Privacy Policy

Last updated: 6 June 2026

This Privacy Policy explains how TripSums ("we", "us") collects, uses and protects your personal information when you use our Service. We take your privacy seriously and only collect what we need to run the Service.

1. What we collect

Data	Why we collect it	How long we keep it
Email address	Account creation, password reset, account communication	Until account deletion
Hashed password	Authentication (we never store your plain-text password)	Until account deletion
Session tokens	Keeping you logged in across sessions	30 days or until logout
Usage counters	Enforcing fair-use limits per plan	Rolled daily; 90-day log
IP address	Rate limiting anonymous requests; abuse prevention	24-hour rolling window
AI prompts	Sending to our AI backend to generate responses	Not stored after response
Subscription / order info	Activating Pro plan after payment via Lemon Squeezy	Until account deletion

We do not collect browsing history, location data, or any data from pages you visit outside the Service. The Chrome extension only activates on travel booking sites you explicitly open.

2. How we use your data

Providing and improving the Service
Authenticating your account and keeping you logged in
Enforcing usage limits and plan features
Processing subscription payments (handled by Lemon Squeezy — we never see card details)
Responding to support requests
Preventing abuse and fraud

We do not sell your personal data to third parties. We do not use your data for advertising.

3. Third-party services

OpenRouter / AI providers — your travel queries are sent to AI models to generate responses. Queries are not stored by us after the response is returned. See OpenRouter's privacy policy.
Duffel / Amadeus — used to retrieve live flight fares for the routes and dates you search. We send only the search parameters (origin, destination, dates, passenger numbers), not your personal identity.
Google Sign-In — if you choose "Continue with Google", Google shares your email and name with us to create your account. Subject to Google's privacy policy.
Lemon Squeezy — handles all payment processing. We receive only order confirmation and subscription status; we never see your card details. See Lemon Squeezy's privacy policy.
Travelpayouts ("Drive") — we use Travelpayouts to monetise travel links. Their script and affiliate links may set cookies and record clicks/bookings to attribute commission. Subject to Travelpayouts' privacy policy.
Third-party booking sites — when you click a booking link you are redirected to independent sites (e.g. Booking.com, Skyscanner, Aviasales, insurers, eSIM/transfer providers) under their own privacy policies.

4. Cookies, local storage & analytics

The app stores your session token, theme and preferences in localStorage in your browser to keep you logged in and remember your settings — these are not advertising cookies.

We use our own privacy-friendly analytics to count page views and basic actions (e.g. searches, sign-ups) and the channel you arrived from. This is aggregated and not used to build a personal profile, and we do not sell it.

The third-party Travelpayouts "Drive" script (see section 3) and affiliate links may set their own cookies to attribute bookings for commission. If you do not wish to be tracked by third parties, you can use your browser's cookie controls or tracking-protection settings.

5. Data security

Passwords are hashed with scrypt before storage — we cannot see your password. Session tokens are randomly generated 256-bit values. All traffic between your browser and our server uses HTTPS. Access to stored data is restricted to necessary server processes only.

6. Your rights

You have the right to:

Access the personal data we hold about you
Correct inaccurate data via your account settings
Delete your account and all associated data (Account → Danger Zone → Delete Account)
Withdraw consent for processing where processing is based on consent
Lodge a complaint with your national data protection authority

To exercise any right, email privacy@tripsums.com.

7. Children

The Service is for adults aged 18 and over and is not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us data, please contact us and we will delete it.

8. Changes to this policy

We may update this policy from time to time. We will indicate the "last updated" date at the top. Significant changes will be communicated via the app or email.

9. Contact

Privacy questions or requests: privacy@tripsums.com