Privacy Policy

At "On Your Trip", we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the On Your Trip mobile application and website onytrip.com.

By using On Your Trip, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

1. Information We Collect

1.1 Personal Information

When you create an account, we collect:

• Account Information: Your email address serves as your unique identifier and primary communication channel. Your password is securely encrypted and never stored in plain text. We also collect your name to personalize your experience throughout the app.
• Phone Number: Optionally provided for enhanced account security through two-factor authentication and to facilitate account recovery if you forget your password. This helps ensure only you can access your account.
• Profile Information: Your display name appears on reviews and can be customized separately from your legal name. Profile pictures help personalize your account. Travel preferences include your favorite types of destinations, activities you enjoy, and general travel style, which help us provide better recommendations.

1.2 Trip Planning Data

To provide personalized trip planning services, we collect:

• Trip Details: Your chosen destination cities and countries, travel dates including arrival and departure times, trip duration, and budget range per day. This information helps us curate recommendations that match your financial comfort level and time constraints.
• Traveler Information: The number of people traveling with you and the composition of your group (solo traveler, couple, family with children, group of friends, or organized group). This helps us suggest appropriate accommodations, activities suitable for your group size, and experiences that match your travel dynamic.
• Travel Preferences: Your preferred trip style such as relaxation (beach resorts, spas), adventure (hiking, extreme sports), romantic getaways, nature exploration, or cultural immersion. We also note your specific interests like food and wine, historical sites, art and museums, nightlife, shopping, or outdoor activities. Dietary requirements and accessibility needs are also captured to ensure suitable recommendations.
• Itinerary Data: The attractions and activities you select or mark as interested in, your daily schedules, personal notes about places you want to visit, custom modifications you make to suggested itineraries, and any bookings or reservations you track within the app.
• Travel Documents: Images such as booking confirmations, reservation receipts, travel tickets, and inspiration photos (up to 5MB per file). PDFs like e-tickets, vouchers, hotel confirmations, and travel insurance documents. These help you organize all trip-related materials in one place for easy access during your travels.

1.3 Location Information

With your explicit permission, we collect:

• Real-Time Location: When you enable location services, we access your device's GPS coordinates to show you nearby attractions, restaurants, and activities. This helps you discover interesting places around you while traveling and provides distance estimates to help plan your daily routes. Location tracking only occurs when you're actively using the app and have granted permission.
• Travel History: Cities and destinations you've visited, places you've marked as favorites, and locations where you've checked in or written reviews. This builds your personal travel map and helps us understand your travel patterns to suggest similar destinations you might enjoy.
• Location-Based Services: We use your location to provide weather forecasts for your destinations, show local events and festivals happening during your trip, suggest optimal times to visit popular attractions, and alert you to nearby points of interest that match your preferences.

1.4 Review and Rating Data

When you share your experiences through reviews, we collect:

• Written Reviews and Ratings: Your text descriptions of attractions, restaurants, and activities, along with numerical ratings across multiple criteria including overall experience, value for money, food quality (for restaurants), service level, ambiance and atmosphere, and cleanliness. These detailed ratings help other travelers make informed decisions and help businesses understand specific areas for improvement.
• Review Photos: Images you upload to illustrate your experience, showcase the venue, highlight specific dishes or features, and provide visual context for other travelers. Photos are displayed publicly alongside your review and help the community get a realistic view of destinations.
• Visit Context: The date of your visit to ensure reviews reflect current conditions, the type of visit (business, leisure, special occasion), the size of your party, and any special circumstances that might have influenced your experience. This context helps readers understand the perspective of your review.
• Security Information: Your IP address and device information are collected when you submit reviews to detect and prevent spam, identify suspicious patterns of fake reviews, ensure review authenticity, and protect the integrity of our review system. This information is used solely for security purposes and is not displayed publicly.

