Privacy Policy & Legal Notice

Last updated: May 2026

1. Data Controller

Trippyy is operated as a travel planning platform. For data protection inquiries, contact us at [email protected].

2. Data We Collect

We collect the following personal data:

• Account information: Name, email address, and encrypted password
• Trip data: Trip details, itineraries, locations, and uploaded files
• Usage data: Browser type, access times, and pages visited (via essential cookies)

3. Purpose of Processing (GDPR Art. 6)

We process your data based on:

• Contract performance (Art. 6(1)(b)): To provide the trip planning service
• Consent (Art. 6(1)(a)): For analytics cookies (optional)
• Legitimate interest (Art. 6(1)(f)): To improve and secure the Service

4. Cookies

Essential cookies: Required for the Service to function (authentication, session management). These cannot be disabled.

Analytics cookies: Optional. Used to understand usage patterns. You can control these via the cookie consent banner.

5. Your Rights (GDPR)

Under the EU General Data Protection Regulation, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Erase your data ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time

To exercise these rights, email [email protected].

6. Data Retention

We retain your data for as long as your account is active. Upon deletion, your data will be removed within 30 days.

7. Data Security

We use industry-standard encryption (HTTPS, bcrypt for passwords) and secure cloud storage to protect your data.

8. Third-Party Services

We use the following third-party services:

• Google Maps: For map visualization (subject to Google Privacy Policy)
• Cloud storage (AWS): For secure file storage

9. Changes to This Policy

We may update this policy. Changes will be posted on this page with an updated date.

10. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority.