Legal · Privacy

Privacy Policy

Last updated: November 2025

1. Introduction

This Privacy Policy explains how TripSpy (“we”, “our”, “us”) collects, uses, stores and protects your personal data. We comply with the General Data Protection Regulation (GDPR) and applicable laws.

By using TripSpy, you agree to the practices described in this Policy.

2. Data Controller

The data controller for TripSpy is the TripSpy team.

Email: support@tripspy.net
Service address: available upon written request.

3. Data We Collect

3.1 Information You Provide

  • Email address
  • Username (unique), nickname and profile bio
  • Country and city
  • Age confirmation (13+)
  • User-generated content: posts, routes, places, events, comments, likes, saves

3.2 Automatically Collected Data

  • IP address
  • Device identifiers
  • Operating system and app version
  • Push notification token (Firebase)
  • Diagnostics and crash logs

3.3 Location Information

We may request access to your device location to show nearby routes, places and events. Exact GPS coordinates are not stored. Only your city and country can be saved to your profile, and we do not collect background location data.

3.4 Data We Do Not Collect

We do not collect:

  • Contacts or address book data
  • Payment card numbers
  • Health data
  • Biometric data
  • Sensitive categories of data as defined in GDPR Article 9

4. How We Use Your Data

We use your information to:

  • Provide and operate the app
  • Authenticate your account
  • Personalize content and recommendations
  • Display posts relevant to your region
  • Improve safety and security
  • Prevent fraud and abuse
  • Provide customer support

5. Legal Bases (GDPR)

We rely on the following legal grounds:

  • Contract – providing your account and core features
  • Legitimate interest – analytics, security and service improvement
  • Consent – location sharing, notifications and optional personalization

You may withdraw your consent at any time.

6. Data Sharing

We only share data with trusted service providers that help us operate TripSpy:

  • Apple Maps / Google Maps – map display
  • Cloudflare R2 – media storage (images)
  • AWS SES or similar email services – for communication

Some providers may process data outside the EU. Where legally required, we use Standard Contractual Clauses (SCCs) or other appropriate safeguards.

We never sell your personal data.

7. Retention Periods

  • Account data: stored for as long as your account is active
  • Logs: 30 days
  • Backups: 7 days
  • Analytics data (when introduced): up to 180 days
  • Deleted content: may remain in backups for up to 7 days

8. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account (right to erasure)
  • Request a copy of your data (data portability)
  • Withdraw consent
  • Object to certain types of processing

To exercise these rights, contact us at support@tripspy.net.

You can also file a complaint with the Austrian Data Protection Authority (DSB) or your local supervisory authority.

9. Security Measures

We implement, among others, the following measures:

  • HTTPS encryption for all data transfers
  • Secure storage of media and tokens
  • Access controls for our internal systems
  • Routine backups with 7-day retention
  • Monitoring for abuse and suspicious activity

In case of a data breach, we will notify affected users and authorities within 72 hours when required by GDPR.

10. Children

TripSpy is not intended for users under 13 years old. Users in the EU/EEA/UK must comply with their local minimum age for digital consent (13–16), or have permission from a parent or legal guardian.

We do not knowingly collect data from children under this age. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. International Transfers

Some partners (for example Firebase or Cloudflare) operate data centres globally. When data is transferred outside the EU, we rely on Standard Contractual Clauses (SCCs) and other safeguards required by GDPR.

12. Updates to This Policy

We may update this Privacy Policy from time to time. When changes are significant, we will notify users within the app or by other appropriate means.

13. Contact Information

For any privacy questions or requests, please contact:
Email: support@tripspy.net
Service address: available upon written request.