1.5 Device and Usage Information

To improve our services and ensure compatibility, we automatically collect:

• Device Details: Your device type (iPhone, Android phone, tablet, desktop), operating system and version (iOS 15, Android 12, etc.), app version you're using, screen size and resolution, language and region settings, and device model. This helps us optimize the app's performance for your specific device, troubleshoot technical issues, and ensure features work correctly across different platforms.
• Usage Patterns: Which features you use most frequently, screens and pages you visit, how long you spend on different sections, what times you're most active, and how you navigate through the app. This helps us understand which features are valuable, identify areas that need improvement, prioritize new feature development, and create a more intuitive user experience.
• Interaction Analytics: Searches you perform for cities and destinations, the trip creation process including where users drop off, which attractions get the most interest, filter preferences you apply, and how you customize itineraries. We anonymize this data whenever possible and use it in aggregate to improve search relevance, enhance recommendations, and make the planning process smoother.
• Notification Preferences: If you enable push notifications, we store a secure notification token that allows us to send you trip reminders, travel alerts, itinerary updates, and personalized recommendations. You can manage notification settings at any time through your device settings or app preferences.

1.6 Guest Mode Data

If you use On Your Trip without creating an account (Guest Mode), we temporarily store your trip planning data locally on your device for up to 7 days. This includes destinations you're exploring, attractions you've saved, and any itinerary drafts you've created. This data remains on your device only and is not transmitted to our servers. After 7 days, this data is automatically deleted unless you create an account and choose to sync your trips. Creating an account allows you to save your plans permanently, access them across multiple devices, and receive personalized recommendations based on your preferences.

2. Google Sign-In

On Your Trip offers Google Sign-In as a convenient and secure authentication method. When you choose to sign in with your Google account, we implement industry-standard OAuth 2.0 protocol to ensure your privacy and security.

2.1 What We Collect from Google

When you sign in with Google, we collect only the minimal information necessary to create and manage your account:

2.2 What We Do NOT Access

We explicitly do not request access to, collect, or store any of the following from your Google account:

• ✗Your Google password
• ✗Your Gmail messages or email content
• ✗Your Google contacts
• ✗Your Google Drive files or documents
• ✗Your Google Calendar events
• ✗Your Google Photos
• ✗Your YouTube history or subscriptions
• ✗Your Google Maps location history
• ✗Your Google search history
• ✗Any other Google services data

2.3 How Google Sign-In Works

Google Sign-In uses OAuth 2.0, a secure industry-standard authentication protocol that:

• Never shares your Google password with On Your Trip
• Uses encrypted connections (HTTPS/TLS 1.3) for all communications
• Allows you to revoke On Your Trip's access at any time through your Google Account settings
• Provides two-factor authentication support if enabled on your Google account
• Monitors for suspicious activity and unauthorized access attempts

2.4 Managing Your Google Connection

You have complete control over your Google Sign-In connection:

2.5 Data Security with Google Sign-In

When you use Google Sign-In, your data benefits from multiple layers of security:

• Firebase Authentication: We use Google's Firebase Authentication service, which provides enterprise-grade security infrastructure, automatic token refresh, and secure session management.
• Email Verification: Google Sign-In automatically provides verified email addresses, eliminating the need for separate email verification steps and reducing the risk of fake accounts.
• Secure Token Management: Authentication tokens are managed entirely by Firebase and Google. We never handle or store your Google credentials directly.
• Encrypted Storage: All data associated with your Google Sign-In authentication is encrypted both in transit and at rest using industry-standard encryption protocols (TLS 1.3 and AES-256).

2.6 Your Rights Regarding Google Sign-In Data

You have the following rights regarding data collected through Google Sign-In:

• Right to Access: You can view all information we've collected from your Google account through your On Your Trip profile settings.
• Right to Correct: You can update your display name and profile picture directly in your account settings. Email changes require verification.
• Right to Delete: You can request complete deletion of your account and all associated data by contacting privacy@onytrip.com. Data will be deleted within 30 days.
• Right to Disconnect: You can disconnect your Google account at any time without deleting your On Your Trip account by revoking access through Google Account settings.

Privacy Commitment: We are committed to collecting only the minimum information necessary to provide our services. Google Sign-In allows us to offer you a convenient authentication method while respecting your privacy. We never sell your personal information or use your Google data for purposes beyond operating On Your Trip.

