TripSync Logo
TripSync

Privacy Policy

Last updated: 8 May 2026

This Privacy Policy explains how TripSync ("we", "our", "us") collects, uses, stores, and shares personal data when you use the TripSync mobile application and the website at tripsync.net (together, the "Service"). The Service is operated from Germany and complies with the EU General Data Protection Regulation (GDPR).

1. Data Controller

The data controller responsible for processing your personal data is:

Michael Schöffel
Germany
Email: [email protected]

For full contact and legal information, please refer to our imprint.

2. Data We Collect

We process the following categories of personal data:

2.1 Account Data

  • Email address
  • Display name and optional profile information
  • Hashed password and authentication tokens
  • Account roles and permissions
  • Account creation date, last login, and activity metadata

2.2 Travel Content You Create

  • Trips, days, routes, waypoints, and directions
  • Places, collections, and shared folders
  • Checklists and checklist items
  • Expenses, settlements, and mid-payments
  • Documents and files you upload
  • Photos and images you upload
  • Notes, descriptions, and free-text entries

2.3 Location Data

When you use the navigation feature in the mobile app, we process your precise device location (foreground and background) in order to provide turn-by-turn navigation, route progress, and re-routing. Background location is used only while an active navigation session is running, including when the screen is locked. Location data is processed on-device and via Google Maps Platform; we do not store continuous location traces on our servers.

2.4 Technical and Usage Data

  • Device information (model, operating system, app version)
  • Crash reports and diagnostic logs
  • IP address (transient, used for connection and security)
  • Feature usage counters required for quota and billing

2.5 Newsletter Data

If you subscribe to our newsletter, we store your email address and subscription status until you unsubscribe.

3. Permissions Used by the Mobile App

The TripSync mobile app may request the following device permissions:

  • Camera: optional, used only when you choose to take a new photo to attach to a place, trip, expense or document. We do not record video or access the camera in the background.
  • Photo library: optional, used only when you select an existing image from your device.
  • Precise location (foreground): required to display your position on maps and to start navigation.
  • Precise location (background): required to keep turn-by-turn navigation working when the screen is locked or another app is in the foreground.
  • Foreground service / wake lock: required to keep the navigation session running reliably.
  • Notifications: optional, used for trip reminders and navigation status messages.
  • Storage / file access: required to attach documents and read selected files.
  • Android Auto / CarPlay: required to display the navigation interface on a connected car head unit.

You can revoke any of these permissions at any time in your device settings. Some features will become unavailable without the corresponding permission.

4. Purposes and Legal Bases

We process your personal data for the following purposes:

  • Provision of the Service (Art. 6(1)(b) GDPR — performance of a contract): account management, trip planning, navigation, sharing, and all core features.
  • Security and abuse prevention (Art. 6(1)(f) GDPR — legitimate interests): authentication, rate limiting, fraud detection.
  • Quota and billing (Art. 6(1)(b) GDPR): feature usage tracking and plan enforcement.
  • Communication (Art. 6(1)(b) and (a) GDPR): transactional emails (password reset, activation) and, with your consent, the newsletter.
  • Legal obligations (Art. 6(1)(c) GDPR): retention required by tax or commercial law.

5. Third-Party Services

We use the following third-party processors. Personal data may be transferred to these providers strictly to deliver the Service:

  • Google Maps Platform (Google Ireland Ltd. / Google LLC): Maps SDK, Places API, Routes API, and Navigation SDK. Used for map rendering, place search, route calculation, and turn-by-turn navigation. See Google's Privacy Policy.
  • Google Generative AI: used to generate descriptive content for places. Only the place reference (e.g. name, address) is sent; no user-identifying data is included in the prompt.
  • Email delivery provider: used to send transactional emails (account activation, password reset, notifications) and the newsletter.
  • Cloud infrastructure provider: hosts the TripSync backend services and databases within the European Union.

Where transfers to countries outside the EU/EEA are necessary (e.g. to Google in the United States), they are based on the EU Standard Contractual Clauses or another valid transfer mechanism under Art. 44 et seq. GDPR.

6. Data Sharing With Other Users

When you share a trip, collection, or folder with another TripSync user, the content you share — together with your display name — becomes visible to those users. You can revoke sharing at any time in the app. We do not sell personal data to third parties.

7. Data Retention

  • Account and content data are stored as long as your account exists.
  • Diagnostic and security logs are kept for up to 30 days.
  • Newsletter subscription records are kept until you unsubscribe.
  • Data subject to statutory retention obligations (e.g. invoices) is retained for up to 10 years as required by German law.

When retention periods expire, data is deleted or anonymized.

8. Your Rights

Under the GDPR, you have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent at any time (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise any of these rights, contact us at [email protected].

9. Account Deletion

You can delete your TripSync account at any time:

  1. Open the TripSync app or website and sign in.
  2. Go to Profile.
  3. Choose Delete account and confirm. Your account and all associated personal data will be permanently deleted, except for data we are legally required to retain.

Alternatively, you can request deletion by emailing [email protected] from the address registered with your account.

10. Security

We use TLS encryption for all network traffic, store passwords using modern hashing algorithms, and apply role-based access controls within our backend services. No method of transmission or storage is 100% secure, but we continuously work to protect your data.

11. Children

TripSync is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The current version is always available at this URL. Material changes will be communicated via email or in-app notice before they take effect.

13. Contact

If you have any questions about this Privacy Policy or our data practices, contact us at [email protected].