Privacy & Security Policy
TripEase – App for planning, managing & sharing trips
Introduction
This document explains what data the app collects, where it is stored, which third parties are involved, and how the app protects your information. Using the app constitutes acceptance of this policy.
We take your privacy seriously. However, it is important to understand that no digital system is 100% secure. The app takes reasonable security measures but cannot guarantee absolute protection against breaches, malfunctions, human error, cyberattacks, third-party failures, or unauthorized access.
Part A: Privacy Policy
1. What Information Is Collected and Stored
The app stores information the user enters or creates in the app, including:
Profile Details
- First name, last name, username, bio, profile avatar or emoji.
- Private or public account status.
- Followers and following.
- User identifiers (UID) for identification, content management, and security purposes.
Trip Details
- Trip name, start and end dates.
- Destinations, addresses, and coordinates.
- Trip image and custom categories.
- Sharing permissions.
Logistics Details
- Flights: flight number, airline, airports, dates and times, seat numbers, travel class, prices.
- Hotels: name, address, coordinates, stay dates, price, rating, meal plan.
- Car rental, trains, ferries, rides, and taxis – pickup and drop-off details, driver, company, price.
- Notes, booking links, booking confirmation numbers, payment status, and attached files.
Booking Confirmations
- Place name, address, description, destination, date, time, price, payment status.
- Booking numbers and booking links stored in the device's secure storage.
- Files and images of booking confirmations.
Lists, Notes & Documents
- Checklists, list items, statuses, quantities, priorities, and person assignments.
- Notes – titles, free text, color, destination assignment, and reminders.
- Important documents – name, description, and attached files such as passport, license, insurance, and tickets.
Places to Visit
- Place name, destination, type, address, coordinates, opening hours, website, rating, dietary info, food type, and images.
- Saved places and places you created.
Trip Itinerary
- Itinerary days, itinerary items, times, addresses, coordinates, links, daily notes, place assignments, logistics items, and booking confirmations.
Weather Data
- Weather forecast data is retrieved based on the trip destination's coordinates, not the user's real-time location, and is temporarily cached on the device.
2. Where Information Is Stored
Locally on Device
A significant portion of the information is stored in the device's local storage, including SharedPreferences and other internal storage systems. This data is available offline and without sharing.
Secure Device Storage
Particularly sensitive information is stored in the device's secure storage (Flutter Secure Storage), which relies on Keychain on iPhone devices and Keystore or Secure Storage on Android devices.
This storage holds, among other things:
- Booking numbers and booking links for booking confirmations.
- Encryption keys for locally encrypted files.
User's Personal Backup
If the user has enabled device backup, some data may be stored on iCloud or Google Drive, depending on the operating system and backup settings. If the option to back up private data is disabled, some private data will not be included in the backup according to the app's logic.
Cloud Servers
When a trip is shared or synchronized, or when features requiring cloud processing are used, some data is stored on cloud servers:
- Firebase Firestore – shared trip details, profiles, public places (TripInspo), templates (TripTap), followers, sharing invitations, metadata, and shared data.
- Cloudflare R2 – files, images, and booking confirmations uploaded as part of sharing or synchronization.
- ImgBB – image hosting service, may be used as a fallback storage for public images.
3. Trip Sharing – Basic Share & Secure Share
Basic Share
The trip is uploaded to cloud servers, but some private information is omitted or not uploaded. In particular, important documents, booking confirmation files, booking confirmation numbers, and private booking links are not intended to be shared in Basic Share mode. However, regular trip information including logistics details, notes, and general data may still be shared.
Secure Share
Information required for sharing is uploaded to cloud servers, with certain sensitive information encrypted before upload. Not every field the user may consider sensitive is necessarily encrypted. Certain sensitive information, as defined by the system, is encrypted in Secure Share mode.
The Secure Share link includes an access key. Share it only with people you trust. The sharing link is valid for 10 minutes only from the moment of creation.
Participant Permissions
Participants invited to a trip may view, edit, add, or invite others, according to the permissions granted by the trip owner.
4. Use of AI
The app uses two main AI providers for different features:
Google / Firebase AI / Gemini
Used to extract logistics details from texts, images, and files, and to create a full trip itinerary. Information sent includes trip details, destinations, dates, places, filtered logistics details, filtered booking confirmations, preferences, and free-text notes.
Processing of information by Firebase AI or Google is subject to Google's privacy, security, and data retention policies and to the project settings.
OpenAI
Used to create a new trip via AI, and to create or edit a daily itinerary. Depending on our account or project settings with OpenAI, inputs and outputs sent to OpenAI may be shared with OpenAI for service improvement, quality evaluation, development, or model training purposes.
Information Not Sent to AI
- Booking confirmation numbers and confirmation codes.
- Booking confirmation files and images.
- Private files and images from the logistics page and documents page.
- Private booking links.