2. How We Use Your Information

We use your information for the following purposes:

3.1 Service Provision

• Account Management: We use your email and authentication information to create your secure account, verify your identity when you sign in, manage your profile settings, and ensure only you can access your personal trip data. Your account serves as the central hub for all your travel planning activities.
• Personalized Itinerary Creation: We analyze your travel preferences, budget constraints, trip duration, traveler type, and interests to generate customized day-by-day itineraries. Our system considers factors like optimal routing between attractions, typical visit durations, opening hours, and your preferred pace of travel to create practical, achievable plans that match your unique travel style.
• Destination Intelligence: We use your search history and saved destinations to provide relevant information about cities, attractions, restaurants, and activities. This includes detailed descriptions, visitor tips, best times to visit, admission fees, accessibility information, and user reviews to help you make informed decisions about where to go and what to do.
• Trip Organization Tools: Your trip data enables features like saving multiple trips, organizing attractions by day, adding personal notes and reminders, attaching important documents, setting budget tracking, and creating checklists. We also enable you to share trip plans with travel companions and collaborate on itinerary planning in real-time.
• Review System: We process and display your reviews and ratings to help the travel community make better decisions. Your contributions are shown with your display name and profile picture (if provided), aggregated into overall ratings, featured in relevant search results, and used to calculate venue popularity scores that improve recommendations for all users.
• Cross-Device Synchronization: When you sign in on multiple devices (phone, tablet, computer), we automatically sync your trips, preferences, saved places, and account settings so you can seamlessly continue planning from any device. Changes made on one device instantly appear on all your other devices.

3.2 Communication

• Service Notifications: We send you important trip-related alerts such as reminders before your departure date, notifications when your travel companions make changes to shared itineraries, updates about attractions on your list (like special closures or events), weather alerts for your destinations, and confirmations when you save or modify trips. These notifications help ensure you stay informed and prepared for your travels.
• Customer Support: We use your contact information to respond to questions, troubleshoot issues, provide technical assistance, and gather feedback about your experience. Our support team may access your account information (with your permission) to better understand and resolve your concerns. We maintain records of support interactions to improve our service quality and provide continuity if you contact us multiple times.
• Marketing Communications: With your explicit consent, we send emails about new features, travel inspiration for destinations you've shown interest in, seasonal travel deals, tips for destinations on your wishlist, and updates about improvements to On Your Trip. You can opt out of marketing emails at any time through the unsubscribe link in any email or through your account settings, and we'll still send essential service-related communications.
• Platform Updates: We notify you about important changes to our Terms of Service or Privacy Policy, new features that enhance your travel planning experience, security updates that protect your account, scheduled maintenance that might affect service availability, and improvements based on user feedback. These communications help you get the most value from On Your Trip and stay informed about the platform.

3.3 Improvement and Analytics

• Service Enhancement: We analyze how users interact with On Your Trip to identify which features are most valuable, discover where users encounter difficulties, understand common travel planning workflows, and optimize the user interface for better usability. For example, if we notice many users struggle with a particular step in trip creation, we redesign that experience to make it more intuitive. This continuous improvement ensures the app evolves to better serve your needs.
• Feature Development: We use aggregated usage data and user feedback to prioritize which new features to build next. By understanding what travelers need most—whether it's better budget tracking, more detailed restaurant filters, or enhanced collaboration tools—we focus our development efforts on features that will have the greatest impact. We also conduct beta testing with select users to gather feedback before releasing new capabilities widely.
• Travel Trend Analysis: We study anonymized travel patterns to identify emerging destinations, seasonal trends in different regions, popular attraction combinations, and shifting traveler preferences. This analysis helps us surface timely recommendations, update destination information, highlight trending locations, and ensure our attraction database stays current. For instance, if a previously quiet city suddenly gains popularity, we can expand our coverage of that destination.
• Quality Assurance: We continuously test our recommendation algorithms, validate itinerary suggestions, monitor search result relevance, and ensure data accuracy across different regions. We run A/B tests to compare different approaches and choose the one that provides the best user experience. This research-driven approach ensures On Your Trip delivers reliable, high-quality travel planning assistance.

