Last updated:2026-06-07
TripCraft Privacy Policy
TripCraft (“we”, “us”) is an offline-first AI travel-planning app. We collect only the minimum data necessary to generate and store your itineraries. No ads, no cross-app tracking.
1. Data we collect
- Account info (email): obtained when you sign in with Apple or Google, used to create and identify your account. Auth tokens are issued directly by Apple / Google and never pass through our servers.
- User ID: your Supabase auth user ID, used to isolate your trips and preferences per user via row-level security (RLS).
- Trip content: the destination, dates, interests, budget, and companions you enter, plus AI-generated itineraries, favorites, and POI notes. Stored in a Supabase instance under your account, isolated by
owner_id(RLS). - Coarse location (optional): used only when you tap a route or “nearby POIs”. Precise coordinates stay on your device; only a city-level destination string (e.g. “Tokyo”) is sent to the AI gateway as part of the itinerary prompt. You can disable location permission anytime in system settings.
- Anonymous usage analytics: de-identified event counts (e.g.
trip_generated,offline_pack_downloaded,paywall_view) for product analytics, with no personally identifying payload. - Anonymous crash diagnostics: crash reports via Sentry, with personal data (PII) scrubbed before upload.
We do not collect microphone, camera, photos, contacts, or health data; we do not use IDFA, ad networks, or cross-app correlation tracking.
2. How we use data
Collected data is used only to: generate and store your itineraries, isolate your data per user, process subscriptions, and improve product stability and experience. We do not sell your personal data to anyone.
3. AI content & data processing
Itineraries are generated by a model on our self-hosted LLM gateway (newapi.zweiteng.tk). The destination, dates, interests, budget, and offline Q&A you enter are sent there for processing; third-party model providers (e.g. OpenAI / Anthropic directly) do not receive your raw prompts.
AI-generated itineraries are suggestions and may be inaccurate (POI opening hours, prices, closures, etc.). Please double-check key bookings (flights / hotels / restaurants) before each visit.
4. Third-party services
| Service | Purpose |
|---|---|
| Supabase | Auth + data storage (RLS-isolated per user) + Edge Function for delete-account cascade |
| RevenueCat | Subscription management (StoreKit2 / Play Billing wrapper) |
| Mapbox | Map tiles (offline pack download + online fallback); we set MGLMapboxMetricsEnabled=false to disable its telemetry |
| newapi.zweiteng.tk | Self-hosted LLM gateway; all AI prompts are processed here and not forwarded to third-party model providers |
| Sentry | Anonymous crash diagnostics (PII scrubbed) |
5. Data storage & security
Data is stored on secure cloud services with industry-standard encryption in transit (TLS). Trips and preferences are isolated by owner_id via Supabase row-level security (RLS), so you can only access your own data.
6. Data retention & deletion
- Trips & preferences: kept until you delete them; after account deletion there is a 7-day soft-delete recovery window, then cascade-deleted permanently.
- Anonymous analytics events: aggregated only; raw events purged after 90 days.
- Crash data: Sentry’s default retention (~90 days).
You can trigger a cascade deletion anytime via Settings → Delete account (GDPR and Apple 5.1.1(v) compliant).
7. Your controls
- Sign out (settings)
- Delete account (settings → delete account; cascade delete + 7-day recovery window)
- Cancel subscription (App Store / Google Play account settings)
- Toggle location permission (system settings → TripCraft)
8. Children’s privacy
TripCraft is not directed to children under 13, and we do not knowingly collect their personal information.
9. Changes to this policy
We may update this policy from time to time. Material changes will be announced in the app. Continued use means you accept the updated policy.
10. Contact us
For privacy questions, contact: support@sanva.tk