Privacy Policy

Last updated: June 16, 2026

TripAura (“we”, “us”) is an AI travel planner. We built it to need as little of your personal data as possible: you can plan a full trip without creating an account, and your trips are stored in your own browser by default. This policy explains what we collect, why, and the control you have.

1. What we collect

• Trip details you type. The destination, dates, budget, number of travelers, interests, pace and any special requests you enter so we can build your itinerary. This is the core data the app works with.
• Account information (only if you sign in). Accounts are optional. If you choose to create one, our authentication provider (Supabase) stores your email address (and, for Google sign-in, the basic profile Google returns) so your saved trips can sync across devices.
• Saved trips.If you sign in, the trips you save are stored in our database so you can return to them. If you don’t, they stay only in your browser.
• Limited technical data. Like most websites, our hosting provider processes standard request information (e.g. IP address, browser type) needed to serve the site securely. We do not use advertising or cross-site tracking cookies.

2. How we use it

• To generate and refine your itinerary, maps, budgets and live price estimates.
• To save and sync your trips when you are signed in.
• To keep the service secure, reliable and working as intended.

We do not sell your personal data, and we do not use it for advertising.

3. Where your data is stored

• In your browser (default).Without an account, your current and saved trips live in your device’s local storage. Clearing your browser data removes them.
• In our database (with an account). If you sign in, your account and saved trips are stored by Supabase and protected by row-level security so each user can only access their own trips.

4. Third-party services

To build your plan, the trip details you enter are sent from our server to the services that power it:

• Google (Gemini AI & Places) — generates the itinerary and provides real place and price information.
• Supabase — authentication and saved-trip storage (only if you create an account).
• Our hosting provider (Vercel) — serves the application.
• Booking links.When you tap a link to a booking site (e.g. Google Flights, Booking.com, OpenTable), you leave TripAura and that site’s own privacy policy applies.

Each provider processes data under its own privacy terms. We share only what is needed to perform the task.

5. How we protect your data

• API keys are server-side only. All keys used to call AI and price services live on our server and are never sent to your browser or exposed in client code.
• Traffic is served over HTTPS.
• Account data is isolated per user with row-level security.

6. Your choices

• Plan without an account — keep everything local to your device.
• Delete local trips — use “New trip” / remove saved trips, or clear your browser storage.
• Delete your account data — if you created an account, contact us at the address below to have your account and stored trips deleted.

7. Children

TripAura is not directed to children under 13, and we do not knowingly collect their personal data.

8. Changes to this policy

We may update this policy as the product evolves. When we do, we’ll revise the “Last updated” date above. Material changes will be made prominent in the app.

9. Contact

Questions about your privacy or this policy? Reach us at support@tripaurai.com.