Privacy Policy

1. Information we collect

We collect the following categories of personal information:

• Account information — your email address, and if you sign in with Google, your name and Google email address.
• Trip data — everything you enter: trip names, destinations, dates, flights, accommodation details, car rentals, insurance policies, activities, notes, and traveler names.
• Uploaded documents — booking confirmations, tickets, and other files you upload to TripsWiz are stored on our servers.
• Language preference — your chosen interface language, stored in a cookie and in your account settings.
• Technical data — automatically collected information including your IP address, browser type, device type, and operating system, used to operate and improve the Service.
• Location data — approximate device location may be collected when you open map or navigation links within the Service.

Sensitive information in uploaded documents

Documents you upload may contain sensitive personal information such as passport numbers, government-issued ID numbers, financial account details, health-related information (for example in travel insurance certificates), or other sensitive travel documents. We store these files only to provide the Service to you. We do not analyse or use the content of uploaded documents for any purpose other than delivering the Service, except when you explicitly request AI-assisted processing (such as auto-filling trip details from a document). Always keep your original documents — do not rely solely on TripsWiz for document storage.

2. How we process your information

We process your personal information for the following purposes:

• To provide, operate, and maintain the Service.
• To authenticate your account and keep it secure.
• To send transactional messages such as account confirmation and password reset emails.
• To process trip data you provide, including AI-assisted booking import when you use that feature.
• To enable trip sharing when you choose to create a share link.
• To respond to your support requests.
• To protect the Service from fraud, abuse, and security threats.
• To improve the Service based on aggregate, anonymised usage patterns.
• To comply with applicable legal obligations.

3. Legal bases for processing (EU, UK, EEA, Switzerland)

If you are located in the European Union, United Kingdom, European Economic Area, or Switzerland, we rely on the following legal bases to process your personal information:

• Contractual necessity — to provide the Service you have requested.
• Consent — where you have given explicit permission for a specific purpose, such as AI-assisted document processing. You may withdraw consent at any time by contacting us.
• Legitimate interests — to operate and improve the Service securely, where our interests are not overridden by your rights and freedoms.
• Legal obligation — where processing is necessary to comply with applicable law.

If you are located in Canada, we may process your information where you have given express or implied consent, or where processing is permitted without consent under applicable Canadian privacy law.

4. When and with whom we share your information

We do not sell your personal information. We may share it only in these limited circumstances:

• Service providers — trusted third-party cloud and technology providers process data on our behalf under written data protection agreements.
• Trip sharing — when you create a share link, selected trip data is accessible to anyone with that link. Uploaded documents are never included. You control all share links and can revoke access or set expiry dates at any time.
• Google Maps and navigation — when you tap map or navigation links in the Service, your interaction may be subject to Google's privacy policy and terms.
• Business transfers — if TripsWiz is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
• Legal requirements — we may disclose your information where required by law, court order, regulatory authority, or to protect the rights, property, or safety of TripsWiz or others.

5. Social login (Google Sign-In)

TripsWiz offers sign-in via Google. When you use Google Sign-In, authentication is handled by Google and we receive basic profile data (name and email address) as part of that process. We use this information only to create and manage your account. We do not receive or store your Google password. Your use of Google Sign-In is also subject to Google's Privacy Policy.

6. Cookies and tracking technologies

TripsWiz uses cookies and similar technologies for: authenticating and maintaining your session; and remembering your language preference. We do not use advertising or third-party tracking cookies. You can disable cookies in your browser settings, but doing so may prevent parts of the Service from working correctly.

7. International data transfers

Our servers and infrastructure are located in the United States. If you access TripsWiz from outside the United States, your personal information is transferred to and processed in the United States. For users in the European Economic Area, United Kingdom, or Switzerland, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission. Details of these safeguards are available on request.

8. Data retention

We retain your personal information for as long as your account is active. When you delete your account, your data is deleted or anonymised. Some information may be retained for a limited period to comply with legal obligations, resolve disputes, or enforce our agreements. You can delete individual trips, documents, and other items from within the Service at any time.

9. Security

We implement appropriate technical and organisational security measures designed to protect your personal information. However, no electronic transmission over the internet or information storage system is 100% secure. We cannot guarantee that your data will never be accessed by unauthorised parties. You are responsible for keeping your account credentials confidential and for accessing the Service within a secure environment.

10. Children

TripsWiz is not intended for children under 18 years of age, or the equivalent minimum age under applicable law in your jurisdiction. We do not knowingly collect personal information from children. If we learn that a child under 18 has created an account, we will deactivate it and delete the associated data. If you believe a child has provided us with personal information, please contact us at info@tripswiz.com.

11. Your privacy rights (EEA, UK, Switzerland, Canada)

If you are located in the EEA, UK, Switzerland, or Canada you have the following rights regarding your personal data:

• Right to access — request a copy of the personal information we hold about you.
• Right to rectification — request correction of inaccurate or incomplete information.
• Right to erasure — request deletion of your personal data.
• Right to restrict processing — ask us to limit how we use your data in certain circumstances.
• Right to data portability — receive your data in a structured, commonly used, machine-readable format.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

If you believe we are processing your personal information unlawfully, you have the right to lodge a complaint with your national supervisory authority: in the EU with your Member State data protection authority; in the UK with the Information Commissioner's Office (ICO); in Switzerland with the Federal Data Protection and Information Commissioner (FDPIC). We encourage you to contact us first at info@tripswiz.com so we can try to resolve the issue directly.

12. United States — state privacy rights

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have specific rights under applicable state privacy law. These may include the right to: know what personal information we collect and how we use it; access, correct, or delete your personal information; obtain a portable copy of your personal information; opt out of any sale or sharing of your personal information for targeted advertising (we do not sell or share personal information for advertising); and non-discrimination for exercising these rights. To submit a privacy request, contact us at info@tripswiz.com.

We collect sensitive personal information including account login credentials and any sensitive data contained in documents you choose to upload (such as passport numbers, government-issued ID numbers, or health-related information in travel insurance documents). We collect this only to provide the Service. We do not use or disclose sensitive personal information for the purpose of inferring characteristics about you.

California residents may submit a request under the California ”Shine the Light” law (Civil Code § 1798.83) for information about categories of personal information disclosed to third parties for direct marketing purposes. We do not disclose personal information to third parties for direct marketing.

13. Other regions

Australia and New Zealand: We collect and process personal information in accordance with Australia's Privacy Act 1988 and New Zealand's Privacy Act 2020. You have the right to access and correct your personal information. Complaints may be directed to the Office of the Australian Information Commissioner (OAIC) or the Office of the New Zealand Privacy Commissioner.

Republic of South Africa: You have the right to access and correct your personal information under the Protection of Personal Information Act (POPIA). If you are not satisfied with our handling of a complaint, you may contact The Information Regulator (South Africa) at enquiries@inforegulator.org.za.

14. Do Not Track

Some web browsers and mobile operating systems include a Do Not Track (DNT) setting you can enable to signal your preference not to have browsing activity tracked. Because no uniform standard for recognising DNT signals currently exists, we do not respond to DNT browser signals at this time. If a recognised standard is adopted, we will update this policy accordingly.

15. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the date at the top. If we make material changes we will take reasonable steps to notify you. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

16. Contact and data requests

For privacy questions, data access requests, correction or deletion requests, or any other privacy-related enquiry, please contact us at info@tripswiz.com.