Privacy Policy

This Privacy Policy applies to the TripAligner website and our trip planning application (/app), both of which are operated under the same domain.

TripAligner is operated by the TripAligner entity company, which is the controller of personal data processed through the website and application.

You can contact TripAligner about privacy, account deletion, or data protection matters at support@tripaligner.com.

TripAligner is intended for users who are at least 16 years old.

We do not knowingly collect or process personal data from users under 16. If we become aware that a user under 16 has provided personal data, we will take appropriate steps to delete the data.

Authentication is provided securely through Supabase Auth. To make sign-in seamless, we support social login (OAuth) via Google, Apple, and Facebook.

When you authenticate, Supabase Auth stores essential information needed to create your account, manage login sessions, and protect account security.

When you choose to sign in with Google, Apple, or Facebook, that provider may share limited account information with TripAligner so that we can create and manage your TripAligner account.

TripAligner requests OAuth data only for account creation, sign-in, session management, account security, and preventing unauthorized access.

For Apple Sign in, Apple may allow you to share either your real email address or a private relay email address. TripAligner will use the email address supplied through Apple Sign in for account and authentication purposes.

TripAligner does not use OAuth provider data for advertising, resale, or unrelated profiling.

OAuth providers may issue access tokens, refresh tokens, ID tokens, or similar authentication credentials during login. Supabase Auth receives and processes these tokens as part of the authentication flow.

TripAligner does not intentionally store or persist OAuth provider access or refresh tokens in our own project database for independent use, unless a future feature explicitly requires direct calls to a provider's API.

If TripAligner later requires additional OAuth scopes or direct provider API access, we will update this Privacy Policy before launching that feature and request any required user consent.

To provide our trip planning service, the TripAligner application stores trip planning data including destinations, travel dates, map bounds, selected places, suggestion queues, selected hotel details, itinerary information, and active planning state.

Depending on your usage, this data may be synchronized with your account database or stored locally in your browser's persistent storage, such as IndexedDB and PGlite.

Trip planning data is used for TripAligner's own service functionality only and is not sold or shared for third-party advertising.

TripAligner uses cookies and similar technologies to keep you signed in, manage sessions, secure your account, remember consent choices, support website functionality, and understand how users interact with our website.

We use Google Tag Manager to manage website tags, including consent-based analytics and measurement tags. Google Tag Manager itself helps manage when tags run, and the tags managed through it may set or read cookies depending on your consent choices.

All users are shown a consent form. Non-essential cookies and analytics or measurement tags are used only where the relevant consent has been provided.

Where applicable, we use Google consent settings to control whether analytics, advertising, personalization, and user-data-related storage or transmission are permitted.

Where EU data protection law applies, TripAligner processes personal data under the following legal bases.

TripAligner uses personal data for TripAligner's own service purposes and does not sell your personal data.

TripAligner does not share trip planning data with third parties for their own independent use.

We may use trusted service providers and technical processors, such as authentication, hosting, infrastructure, security, analytics, and website measurement providers, only as needed to operate, secure, measure, and improve TripAligner.

OAuth providers such as Google, Apple, and Facebook process your use of their sign-in services under their own terms and privacy policies.

TripAligner is based in Malta, EU, but some service providers or technical infrastructure may process data outside Malta or the European Economic Area.

Where personal data is transferred internationally, we rely on appropriate safeguards where required by applicable law, such as adequacy decisions, standard contractual clauses, provider data processing terms, or other lawful transfer mechanisms.

TripAligner retains personal data only for as long as reasonably necessary to provide the service, maintain account security, comply with legal obligations, resolve disputes, and enforce our terms.

Account and trip planning data associated with a valid deletion request will be removed within 30 days, unless a longer retention period is required by law, security, fraud prevention, dispute resolution, or legitimate operational backup processes.

Local browser data may remain on your device until you clear your browser storage, delete the application data, or use available product controls to remove it.

Depending on your location and applicable law, you may have rights regarding your personal data.

You can exercise privacy rights or request account and data deletion by contacting support@tripaligner.com.

If you authenticated with TripAligner using Facebook/Meta OAuth, you can revoke future access and request deletion of your associated TripAligner account data at any time.

To revoke future access, remove the TripAligner application from your Facebook settings under Settings & Privacy > Activity Log > Apps and Websites.

To delete your existing TripAligner account and associated app data, contact support@tripaligner.com. After a valid deletion request, associated account and trip planning data will be removed within 30 days, unless retention is required by law, security, fraud prevention, dispute resolution, or legitimate operational backup processes.

We may update this Privacy Policy from time to time to reflect changes to our service, technology, legal requirements, OAuth scopes, analytics setup, cookie use, or data practices.

When we make material changes, we will update the Last Updated date and, where appropriate, provide additional notice or request consent.

For privacy questions, account deletion, data requests, or other data protection matters, contact TripAligner at support@tripaligner.com.