Important User Recommendation
The app strongly recommends not entering unnecessary sensitive personal information into AI features, including:
- Passport numbers, ID numbers, driver's license numbers, or personal documents.
- Payment details, credit card, bank account, or passwords.
- Medical information.
- Other people's personal information without their authorization.
- Confidential or sensitive business information.
Verify every AI output before saving or relying on it. AI outputs may be incorrect, incomplete, or misleading.
5. Public Content – TripInspo
When a user publishes a place to TripInspo, the place details become public and available to other users.
Public information may include:
- Place name, type, address, and coordinates.
- Descriptions, opening hours, website, whether reservation is required.
- Rating, dietary info, food type.
- Images and photographer credit.
- The publishing user's name and sharing date.
- The publisher's UID for content management, security, deletion, handling reports, and preventing misuse.
Public images may be stored on external storage services such as Cloudflare R2 and ImgBB. Other users may attach a public place to their own trip, at which point a copy of the information is also stored with them. If a user deletes a public place, copies already attached to other users' private trips may not be automatically deleted.
6. Location Data
The app uses coordinates of destinations, hotels, attractions, and places for displaying maps, calculating routes, proximity searches, and retrieving weather data. The coordinates are those of the destination or place and not necessarily the user's real-time location.
7. Third Parties
The app uses the following third-party services. Use of these services is also subject to their own privacy policies:
- Firebase Auth – user authentication and identification.
- Firebase Firestore – cloud data storage.
- Cloudflare R2 – file and image storage.
- ImgBB – public image storage (fallback).
- OpenAI – AI service for creating trips and editing daily itineraries.
- Gemini / Firebase AI / Google – AI service for extracting logistics details and creating full itineraries.
- Google Maps / Apple Maps – maps, routes, and address search services.
- Meteo-Open – weather data service.
- Pixabay / Unsplash – external image services.
- Google Drive / iCloud – device backup services depending on user settings.
- Booking, GetYourGuide, and other tourism providers – if links to them are displayed.
- External sharing services – when the user sends a link via SMS, WhatsApp, email, or another app.
- Google Mobile Ads / AdMob – displaying ads, personalized advertising, performance measurement, fraud prevention, and rewarding ad views, if these features are enabled.
- Firebase Cloud Messaging / Apple Push Notification Service / Google Push Services – sending push notifications, system updates, AI updates, and reminders.
8. Advertising & Ad Providers
The app may use external advertising providers to display ads, measure performance, prevent fraud, personalize ads, and improve the user experience.
Ad providers may collect or receive certain technical information, such as the device's advertising identifier, device type, operating system, approximate IP address, language, general region, ad viewing or interaction data, in accordance with their policies and user settings.
The app does not sell users' personal information to advertisers. However, external advertising providers may process information in accordance with their own privacy policies and applicable law.
9. Push Notifications
To send push notifications, the app may use external notification services such as Firebase Cloud Messaging or the operating system services of Google and Apple.
To send notifications, the app may store the device's notification identifier, such as an FCM Token or similar identifier, together with relevant user or trip details required to send the notification.
Notifications may include information related to the trip, sharing, itinerary, AI requests, updates, or system messages. It is recommended that the user enable device screen lock, as notifications may appear on the lock screen depending on device settings.
The user may cancel or restrict notifications through device settings or app settings, to the extent such an option exists.
10. Who Sees the Information
- The app does not sell the user's personal information.
- Internal access by app operators to data, if any, will only be for operation, security, support, troubleshooting, legal compliance, or protection against misuse.
- In a shared trip, authorized participants may see the information according to the permissions granted to them.
- On TripInspo, publicly published places are visible to app users.
- In the event of a breach or malfunction at third-party providers, such as Cloudflare, Apple, Firebase, Google, or backup services, the app's liability is limited in accordance with the terms of use and applicable law.
11. User Rights
The user may:
- Edit or delete their profile and the content they created.
- Set their account to private.
- Remove places they published to TripInspo, subject to copies held by other users.
- Delete trips, places, documents, booking confirmations, and itinerary items.
- Stop sharing a trip.
Deleting data from the app will not necessarily delete copies already shared, backed up, or copied by other users or third parties.
12. Retention of Private Data in the Cloud
Private data stored on Firestore or R2 as part of sharing or synchronization is intended to be stored in the cloud for a limited period in accordance with the app's deletion policy. Private cloud data may be automatically deleted after a certain period from the end of its use.
Part B: Security Policy
1. General Security Principles
- The app takes reasonable security measures to protect user information.
- No digital system is 100% secure.
- Access to private trips is limited to the trip owner only.
- Access to shared trips is limited to the owners and authorized participants only.
- AI usage is rate-limited to prevent abuse.
2. Secure Storage on Device
Particularly sensitive information is stored in the operating system's secure storage (Flutter Secure Storage):
- Keychain on iOS devices.
