Privacy Policy

Last updated: February 19, 2026

Introduction

TripTrack ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website. By using TripTrack, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect various types of information to provide and improve our services:

1.1 Account Information

When you create a TripTrack account, we collect:

• Email address
• Name (first and last)
• Profile information you choose to provide
• Account credentials and authentication data

1.2 Trip and Travel Data

To organize and manage your trips, we collect:

• Flight information (airlines, flight numbers, dates, times, airports)
• Hotel reservations (property names, addresses, check-in/check-out dates)
• Car rentals and other transportation bookings
• Restaurant reservations and dining information
• Activity bookings and event tickets
• Confirmation numbers and booking references
• Trip notes and custom entries you create

1.3 Email Data

With your explicit consent through Gmail OAuth authorization, we access:

• Confirmation emails from travel providers
• Booking receipts and itineraries
• Email metadata (sender, subject, date) to identify travel-related messages
• Email content necessary to extract trip details

We only access emails necessary for trip organization. You can revoke this access at any time through your Google Account settings.

1.4 Receipt and Expense Data

When you use our receipt tracking features, we collect:

• Receipt images captured through your device camera or uploaded from your photo library
• Merchant names and transaction details
• Purchase amounts and currencies
• Transaction dates and categories
• Expense notes and tags you add

1.5 Usage and Analytics Data

To improve our services, we automatically collect:

• Device information (model, operating system, unique device identifiers)
• App usage patterns and feature interactions
• Performance data and crash reports
• IP address and general location information
• Time zone and language preferences

2. How We Collect Your Data

We collect information through the following methods:

2.1 Direct User Input

Information you manually enter into the app, including account details, trip information, notes, and preferences.

2.2 Gmail OAuth Integration

With your explicit authorization, we use Google's OAuth 2.0 protocol to securely access your Gmail account and automatically extract travel-related information from confirmation emails. This integration requires your active consent and can be revoked at any time.

2.3 Email Forwarding

You may choose to forward confirmation emails to your unique TripTrack email address, which we process to extract trip details and add them to your itinerary.

2.4 Camera and Photo Library

When you use receipt scanning features, we access your device camera (with permission) to capture receipt images, or your photo library to upload existing images.

2.5 Automated Collection

We automatically collect usage data, device information, and analytics through standard app technologies and third-party analytics services.

3. How We Use Your Data

We use the collected information for the following purposes:

3.1 Trip Management and Organization

• Automatically organize your travel bookings into comprehensive itineraries
• Display flight times, hotel check-ins, and other trip details
• Send notifications and reminders about upcoming travel
• Provide real-time flight status updates and gate changes
• Track and categorize travel expenses

3.2 AI-Powered Features

• Process receipt images using optical character recognition (OCR) to extract transaction details
• Parse confirmation emails to automatically identify and extract booking information
• Provide intelligent trip recommendations and suggestions
• Power our AI Concierge feature to answer travel-related questions
• Generate trip summaries and insights

3.3 Service Improvement and Analytics

• Analyze usage patterns to improve app functionality
• Identify and fix technical issues and bugs
• Develop new features based on user behavior
• Optimize app performance and user experience
• Conduct research and analysis to enhance our services

3.4 Communication

• Send important service announcements and updates
• Respond to your support requests and inquiries
• Provide customer service and technical assistance
• Send promotional communications (with your consent, which you can withdraw at any time)

3.5 Security and Legal Compliance

• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service
• Comply with legal obligations and respond to lawful requests

4. Third-Party AI Processing and Data Disclosure

Important: TripTrack uses artificial intelligence services provided by OpenAI to power various features in our app.

4.1 OpenAI Data Processing

When you use AI-powered features (such as receipt scanning, email parsing, AI Concierge, and trip insights), your data is processed by OpenAI's API services. This may include:

• Receipt images and extracted text
• Email content from confirmation messages
• Trip details and itinerary information
• Questions you ask the AI Concierge
• Other content you submit for AI processing

4.2 OpenAI's Data Usage Policy

OpenAI processes your data in accordance with their API data usage policy. Key points include:

• Data submitted through the API is not used to train OpenAI's models
• OpenAI retains API data for 30 days for abuse and misuse monitoring, then deletes it (unless legally required to retain it)
• OpenAI implements security measures to protect data during processing

For complete details, please review OpenAI's Enterprise Privacy Policy and API Data Usage Policies.

4.3 Other Third-Party Services

We may also share data with the following types of third-party services:

• Analytics Providers: Google Analytics and similar services to understand app usage
• Cloud Infrastructure: Secure cloud hosting providers to store your data
• Flight Data Services: Aviation data providers for real-time flight tracking
• Email Services: For sending notifications and communications

We carefully vet all third-party providers and require them to maintain appropriate security measures and use your data only for the purposes we specify.

5. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption of data in transit using TLS/SSL protocols
• Encryption of sensitive data at rest
• Secure authentication mechanisms
• Regular security audits and updates
• Access controls limiting employee access to personal data
• Secure cloud infrastructure with redundancy and backup systems

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active and for a reasonable period after account deletion to comply with legal obligations
• Trip Data: Retained while your account is active; you can delete individual trips at any time
• Receipt Images: Retained until you delete them or close your account
• Usage Analytics: Typically retained in aggregated, anonymized form for analysis

7. Your Rights and Choices

You have the following rights regarding your personal data:

7.1 Access and Portability

You can access your personal data at any time through the app. You have the right to request a copy of your data in a portable format.

7.2 Correction and Updates

You can update your account information and trip details directly in the app at any time.

7.3 Data Deletion

You have the right to request deletion of your personal data. You can:

• Delete individual trips, receipts, or data entries within the app
• Request full account deletion, which will permanently remove all your data from our systems
• Contact us at privacy@triptrack.ai to request data deletion

Please note that some data may be retained for a limited period to comply with legal obligations or resolve disputes.

7.4 Data Export

You can request an export of your data in a machine-readable format. Contact us at privacy@triptrack.ai to request a data export.

7.5 Consent Withdrawal

You can withdraw consent for data collection at any time:

• Gmail Access: Revoke OAuth permissions through your Google Account settings or within the TripTrack app
• Camera/Photos: Disable permissions in your device settings
• Marketing Communications: Opt out via the unsubscribe link in emails or in app settings
• Analytics: Disable analytics tracking in app settings (where available)

Withdrawing consent may limit your ability to use certain features of the app.

7.6 Do Not Sell My Personal Information

We do not sell your personal information to third parties. We do not share your data for monetary compensation.

8. Children's Privacy

TripTrack is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

• Posting the updated policy on our website and in the app
• Updating the "Last updated" date at the top of this policy
• Sending you an email notification (for significant changes)

Your continued use of TripTrack after changes become effective constitutes acceptance of the updated Privacy Policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@triptrack.ai
• Support: TripTrack Support Center

We will respond to your inquiry within a reasonable timeframe, typically within 30 days.

12. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data based on the following legal grounds:

• Consent: When you provide explicit consent (e.g., Gmail OAuth, marketing communications)
• Contract Performance: To provide the services you've requested
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Legal Obligations: To comply with applicable laws and regulations