3.4 Security and Fraud Prevention

• Fraud Detection: We monitor for suspicious patterns that might indicate fraudulent activity, such as multiple fake reviews from the same source, automated bot behavior attempting to scrape our data, coordinated attacks to manipulate ratings, or suspicious account creation patterns. By analyzing IP addresses, device information, and user behavior, we can identify and prevent fraudulent activities that would harm our community and compromise the integrity of our reviews and recommendations.
• Content Integrity: We protect the quality and authenticity of user-generated content by detecting and removing spam reviews, identifying promotional or paid content disguised as genuine reviews, filtering out inappropriate or offensive material, and preventing competitors from posting misleading negative reviews. This ensures that travelers can trust the reviews and ratings they see on On Your Trip.
• Account Security: We verify your identity during sign-up and login to prevent unauthorized access to your account. We monitor for unusual login patterns (like attempts from unfamiliar locations), alert you to suspicious activity, require additional verification for sensitive actions, and automatically lock accounts that show signs of compromise. These measures protect your personal trip data and ensure your account remains secure.
• Legal Compliance: We maintain necessary records and information to comply with applicable laws and regulations, respond to valid legal requests from authorities, enforce our Terms of Service, protect our rights and property, and assist in investigations of illegal activities. We only disclose user information when legally required or when necessary to protect our users and services, and we notify users of such requests when permitted by law.

4. Data Storage and Security

4.1 Where We Store Your Data

Your data is stored securely on enterprise-grade cloud infrastructure distributed across multiple geographic regions worldwide. This multi-region approach ensures:

• Account Information Storage: Your profile data, including email address, name, display preferences, and authentication credentials are stored with military-grade encryption. Passwords are never stored in readable form—we use industry-standard cryptographic hashing that makes it impossible to reverse-engineer your password even if someone gains access to our systems. Your phone number (if provided) is encrypted separately and used only for authentication and account recovery purposes.
• Trip Data Storage: All your trip plans, itineraries, saved attractions, notes, budget information, and travel preferences are stored in secure, redundant servers. Data redundancy means your trips are backed up across multiple data centers, protecting against data loss from hardware failures or natural disasters. When you modify a trip, we maintain version history so you can recover previous versions if needed.
• User-Generated Content: Your reviews, ratings, photos, and uploaded documents are stored in secure object storage with automatic backups. Images are optimized for different screen sizes while preserving quality, and all files are scanned for malware before storage. Your content remains yours—we simply store it securely and make it accessible to you across all your devices.
• Local Device Storage: For faster performance and offline access, we cache recently viewed destination information, your current trip details, and app preferences on your device. Guest mode data (trips created without signing in) is stored only on your device and automatically deleted after 7 days. You can clear this local storage at any time through your device settings.
• Geographic Distribution: Your data may be processed and stored in data centers located in the United States, Europe, and Asia-Pacific regions. This geographic distribution ensures fast loading times regardless of where you're traveling, provides redundancy for disaster recovery, and complies with regional data protection regulations. All data transfers between regions use encrypted connections.

4.2 Security Measures

We implement multiple layers of security to protect your information from unauthorized access, disclosure, or theft:

• End-to-End Encryption: All data transmitted between your device and our servers is protected using TLS 1.3 encryption—the same technology banks use to secure online transactions. This means even if someone intercepts your data while it's traveling over the internet, they cannot read it. Additionally, sensitive data like passwords and payment information (if provided) is encrypted at rest using AES-256 encryption, making it unreadable without the proper decryption keys.
• Advanced Authentication: We use secure password hashing algorithms that transform your password into an irreversible cryptographic hash. Even our own engineers cannot see your actual password. We support optional two-factor authentication (2FA) via SMS or authenticator apps, adding an extra layer of security by requiring both your password and a temporary code from your phone. We also monitor login attempts and will lock your account after multiple failed attempts to prevent brute-force attacks.
• Strict Access Controls: Our systems use role-based access control, ensuring that you can only view and modify your own trip data. Other users cannot access your private trips, personal notes, or saved preferences unless you explicitly share them. Our internal team has limited access to user data and only when necessary for support, debugging, or security purposes. All access is logged and audited.
• Continuous Security Monitoring: We employ automated security monitoring systems that detect suspicious activity 24/7, such as unusual login patterns, potential data breaches, or attempted unauthorized access. Our security team receives immediate alerts for any anomalies and can respond quickly to potential threats. We conduct regular security audits and penetration testing to identify and fix vulnerabilities before they can be exploited.
• Regular Security Updates: We continuously update our infrastructure, software dependencies, and security protocols to protect against newly discovered vulnerabilities. Our development team follows secure coding practices and conducts code reviews to prevent security flaws. We maintain an incident response plan and would notify affected users promptly in the unlikely event of a data breach, as required by law.

