Privacy Policy

Last Updated: March 17, 2026

Jason Wong ("we", "us", or "our") operates the Travel Tracker mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our App.

By using Travel Tracker, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our App.

1. Information We Collect

1.1 Personal Information You Provide

When you create an account and use Travel Tracker, we collect:

Account Information: Email address, name (optional), and password (encrypted)
Profile Information: Display name, profile picture (optional)

1.2 User-Generated Content

We collect and store content you create within the App:

Saved Places: Locations you save from Google Places
Trips: Trip names, dates, and descriptions you create
Notes: Personal notes you add to places and trips
Ratings: Your ratings of places you've visited
Lists: Collections of places you organize

1.3 Location Information

We collect location data to provide core app functionality:

Precise Location: When you search for nearby places or add places to the map
Approximate Location: For general map positioning and regional recommendations

You can control location permissions through your device settings. Denying location access will limit some app features.

1.4 Usage and Analytics Data

We automatically collect information about how you use the App:

App Usage: Features you use, trips created, places saved, sharing activity
Device Information: Device type, operating system version, unique device identifiers
Analytics: Through Firebase Analytics - app crashes, performance data, general usage patterns

1.5 Information from Third Parties

Google Places API: Place names, addresses, photos, ratings, and reviews (publicly available data)
Authentication Providers: If you sign in with Google or other OAuth providers, we receive basic profile information (name, email, profile picture)

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 To Provide and Maintain the App

Create and manage your account
Save your places, trips, notes, and ratings
Display maps and location-based features
Enable collaborative trip planning and sharing
Synchronize your data across devices

2.2 To Improve the App

Analyze usage patterns to improve features
Monitor app performance and fix bugs
Develop new features based on user behavior

2.3 To Communicate with You

Send account verification emails
Send password reset emails
Respond to your support requests
Send important service announcements (we will not send marketing emails without your consent)

2.4 For Legal and Security Purposes

Prevent fraud and abuse
Comply with legal obligations
Protect our rights and the rights of other users

3. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

3.1 With Other Users (When You Choose to Share)

When you share a trip with other users, they can see the trip name, places, notes, and your name/profile picture
Your ratings are visible to other users globally to help the community
Your notes are private by default unless you explicitly share them

3.2 With Service Providers

We use third-party services to operate the App:

Supabase: Database hosting, authentication, and backend infrastructure (data stored on AWS servers)
Google Places API: Location data, place information, and maps
Firebase Analytics: App analytics and crash reporting (Google LLC)
Brevo (Sendinblue): Transactional email delivery

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.3 Affiliate Partners

Viator: When you click on activity or tour links in the App, we may earn a commission if you make a booking. We share anonymized click data with Viator for attribution purposes only. We do not share your personal information with Viator.

3.4 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, safety, or property.

4. Data Security

We take security seriously and implement industry-standard measures:

Encryption in Transit: All data transmission uses HTTPS/TLS encryption
Encryption at Rest: Passwords are hashed using bcrypt; database connections are encrypted
Access Controls: Limited employee/contractor access to user data
Secure Infrastructure: Data hosted on Supabase with enterprise-grade security

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Your Rights and Choices

5.1 Access and Update

You can access and update your account information, profile, trips, notes, and ratings directly within the App.

5.2 Delete Your Account

You can delete your account at any time through Settings → Delete Account. When you delete your account:

Your account, profile, trips, notes, and ratings are permanently deleted immediately
Shared trips you created will be removed from other users' accounts
Your contributions to shared trips (notes, places) will be anonymized
This action cannot be undone - there is no data recovery or backup retention

5.3 Location Permissions

You can disable location access through your device settings. This will limit map and location-based features.

5.4 Email Communications

You cannot opt out of essential service emails (verification, password reset), but we will not send marketing emails without your explicit consent.

5.5 Data Portability (GDPR)

If you are located in the European Economic Area (EEA), you have the right to request a copy of your personal data in a machine-readable format. Contact us at [email protected] to request your data.

5.6 Other Rights (GDPR)

EEA users have additional rights:

Right to Object: Object to processing of your data
Right to Restriction: Request restriction of processing
Right to Rectification: Correct inaccurate data
Right to Lodge a Complaint: File a complaint with your local data protection authority

6. International Data Transfers

Your data is stored on Supabase servers, which may be located in various countries including the United States. By using the App, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

We ensure that all data transfers comply with applicable data protection laws, including GDPR for European users, through appropriate safeguards such as standard contractual clauses.

7. Children's Privacy

Travel Tracker is intended for users aged 13 years and older. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will delete the information immediately.

8. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request what personal information we collect and how we use it
Right to Delete: Request deletion of your personal information (available through Settings → Delete Account)
Right to Opt-Out: We do not sell your personal information
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, contact us at [email protected].

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. When you delete your account, all data is permanently deleted immediately with no backup or recovery period.

We may retain anonymized, aggregated data for analytics purposes indefinitely.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

Posting the new policy in the App
Updating the "Last Updated" date at the top of this policy
Sending an email notification for significant changes (optional)

Your continued use of the App after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us:

Developer: Jason Wong
Email: [email protected]
Address: Singapore, Singapore

We will respond to your inquiry within 30 days.

12. Legal Basis for Processing (GDPR)

For users in the EEA, our legal basis for collecting and using personal information depends on the data and context:

Contractual Necessity: Processing necessary to provide the App service (account management, trip planning features)
Legitimate Interests: Analytics, app im