Privacy Policy & Terms

Last updated: May 11, 2026

TripIdea ("we", "the app") is an iOS app and the website tripidea.xyz. This page explains what information we collect, what we do with it, who else sees it, and what rights you have. We try to keep it short and in plain English.

The short version

• We don't ask for your name, email, phone number, or payment info to use the app.
• We don't sell your data. Ever.
• Your trips are stored locally on your device. We don't have a copy.
• When you ask for suggestions, the text you typed (destination, interests, pace) is sent to our servers and to two AI/data providers (Anthropic and Google) so we can return relevant places.
• Optional location access is only used while you're using the "near me" feature and is never sent to our servers.

What we collect

On the website (tripidea.xyz)

Standard web analytics via Google Analytics (page views, browser, country-level location, referring site). No personally identifying information.

In the app

• Trip content you create — destination, pace, interests, saved places. Stored on your device. We don't sync this to our servers.
• Suggestion requests — when you ask for new place suggestions, the destination, interests, pace, and the list of places you've already saved or dismissed are sent to our backend so it can generate relevant suggestions. We log these requests for up to 14 days for debugging and abuse prevention, then they're deleted.
• Usage analytics via Firebase Analytics (app opens, feature taps, crashes). No personal identifiers — Firebase uses a randomized device identifier.
• Approximate device location, only if you grant the permission and only while you're actively using a feature that needs it (such as showing what's open near you). Location stays on your device and is never sent to our servers.

We do not collect: your name, email address, phone number, postal address, contacts, photos, calendar, or microphone.

Who else sees this data

To generate place suggestions, your trip request is sent to:

• Anthropic, PBC — provides the AI that decides which places to suggest. The text of your prompt is processed under Anthropic's privacy policy. We do not send any personal information to Anthropic.
• Google LLC (Places API) — provides the real-world place data (names, photos, ratings, hours). Search queries derived from your destination and interests are sent to Google. See Google's privacy policy.
• Amazon Web Services — hosts our backend in the United States (us-east-1). Request logs are stored in AWS CloudWatch.
• Google Firebase — analytics events (app opens, feature usage).

Photos shown in the app are loaded directly from Google's servers via our backend's photo redirect. Google may log those photo loads under its own privacy policy.

Affiliate links

Some place suggestions may include links to third-party booking partners (such as hotel, tour, or restaurant booking services). When you tap one of those links, you leave our app and any booking you make is governed by the partner's own terms and privacy policy. We may receive a referral commission for bookings made through these links. The presence of an affiliate link does not influence which places are suggested to you — our backend doesn't tell the AI which places have affiliate inventory.

Your rights

Because we don't hold a personally identifying record of you, there's nothing personal to delete on our side — uninstalling the app removes your trips. If you'd like us to delete or export anything that might be associated with your device (such as CloudWatch logs older than 14 days, in the unlikely event a record contains identifiable information), email us at contact@tripidea.xyz. We try to respond within 30 days, in line with CCPA and GDPR expectations.

If you live in California (CCPA), the European Economic Area or UK (GDPR), or another jurisdiction with similar laws, you have the right to know what data we process about you, request deletion, and object to processing. Email us — we'll respond.

Data retention

• Trip content: on your device for as long as you keep it.
• Backend request logs: 14 days, then deleted.
• Place cache: we cache facts about real-world places (names, locations, photos from Google) indexed by Google's place ID. Search result lists are cached for 30 days. None of this is tied to a user.

Security

All traffic between the app and our backend is encrypted (TLS). Secrets such as API keys are stored in AWS Systems Manager Parameter Store with encryption at rest. No system is 100% secure; please don't enter sensitive personal information into the trip planner — it isn't designed for that.

Children

The app is not directed at children under 13 and we do not knowingly collect information from them. If you believe a child has used the app and you'd like us to remove anything that might be associated with their device, email us.

Cookies

The website uses Google Analytics cookies for traffic measurement. The app does not use cookies.

Terms of use

TripIdea is provided as-is. Place data (hours, ratings, descriptions) comes from third parties and may be incorrect, out of date, or unavailable. We make no guarantee that suggested places are open, safe, suitable for your party, or accurately described. Travel involves real-world risk; use your judgment, especially around local conditions, hours, accessibility, and health and safety advisories from official sources.

Don't use the app to harass, scrape, reverse-engineer, or otherwise abuse the service. We may rate-limit or block requests that appear automated.

Changes to this policy

If we materially change how we handle your data, we'll update this page and bump the "Last updated" date at the top. Significant changes will also be flagged inside the app where reasonable.

Contact

Questions, requests, or concerns: contact@tripidea.xyz.