4.3 Data Security Limitations

While we implement robust security measures, it's important to understand the inherent limitations and your role in protecting your data:

• Device Security Responsibility: Data stored locally on your device (cached information, guest mode trips, downloaded content) relies on your device's built-in security features. We cannot protect against threats that compromise your device itself, such as malware, physical theft, or unauthorized access by someone who knows your device password. We recommend using device-level security features like PIN codes, biometric authentication, and encryption, keeping your device software updated, and being cautious about installing apps from unknown sources.
• Internet Security Limitations: While we encrypt all data during transmission, no method of electronic communication over the internet is 100% foolproof against sophisticated attacks. We cannot guarantee absolute security against determined nation-state actors or zero-day exploits. However, the encryption standards we use (TLS 1.3, AES-256) are considered highly secure and would require enormous computational resources to break. We continuously monitor for emerging threats and update our security measures accordingly.
• Your Password Security: The security of your account heavily depends on your choice of password and how you protect it. We cannot protect your account if you choose a weak password, reuse passwords across multiple sites, share your password with others, or fall victim to phishing attacks. Best practices include: using unique, complex passwords for each service; enabling two-factor authentication; never sharing your password; being wary of emails or messages asking for your login credentials; and changing your password immediately if you suspect it may have been compromised.
• Public Network Risks: When using On Your Trip on public Wi-Fi networks (airports, hotels, cafes), there's increased risk of man-in-the-middle attacks, even with encryption. We recommend using a trusted VPN service when connecting to public networks, avoiding logging into sensitive accounts on public computers, and being cautious about accessing your account in public spaces where others might see your screen or observe you typing your password.
• Shared Device Considerations: If you share your device with others or use a public/shared computer, remember to sign out of your account when finished. We provide a "Remember Me" option for convenience, but this should only be used on your personal, secure devices. On shared devices, always choose "Don't Remember" and manually sign out to prevent others from accessing your trip data and personal information.

5. Third-Party Services

We work with carefully selected third-party service providers to deliver and enhance On Your Trip. These partnerships enable us to provide features and services that would be impractical to build entirely in-house:

• Intelligent Travel Planning: We partner with advanced recommendation services to analyze your preferences and generate personalized itineraries. When you create a trip, we share non-identifying information like your destination, travel dates, budget range, and activity preferences with these services. They process this data to suggest optimal routes, attractions, and activities tailored to your interests. We never share your name, email, or other personally identifiable information with these recommendation partners.
• Destination Information: We work with tourism data providers and content aggregators to offer comprehensive, up-to-date information about attractions, restaurants, hotels, and activities worldwide. These partners provide details like opening hours, admission fees, descriptions, and availability. When you search for or view destinations, only your search queries and selected interests are shared—never your personal identity or contact information.
• Cloud Infrastructure: Our services rely on enterprise cloud hosting providers for secure data storage, reliable uptime, and fast global access. These infrastructure partners host your data in secure, encrypted servers with strict access controls. They provide the underlying technology but cannot access or use your personal information for their own purposes—they act only on our instructions under contractual data processing agreements.
• Communication Services: We use third-party email and notification services to send you trip reminders, account updates, and marketing communications (with your consent). These services process your email address and notification preferences but are contractually prohibited from using your information for their own marketing purposes. You can opt out of non-essential communications at any time.
• Analytics and Performance Monitoring: To improve On Your Trip, we use analytics services that help us understand how users interact with our app, identify bugs, and monitor performance. These services collect anonymized usage data like feature clicks, screen views, and error reports. We configure these tools to respect user privacy by anonymizing IP addresses and removing personally identifiable information wherever possible.

