Privacy Policy

Last updated: March 2026 · Version 1.0

1. Overview

TripVault ("we", "our", "us") is committed to protecting your privacy. This Policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

Account Data

When you sign in with Apple or Google, we receive your name and email address. We store this to identify you within the app and to trip members you share a vault with.

Photos and Media

Photos you upload are stored securely in our cloud storage (Supabase / AWS S3). They are only accessible to members of the same trip vault. Photos marked private are only accessible to you.

Device and Usage Data

We collect anonymised usage analytics (via PostHog) and crash reports (via Sentry) to improve the app. This data does not identify you personally and is never sold to third parties.

Push Notification Tokens

If you enable notifications, we store your device push token to send you trip-related notifications (e.g. new photo uploads, trip-end reminders). You can disable these at any time in your device settings.

3. How We Use Your Data

• To provide and operate the TripVault service
• To display your name and photos to other members of your trip vaults
• To send you notifications you have opted into
• To diagnose crashes and improve app performance

4. Data Sharing

We do not sell your personal data. We share data only with:

• Supabase — database and storage infrastructure
• Apple / Google — authentication providers
• Sentry — crash reporting (anonymised)
• PostHog — product analytics (anonymised)
• Expo — push notification delivery

5. Data Retention

Your data is retained as long as your account is active. When you delete your account, all your photos, profile data, and associated records are permanently deleted from our servers within 30 days.

6. Your Rights

You have the right to: access your personal data, correct inaccurate data, request deletion of your data (via the Delete Account option in Settings), and withdraw consent at any time.

7. Children's Privacy

TripVault is not directed at children under 13. We do not knowingly collect personal data from children under 13.

8. Security

We use industry-standard security measures including encryption in transit (TLS) and at rest, row-level security on all data, and signed URLs for photo access that expire after one hour.

9. Changes to This Policy

We may update this Policy from time to time. We will notify you of material changes within the App. Your continued use after notice constitutes acceptance.

10. Contact

For privacy-related questions, email us at support@tripvault.ai.