Privacy Policy

1. Data controller

The data controller responsible for your personal data is Coplango B.V., Posthoornstraat 11, 3011 WD Rotterdam, The Netherlands, registered with the Dutch Chamber of Commerce (KVK) under number 42010520. You can reach us regarding any privacy matter by email at hello@coplango.com.

2. What data we collect

Trippers collects only the personal data needed to plan, save, and synchronize your trips. The data we process depends on which features you use.

Account information. When you create an account we store an email address (if you sign up with email and password), an Apple-issued user identifier and optional private-relay email (if you choose Sign in with Apple), or a Google-issued user identifier together with the name and email address from your Google profile (if you choose Sign in with Google). Apple provides your real name only on the first sign-in, which we store with your profile.

Profile information you provide. Name, handle, profile emoji, optional bio, home city, preferred travel styles, budget tier, and dietary or food preferences you choose to enter.

Trip data you create. Destinations, dates, traveling companions you add, itineraries, activities, packing checklists, budget categories and amounts, free-form notes, and destinations you bookmark from the Explore tab.

Notification data. Your in-app notification preferences and quiet-hours settings, the list of in-app notifications we have shown you (and their read/unread state), and — only if you opt in to push notifications — a device push token (Apple-issued on iOS, Firebase Cloud Messaging on Android).

Subscription state. Whether you have an active Trippers Pro subscription, the product purchased, and the renewal or cancellation state. Payment itself is processed by the Apple App Store or Google Play; the resulting subscription state is managed by our subscription processor (RevenueCat) and keyed by an anonymous identifier we generate.

Location data (optional). If you use departure-day alerts and grant the location permission, the app reads your device’s current location to estimate travel times to your next itinerary stop. That location is sent over HTTPS to our backend, which forwards it to a maps provider for a route lookup; it is processed transiently for that request and is not stored on our servers or shown to other users. Location access is optional — every other feature works without it.

Device and diagnostic information. Operating-system version, device model, app version, and anonymous identifiers used for analytics and crash reporting — collected only if you have not turned analytics off in Profile → Privacy & security.

What we do not collect. Your contacts, photos, files, or payment-card details. Payment is handled entirely by the Apple App Store or Google Play; we never see your card. If you use the “Add to calendar” feature, events are written to your device’s calendar locally — we never read or upload your calendar. Your location is never collected in the background or stored on our servers (see “Location data” above).

3. Why we process your data

We process your data to provide the core service (plan, save, edit, and display your trips), personalize AI suggestions based on the preferences you have set, deliver notifications you have opted into, maintain your subscription state and unlock Pro features, and investigate crashes or bugs (only if analytics is enabled). We never use your data for advertising and never sell or rent it to third parties.

4. Legal basis

Our legal basis for processing your account, profile, trip, notification, and subscription data is Article 6(1)(b) GDPR (performance of a contract — providing the Trippers service to you). Diagnostic analytics, where enabled, are processed on the basis of Article 6(1)(a) GDPR (consent), which you can withdraw at any time from Profile → Privacy & security.

5. How AI trip planning works

When you ask Trippers to plan a trip, the prompt and parameters you provide (destination, dates, travel style, etc.) are sent to our backend, which forwards them to a third-party AI provider so it can generate an itinerary. The AI provider receives only what is needed to produce the response — your account email and personal identifiers are not included in the AI prompt. Generated itineraries are stored in your account and can be edited or deleted at any time.

6. How long we keep your data

We keep your data for as long as your account exists. When you delete your account (Profile → Privacy & security → Delete account — see trippers.coplango.com/delete-account for details) your account, profile, trips, saved destinations, notification history, and notification preferences are removed from our active databases immediately and from backups within 30 days. Anonymous aggregated analytics data (if you had it enabled) may be retained longer because it cannot be linked back to you.

7. Your rights under the GDPR

You have the right to access, rectify, erase, restrict the processing of, or port your personal data, and the right to object to processing based on legitimate interest. Most of these rights are available directly inside the app: you can view and edit your profile, trips, and preferences in the app itself, and permanently delete your account from Profile → Privacy & security. To make any other request, email us at hello@coplango.com — we will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

8. Third-party processors

We use a small number of sub-processors under data processing agreements: Supabase (managed Postgres backend and authentication, EU region — AWS eu-west-2) stores your account, profile, trips, saved destinations, notification preferences, and inbox; RevenueCat (subscription state management) stores your Trippers Pro subscription status keyed by an anonymous identifier; Apple handles Sign in with Apple, App Store payments, and Apple Push Notification service delivery on iOS; Google handles Sign in with Google, Google Play payments and Firebase Cloud Messaging push delivery on Android, and route lookups for departure-time estimates (Google Maps Platform); a weather provider (Open-Meteo) receives the coordinates of your trip destinations (never your device location) to show forecasts; and an AI provider, invoked via Supabase Edge Functions, generates trip itineraries from the prompts you submit. None of these processors receive data beyond what is strictly necessary for their role, and your account identifiers are never sent to the AI provider.

9. International data transfers

Our backend data (Supabase) is stored in EU data centers. RevenueCat and the AI provider may process data in the United States under appropriate safeguards (Standard Contractual Clauses or an equivalent transfer mechanism). Apple processes Sign in with Apple, payment, and APNs data per its own policy at apple.com/legal/privacy; Google processes Sign in with Google, Google Play billing, push delivery, and route lookups per its policy at policies.google.com/privacy.

10. Security

We use Supabase Row Level Security so that only you can read your own data. All data is transmitted over HTTPS. We follow industry-standard practices for storing credentials and tokens, but no system is 100% secure — if you believe your account has been compromised, email us right away.

11. Children

Trippers is not directed at children under 13 (or the equivalent minimum age in your jurisdiction), and we do not knowingly collect data from them. If you believe a child has provided data to us, please email hello@coplango.com and we will delete it.

12. Changes to this policy

If we make material changes, we will update the “Last updated” date at the top and, where appropriate, notify you inside the app. Continued use of Trippers after the change means you accept the new policy.

13. Contact

Questions or concerns? Email hello@coplango.com, or write to Coplango B.V., Posthoornstraat 11, 3011 WD Rotterdam, The Netherlands.