- Keystore or Secure Storage on Android devices.
This storage holds booking numbers, booking links, and encryption keys for local files.
Files attached to important documents are stored locally in encrypted form using an internal file encryption service (SecureAttachmentService) in a dedicated app folder. Encryption keys are stored in the device's secure storage.
3. Encryption in Secure Share
In Secure Share mode, certain sensitive information is encrypted before being stored on cloud servers:
- Encryption method: AES-256.
- A unique encryption key per trip (trip-per-key).
- Key size of 32 bytes encoded as Base64.
- A new random IV of 16 bytes is generated for each encryption operation.
- An encrypted field is stored as Base64 containing the IV together with the ciphertext.
- Files are encrypted on the same principle before being uploaded to file servers.
Sensitive Fields Encrypted in Secure Share Mode
In logistics details: notes, booking link, total price, payment status, amount paid, flight number, seat numbers, travel class, driver name, driver phone, hotel address, and hotel coordinates.
In booking confirmations: additional details, price, and booking number.
In lists and notes: title and content.
In important documents: name and description.
In files: attached files uploaded to cloud storage are encrypted before upload.
Important: not every field the user may consider sensitive is necessarily encrypted. Certain sensitive information, as defined by the system, is encrypted in Secure Share mode.
4. Secure Share Keys & Links
- The share key is stored in the URL fragment of the link (the part after the # sign), which is not sent to the server.
- Only the trip ID, nonce, and creation and expiry dates are stored on the server — not the key itself.
- A Secure Share link is valid for 10 minutes from the moment of creation.
- The user is responsible for keeping the sharing link safe and not forwarding it to unauthorized persons.
5. Access Control & Permissions
- Cloud server access rules (Firestore Rules) are configured so that a user can only access trips, places, documents, and items they have permission to access.
- Shared trips are managed according to view, edit, add, and invite permissions.
- Only the content owner or a system administrator may delete or update places published to TripInspo.
- Only the app administrator may create, edit, or delete TripTap templates.
- Changing account status to private also affects the display of public content.
6. Cloud File Security
- Sensitive files on cloud storage servers (Cloudflare R2) are not publicly accessible without appropriate authorization.
- In Secure Share mode, files uploaded to the cloud are encrypted before upload.
- Deleting a document or booking confirmation should also delete the encrypted files attached to it.
7. AI Usage Limits
AI feature usage is limited by usage quotas to maintain security, service stability, and fair resource use. Example quotas, subject to change:
- Up to 5 requests per hour.
- Up to 10 requests per day.
- Up to 30 requests per week.
The app operator may restrict, suspend, or block abnormal, automated, or terms-violating use of AI features.
The app takes measures to protect against Prompt Injection and AI misuse, and filters certain sensitive information before sending to AI providers.
8. Link Security
- The app filters external links displayed on public pages to accept only http or https addresses.
- Navigation links and external links are opened only via valid addresses.
9. Content Reporting
Users may report incorrect, offensive, rights-infringing, spam, non-existent places, inappropriate images, or any other issue with public content. Reports are reviewed by the app team and may result in removal, editing, hiding, or blocking of content or accounts.
10. Logs & Technical Information
The app retains minimal logs for security purposes, preventing misuse, troubleshooting, and legal protection. We aim not to store unnecessary sensitive information in logs, crash reports, or Analytics data.
In cases of suspected violation, misuse, offensive content, or illegal activity, the app may retain technical information, logs, user identifiers, content, and reports for review, security, legal protection, or sharing with authorities as required by law.
11. User Security Responsibility
The user is responsible for securing their device, account, passwords, backups, and sharing links. The app is not responsible for information exposure resulting from:
- Device theft or loss.
- Device hacking or leaving a device unlocked.
- Sharing passwords with others.
- Unauthorized access to a Google, Apple, or app account.
- Forwarding sharing links to unauthorized persons.
- Taking a screenshot and forwarding it to others.
- Using a public or unsecured device.
12. Policy Updates
The app operator may update the Privacy and Security Policy from time to time. Continued use of the app after a policy update will be considered acceptance of the updated policy, subject to applicable law.
Summary
The app stores information you enter for planning and managing your trips. Some information is stored locally on your device, some may be stored in your personal backup, and some may be stored on cloud servers when you share trips or use AI features. Particularly sensitive information is stored in the device's secure storage, and in Secure Share mode some information is encrypted using AES-256 before being stored in the cloud.
Responsibility for securing your device, account, and backup rests with you. The app takes reasonable security measures but cannot guarantee absolute security.
Contact Details
For questions, requests, reports, privacy, security, content, copyright, or any other matter related to the app, please contact the app operator at:
Name: Doron Nakache
Email: nakache.app@gmail.com
Phone: 0584593847
Contact details may be updated from time to time in the app's documents or relevant app screens.