Skip to content

Privacy Policy

Last updated: November 20, 2025

At TripProspect, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Information We Collect

Information You Provide

  • Account Information: Name, email address, password, agency name, phone number
  • Profile Information: Agency logo, brand colors, contact details, professional bio
  • Client Data: Information about your clients that you choose to store (names, contact details, trip preferences)
  • Trip Content: Itineraries, bookings, confirmations, and documents you create or import
  • Payment Information: Billing details processed through PCI-DSS compliant payment processors (we don't store credit card numbers)
  • Communications: Messages you send through our support channels

Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent, click patterns
  • Device Information: Browser type, operating system, device identifiers
  • Log Data: IP address, access times, referring URLs
  • Cookies: We use essential cookies for authentication and preferences

Information from Third Parties

  • Email Imports: Booking confirmations you forward to our system
  • Integrations: Data from services you connect (with your permission)

How We Use Your Information

We use the information we collect to:

  • Provide Our Service: Create and manage your itineraries, process bookings, enable sharing
  • Improve Our Product: Analyze usage patterns, fix bugs, develop new features
  • Communicate: Send important updates, respond to support requests, share product news (you can opt out)
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Meet our legal obligations and enforce our terms
  • AI Processing: Parse email imports using AI to extract booking details (processed securely and not used for training)

How We Share Your Information

We do not sell your personal information. We only share your data in these limited circumstances:

  • With Your Clients: When you share itineraries, your clients can access the information you've included
  • Service Providers: Trusted partners who help us operate (hosting, email delivery, payment processing, analytics) - all under strict confidentiality agreements
  • Legal Requirements: When required by law, court order, or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to you)
  • With Your Consent: Any other sharing you explicitly approve

Data Security

We implement industry-standard security measures to protect your data:

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Strict internal access policies and regular audits
  • Compliant Infrastructure: Hosted on SOC 2 Type II certified infrastructure
  • Monitoring: 24/7 security monitoring and incident response
  • Regular Updates: Ongoing security patches and vulnerability assessments
  • Data Isolation: Your data is logically isolated from other customers
  • Secure Payments: PCI-DSS compliant payment processing (we don't store card details)

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

Your Privacy Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data (some data may be retained for legal compliance)
  • Export: Download your data in a portable format
  • Opt-Out: Unsubscribe from marketing emails (account emails still required)
  • Object: Object to certain data processing activities

To exercise these rights, contact us at privacy@tripprospect.com

Data Retention

We retain your information for as long as your account is active or as needed to provide services. Specifically:

  • Account Data: Until you delete your account, plus 90 days for recovery
  • Usage Logs: 12 months for service improvement
  • Financial Records: 7 years for tax and legal compliance
  • Support Tickets: 3 years for quality assurance

International Data Transfers

TripProspect is based in the United States. If you access our service from outside the US, your information may be transferred to, stored, and processed in the US or other countries where our service providers operate. We ensure appropriate safeguards are in place for these transfers.

Children's Privacy

TripProspect is not intended for use by children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Cookies & Tracking

We use cookies and similar technologies:

  • Essential Cookies: Required for authentication and core functionality
  • Analytics: To understand how you use our service (anonymized)
  • Preferences: To remember your settings (theme, language)

You can control cookies through your browser settings, but some features may not work properly if disabled.

Third-Party Services

We use carefully vetted third-party service providers to deliver our service. These providers:

  • Are bound by strict confidentiality and data protection agreements
  • Maintain SOC 2 Type II or equivalent security certifications
  • Process data only as instructed and for specified purposes
  • Cannot use your data for their own purposes or training
  • Must comply with applicable data protection regulations (GDPR, CCPA)

Service categories include: payment processing, cloud infrastructure, email delivery, and AI-powered data extraction.

GDPR Compliance (EU Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to data portability
  • Right to restriction of processing
  • Right to object to automated decision-making
  • Right to lodge a complaint with your supervisory authority

Our lawful basis for processing your data: Contract performance, legitimate interests, and consent (where required).

CCPA Compliance (California Users)

California residents have additional rights:

  • Right to know what personal information is collected
  • Right to know if personal information is sold (we don't sell data)
  • Right to deletion of personal information
  • Right to non-discrimination for exercising privacy rights

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our service. Continued use of TripProspect after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our privacy practices:

Email: privacy@tripprospect.com

Support: Contact Form

We typically respond within 48 hours