Data Minimization Principle: We only share the minimum necessary information with third parties to provide our services. For example, when generating itineraries, we share "2 adults traveling to Paris for 5 days interested in art and food" but not "John Smith, john@email.com." This approach protects your privacy while still enabling personalized recommendations.

Partner Selection and Oversight: We carefully vet all third-party partners to ensure they maintain strong privacy and security standards. Our contracts require partners to protect your data, use it only for specified purposes, and delete it when no longer needed. However, once data is shared with third parties, it becomes subject to their privacy policies. We encourage you to review the privacy policies of any third-party services you interact with directly. We are not responsible for the privacy practices of these external services.

6. Your Rights and Choices

Depending on your location, you may have the following rights:

6.1 Access and Portability

• View Your Data: You can access and review all your personal information directly through theOn Your Trip app at any time. This includes your profile details, saved trips, itineraries, reviews, preferences, and travel history. Navigate to your profile settings to view and manage all aspects of your account information without needing to contact us.
• Download Your Data: You have the right to request a complete copy of all personal information we hold about you in a structured, machine-readable format (typically JSON or CSV). This download includes your account details, trip history, reviews, uploaded files, and preference settings. Contact us at privacy@onytrip.com to request your data export, and we'll provide it within 30 days.
• Data Portability: You can export your trip data in portable formats that allow you to transfer your itineraries to other services or save them for personal records. This includes all trip details, daily schedules, attraction lists, notes, and budgets. Future updates will enable direct export to calendar apps and other travel planning tools.

6.2 Correction and Updates

• Profile Management: You can update your account information at any time through the app settings. This includes changing your name, email address, phone number, profile picture, and display name. Changes take effect immediately and sync across all your devices. If you change your email address, we'll send a verification link to confirm the new address before updating your account.
• Review Editing: You maintain full control over your reviews and ratings. You can edit review text, update ratings, add or remove photos, and delete reviews entirely at any time. Edited reviews show an "edited" indicator to maintain transparency with the community. If you delete a review, it's permanently removed from our platform within 48 hours.
• Trip Modifications: All your trip data is fully editable. You can change destinations, adjust dates, modify budgets, update traveler information, reorganize daily itineraries, add or remove attractions, and revise notes at any point before, during, or after your trip. Changes sync automatically across devices.

6.3 Deletion Rights

• Selective Deletion: You can delete specific pieces of content without closing your entire account. Delete individual trips, remove specific reviews, erase uploaded files, or clear your search history directly through the app. Deleted content is immediately removed from your view and permanently erased from our servers within 30 days.
• Account Closure: You have the right to request complete deletion of your account and all associated personal data. To do so, contact us at privacy@onytrip.com with your account email. We'll delete your account within 30 days, including your profile, trips, preferences, and personal information. This action is permanent and cannot be undone.
• Data Retention Exceptions: Some information may be retained after account deletion for legitimate purposes: anonymized reviews (with your name removed) to maintain service integrity, transaction records for tax and accounting compliance (typically 7 years), data necessary for ongoing legal disputes or investigations, and aggregated, anonymized analytics data that cannot be linked back to you. We'll notify you of any retained information when processing your deletion request.

6.4 Communication Preferences

• Email Preferences: You control what emails you receive from us. Click the "unsubscribe" link at the bottom of any promotional email to stop receiving marketing messages. You can also manage email preferences in your account settings to choose which types of emails you want (travel inspiration, feature updates, special offers, etc.). Essential service emails (password resets, trip confirmations) cannot be disabled but are sent only when necessary.
• Push Notifications: Manage notification preferences both in-app and through your device settings. In On Your Trip settings, choose which notifications you want (trip reminders, weather alerts, companion updates). On iOS, go to Settings → Notifications → On Your Trip. On Android, go to Settings → Apps → On Your Trip → Notifications. You can disable all notifications or customize by type.
• Marketing Consent: We will never send you marketing communications without your explicit consent. When you sign up, you can opt into promotional emails. You can change this preference at any time, and your choice applies immediately. We respect your preferences and maintain separate lists for users who have opted out of marketing.

