This Privacy Policy explains how TripSquee LLC (“TripSquee,” “we”) collects, uses, discloses, and protects personal information when you use our websites, apps, and services worldwide. It is intended to meet requirements of major privacy laws, including the EU/UK GDPR, Switzerland FADP, California CCPA/CPRA, Virginia/Colorado/Connecticut/Utah state privacy laws, Brazil LGPD, and similar laws. Where local law provides stronger protections, those take precedence.
1) Data controller
TripSquee LLC, Marstons Mills, MA, USA. Contact Us. For EEA/UK users, we act as the “controller.” We may appoint an EU/UK representative as required and will provide details in-app or on our website.
2) Information we collect
- Account & profile data — name, email, phone (for OTP), password or SSO identifier, preferences, demographics you choose to share, and your travel profile (likes/dislikes, dietary needs, accessibility needs, smoking preferences, budget, travel styles, companions).
- Content — reviews, photos, favorites/saves, messages you send us.
- Device & usage — device IDs, app version, IP address, cookies, pages/screens viewed, referring pages, crash logs, engagement with suggestions.
- Location — city/region based on IP; with your permission, precise location (GPS/Bluetooth/Wi-Fi) to improve suggestions.
- Transaction data — subscription status, purchase history, and limited payment information from our payment processor (we do not store full card numbers).
- Third-party data — from partners you connect (e.g., calendars, loyalty programs) and publicly available sources, where lawful.
3) How we use information (purposes & legal bases)
- Provide and personalize the Service — create and manage your account; generate AI-based suggestions tailored to your profile; maintain safety and security. Legal bases: contract (GDPR Art. 6(1)(b)), legitimate interests (6(1)(f)).
- Recommendations & communications — send alerts, updates, trip ideas, and service messages (e.g., OTP codes). Bases: contract, legitimate interests; marketing relies on consent where required.
- Analytics & improvement — understand performance, train and evaluate models, and develop new features (using de-identified/aggregated data where possible). Bases: legitimate interests.
- Compliance — prevent fraud/abuse, comply with law, enforce terms. Bases: legal obligation; legitimate interests.
4) Automated processing & profiling
We use automated systems (including machine learning) to score preferences and generate recommendations. These do not produce legal or similarly significant effects, but you can object to profiling, request an explanation of the main factors, or ask for human review of important decisions that materially affect you. Contact Us.
5) Sharing of information
- Service providers — hosting, analytics, communications (e.g., SMS/email OTP), customer support, and payment processors bound by contract.
- Partners — if you choose to connect or book with a partner, we share the minimum necessary information to complete the request, subject to their policies.
- Legal & safety — to comply with law, protect rights, or respond to lawful requests.
- Business transfers — as part of a merger, financing, acquisition, or sale, subject to appropriate safeguards.
6) International transfers
We operate globally. When transferring personal data out of the EEA/UK/Switzerland we rely on lawful mechanisms such as the EU Standard Contractual Clauses (and UK Addendum) and implement security measures.
7) Your rights
- GDPR/UK users — rights to access, rectify, erase, restrict, portability, and object; withdraw consent at any time; lodge a complaint with your supervisory authority (e.g., your local DPA or the UK ICO).
- US state privacy laws — rights to access, delete, correct, obtain a portable copy, and opt out of certain data uses (e.g., “sale”/“share” of personal information, targeted advertising, or profiling for decisions producing legal/similar effects). We honor Global Privacy Control signals where required.
- Brazil (LGPD) — similar rights including confirmation, access, correction, anonymization, portability, deletion, and information about shared data and consent.
To exercise rights, contact us. We may need to verify your identity and will respond within the timelines required by law.
8) Your choices
- Marketing — opt out via unsubscribe links or in-app settings.
- Cookies — manage in our cookie banner and your browser settings. Essential cookies are required to operate the Service.
- Location — control in your device OS settings.
9) Retention
We keep personal data only as long as needed for the purposes described and as required by law. Typical retention: account data for the life of your account; logs/analytics for up to 24 months; backups for limited periods; and longer where necessary to resolve disputes or enforce agreements.
10) Children
The Service is not directed to children under 13. In the EEA/UK, we do not knowingly process data of users under the age of digital consent (generally 16) without appropriate authorization. If you believe a child provided personal data, contact us and we will take appropriate steps.
11) Security
We use reasonable technical and organizational measures to protect personal information (encryption in transit, access controls, audits). No system can be 100% secure.
12) Do Not Track
Some browsers send “Do Not Track” signals. We do not respond to DNT, but we honor legally required opt-out mechanisms such as Global Privacy Control where applicable.
13) Changes
We may update this Policy. We will notify you of material changes (e.g., by email or in-app). Your continued use after the effective date means you accept the updated Policy.
14) Contact us
Our contact form is here. Postal Address: TripSquee LLC, 3821 Falmouth Rd, Suite 2A, PMB145, Marstons Mills, MA, 02648 USA.
Updated 2025-Oct-4