Privacy Policy

OpenTrip is a collaborative travel research and planning tool. You use it to organize trips, compare options, save ideas, and work with others on shared plans.

This policy explains what information we handle, why, and how you can control it. We designed it to be read — not skipped. If anything is unclear, we encourage you to reach out.

We are not an ad-tech company. We do not sell your trip content or personal data, and we do not use third-party advertising trackers.

We collect only what is needed to provide the product. This falls into a few clear categories:

• Account and sign-in details
• Content you create in trips
• Activity from collaboration features
• Usage patterns and device information
• Cookies and browser storage data

When you create an account, we collect your email address. If you sign in with Google, we receive your name and email from your Google profile. Passwords are never stored on our servers — authentication is handled by a dedicated provider (Supabase) that manages credentials securely.

The itineraries, saved flights, hotel comparisons, links, notes, maps, and anything else you add to a trip is stored so the product works. This content belongs to you. It is visible only to you and any collaborators you choose to invite.

We do not use your trip content to train models, sell to third parties, or display advertising.

When you share a trip, collaborators can see the content inside it. Any comments, notes, or reactions you add within a shared trip are visible to other members. This activity is tied to your account name within that trip.

We collect basic technical data — browser type, device type, screen resolution, pages visited, and interaction patterns — to keep the product fast, stable, and useful. This helps us fix bugs, understand which features matter, and improve performance.

We use cookies and browser storage to keep you signed in, remember your preferences, and provide core functionality. These are essential cookies — not advertising trackers. You can manage or clear them through your browser settings at any time.

Some features rely on external services. In each case, we share only the minimum data needed for the feature to work:

• Authentication: Google OAuth and Supabase handle sign-in and account management.
• Travel data: External APIs provide flight, hotel, and place information when you search.
• AI services: Providers process requests when you use research generation or summarization features.
• Maps & media: Map tiles and embedded content may be loaded from external providers to display within your trip.

Each service operates under its own privacy policy. We encourage you to review them if you have concerns about how they handle data.

We use the information we collect to:

• Provide and operate the product
• Save and sync your trips across sessions and devices
• Enable real-time collaboration in shared trips
• Power AI-assisted research and suggestions
• Send account-related emails (verification, password reset)
• Maintain performance, prevent abuse, and fix issues

Your trips are private by default. Nothing is shared unless you choose to invite someone. When you add a collaborator, they can see and interact with the content in that trip based on the permissions you set.

We do not sell, rent, or trade your personal data or trip content. We share data with third parties only to provide the features you use — never for advertising.

We keep your account data and trip content for as long as your account is active. If you delete your account, we remove your personal data and trip content within a reasonable period, except where we are legally required to retain certain records.

You can view and update your account information at any time through your account settings. You can delete individual trips or specific content within them whenever you want. If you signed in with Google, you can revoke access through your Google account settings. To delete your entire account, contact us and we will process the request.

We take reasonable measures to protect your data: encrypted transport (TLS), secure authentication via Supabase, and access controls that limit who can see your trip content. We monitor for vulnerabilities and respond to reported issues.

No system is perfectly secure. We cannot guarantee absolute protection, but we are committed to handling your data responsibly and improving our practices over time.

OpenTrip is not designed for children under 13. We do not knowingly collect personal information from children. If we discover that a child under 13 has provided personal data, we will delete it promptly.

Questions about this policy or your data? Reach out through the contact information on the OpenTrip website. We are happy to help.