Privacy Policy
Short version: We use your trip data only to generate and save your itinerary. We don't sell your data. You can delete everything at any time by emailing hello@tripva.app.
1. Who We Are
Tripva is operated by Futurizta Tech Sdn Bhd ("we", "us", "our"), a company registered in Malaysia. We provide an AI-powered travel planning service at tripva.app.
Contact: hello@tripva.app
2. What Data We Collect
Data you provide
- Trip details — destination, dates, budget, travel style, and interests you enter when creating a trip plan
- Email address — if you create an account or sign in via magic link or OAuth (Google/Apple)
- Payment information — processed directly by Stripe. We never see or store your card number
Data collected automatically
- Usage analytics — pages visited, features used, via Plausible Analytics (privacy-first, no cookies, no cross-site tracking)
- Trip plans — saved to GitHub Gists under our account to generate shareable links
- Push notification tokens — only if you opt in to daily travel reminders
Data we do NOT collect
- No advertising identifiers or third-party tracking pixels
- No location data beyond what you voluntarily enter as your destination
- No biometric or sensitive personal data
3. How We Use Your Data
- To generate your AI trip itinerary using OpenAI's API
- To save and retrieve your trip plan via a shareable link
- To send daily travel reminders (only if you subscribe to push notifications)
- To process payments and manage your Pro subscription via Stripe
- To improve the service using aggregated, anonymised usage statistics
We do not use your data for advertising, profiling, or sale to third parties.
4. Third-Party Services
We share minimal data with the following services to operate Tripva:
- OpenAI — your trip details are sent to OpenAI's API to generate the itinerary. Subject to OpenAI's Privacy Policy
- Supabase — stores your account information (email, session tokens) in an EU-based database. Subject to Supabase's Privacy Policy
- Stripe — processes payments. We never store payment card data. Subject to Stripe's Privacy Policy
- GitHub — trip plans are stored as GitHub Gists to generate shareable links. Subject to GitHub's Privacy Policy
- Plausible Analytics — cookieless, GDPR-compliant analytics. No personal data is collected. Subject to Plausible's Privacy Policy
- Booking.com / Affiliate Partners — if you click a hotel or activity booking link, we may receive a referral commission. We share only the destination and trip context, not your personal details
5. Data Retention
- Trip plans in GitHub Gists are retained indefinitely to keep shareable links working
- Account data is retained until you request deletion
- Analytics data is aggregated and retained for 12 months
- Push notification tokens are deleted if you unsubscribe or your token expires
6. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your account and associated data
- Object to processing or request restriction
- Data portability (export your trip plans)
To exercise any of these rights, email hello@tripva.app. We will respond within 30 days.
7. Cookies
Tripva does not use advertising or tracking cookies. We use localStorage in your browser to save your current trip plan and preferences locally on your device. This data never leaves your device unless you explicitly share or save your trip.
8. Children's Privacy
Tripva is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately at hello@tripva.app.
9. International Transfers
Tripva is operated from Malaysia. By using the service, you acknowledge that your data may be processed in countries where our service providers operate (including the United States and EU). We rely on the privacy policies of those providers to ensure adequate protection.
10. Security
We use HTTPS for all data in transit. We do not store passwords. Authentication is handled via magic links (email one-time codes) or OAuth providers (Google/Apple). Stripe handles all payment data in a PCI-DSS compliant environment.
11. Changes to This Policy
We may update this policy from time to time. We will update the "Last updated" date at the top and, for material changes, notify users by email or an in-app notice. Continued use of Tripva after changes constitutes acceptance of the updated policy.
12. Contact
Questions about this policy or your data:
- Email: hello@tripva.app
- Website: tripva.app