in a machine-readable JSON format.
  • Restriction / Objection – contact us to restrict or object to certain processing.
  • Withdraw consent – you may withdraw cookies consent at any time by clearing your browser storage.

8. Data Retention

We retain your data for as long as your account is active. When you delete your account, all personal data, trips, memories, and uploaded media are permanently removed within 30 days.

9. Third-Party Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data may be shared with cloud infrastructure providers (Microsoft Azure) solely for hosting and storage as a data processor under GDPR.

10. Contact

For any privacy-related questions or to exercise your rights, please contact us at privacy@tripco.app.