Privacy Policy

Last Updated: March 25, 2026

This Privacy Policy describes how TripMate AI (“we,” “us”) handles personal data when you use our mobile apps, website, and related services. It should be read together with our Terms of Service.

1. Data controller

For data protection purposes, the controller responsible for personal data processed through TripMate AI is the operator of the Service. For questions or requests, contact us at mha@signalinvest.ai. If you need a postal address for a formal request, ask us by email and we will provide it where required by law.

2. What we collect and why

We only process personal data as needed to run TripMate AI. Depending on how you use the app, this may include:

• Account and profile: Name, email address, optional avatar, and authentication data when you register or sign in (including via Apple or Google). Stored on our backend (see below).
• Trip and collaboration data: Itineraries, destinations, activities, notes, and sharing/collaboration data you choose to save.
• Location: If you grant permission, device location for maps, trip features, and (where enabled) background location for group coordination. You can revoke location access in your device settings.
• Push notifications: If you allow notifications, we may store a device push token associated with your account so we can send alerts you opt into. Local reminders may be scheduled on your device.
• AI features: Text and context you submit for AI planning (for example trip ideas, preferences, or place names) may be sent to our AI providers to generate responses. Do not submit data you are not allowed to share.
• Maps, places, and weather: Queries needed for maps, routing, place search, or weather are sent to our mapping and weather providers as required for those features.
• Subscriptions: If you subscribe, Apple processes payment and provides us subscription status through our subscription partner; we do not receive your full payment card details.

Analytics: We do not embed third-party advertising or behavioral analytics SDKs (such as ad networks or cross-app tracking) in the app for profiling. We may rely on limited technical logs and operational data from our hosting and subscription providers for security, debugging, and abuse prevention.

3. Legal bases (EEA/UK)

Where GDPR applies, we process personal data on the following bases: performance of a contract (providing the Service you request); legitimate interests (security, improving reliability, communicating about the Service); and, where required, your consent (for example device permissions you grant in iOS/Android settings).

4. Who we share data with (subprocessors)

We use trusted infrastructure and service providers. They process data only to deliver the Service on our instructions or as independent controllers where stated in their policies:

• Supabase — authentication, database, and related hosting for app data.
• RevenueCat — subscription status and in-app purchase management (see also Apple below).
• Apple & Google — sign-in, App Store / Play billing, and platform services as applicable.
• Google (Maps / Places / related APIs) — mapping, search, and routing where used in the app.
• AI and search providers (for example model routing via OpenRouter, and search tools such as Tavily or Exa when those features are used) — to generate AI responses or retrieve public information you request.
• Weather provider — forecast data for locations you ask about.
• Expo — push notification delivery infrastructure when we send a push to your device token.

Each provider’s own privacy policy also applies to how they handle data in their systems. We do not sell your personal data.

5. International transfers

Some providers may process data in the United States or other countries outside your country of residence. Where required, we rely on appropriate safeguards such as the EU Standard Contractual Clauses or equivalent mechanisms offered by our vendors.

6. Retention

We keep personal data while your account is active and for a short period afterward as needed for backups, legal obligations, or dispute resolution. You can delete your account in the app; that removes your profile and associated app data from our systems as described in our Terms, subject to limited exceptions (for example where the law requires retention).

7. Security

We use industry-standard measures including encryption in transit (HTTPS) and access controls. No method of transmission or storage is 100% secure; we work to protect your data appropriately.

8. Your rights

Depending on your location, you may have the right to access, correct, delete, or export your personal data; restrict or object to certain processing; and withdraw consent where processing is consent-based. You may exercise many choices in the app (profile, permissions, Delete account). You can also email us to request access or portability. If you are in the EEA/UK and believe we have not resolved your concern, you may lodge a complaint with your local supervisory authority (in Norway: Datatilsynet).

9. Children

The Service is not directed at children under 16 (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children.

10. Changes

We may update this Privacy Policy from time to time. We will post the new version on this page and update the “Last Updated” date.

11. Contact

Questions or requests: mha@signalinvest.ai