6.5 Location Services

• Location Permission Control: Location access is entirely optional and controlled through your device settings. On iOS: Settings → Privacy & Security → Location Services → On Your Trip. On Android: Settings → Apps → On Your Trip → Permissions → Location. You can choose "Allow While Using App," "Allow Once," or "Don't Allow."On Your Trip never accesses your location in the background.
• Functionality Without Location: On Your Trip works fully without location access. You can search for destinations, create trips, build itineraries, write reviews, and use all features except location-based recommendations like "nearby attractions" or "what's around me." If you deny location access, we'll simply ask you to manually search for or select your location when needed.
• Location Data Management: When you enable location services, we use your location only while the app is active to show nearby places and provide relevant recommendations. We don't track your movements or build location history. You can clear any stored location data by signing out and clearing your app cache, or by revoking location permission in device settings.

7. Data Retention

We retain your information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Our retention practices balance your privacy rights with our legitimate business needs and legal obligations:

• Active Service Provision: We keep your account information, trips, preferences, and content for as long as your account remains active. This ensures you can access your trip plans at any time, your preferences are remembered, and your personalized experience continues seamlessly. There's no automatic deletion of inactive accounts—your data remains accessible until you choose to delete it.
• Legal and Regulatory Compliance: Some data must be retained to comply with legal obligations, such as tax records (typically 7 years), transaction histories for accounting purposes, data needed to respond to legal requests or court orders, and information required for regulatory compliance. These retention requirements are determined by applicable laws in the jurisdictions where we operate.
• Security and Fraud Prevention: We retain certain security-related information like login history, IP addresses for suspicious activity, and fraud detection data to protect our users and platform. This information helps us identify patterns of abuse, prevent unauthorized access, and investigate security incidents. Security logs are typically retained for 12-24 months unless needed for ongoing investigations.
• Dispute Resolution: If there's an active dispute, claim, or legal proceeding involving your account, we may retain relevant information until the matter is fully resolved. This ensures we can defend our interests and yours, provide evidence if needed, and comply with court orders or legal processes.

Specific Data Retention Timelines:

• Account and Profile Information: Retained indefinitely while your account is active. Deleted within 30 days of account closure request, except for information we're legally required to retain. Your email address may be retained in a suppression list to honor unsubscribe requests even after account deletion.
• Trip and Itinerary Data: Preserved as long as you keep them in your account. You can delete individual trips at any time, and they're permanently removed within 30 days. Upon account deletion, all trip data is erased unless needed for legal compliance. We don't have access to deleted trip information after the 30-day purge period.
• Guest Mode Temporary Storage: Trip data created without an account is stored locally on your device for exactly 7 days, then automatically and permanently deleted. We never transfer guest mode data to our servers unless you create an account and explicitly choose to sync your trips. You can manually clear guest data anytime through your device's app data management.
• Performance Cache: Destination information, images, and frequently accessed content are cached on your device for 6-24 hours to improve loading speeds and reduce data usage. This cache is automatically refreshed and doesn't contain personal information. You can clear cached data through your device settings or by reinstalling the app.
• Reviews and Ratings: Your reviews remain on our platform even after account deletion, but your name is replaced with "Former User" to protect your privacy while maintaining the value of your contribution to the community. Review photos you uploaded remain associated with the attraction. If you want reviews deleted before closing your account, you must manually delete them first.
• Analytics and Usage Data: Aggregated, anonymized analytics data (like "50 users searched for Paris this week") is retained indefinitely to improve our services and understand travel trends. This data cannot be traced back to individual users and doesn't contain personally identifiable information. It's used solely for platform improvement and business analytics.
• Communication History: Support tickets, feedback submissions, and email correspondence are retained for 3 years to maintain service quality, track issue resolution, and identify recurring problems. If you request account deletion, we'll anonymize your name in support records while keeping the technical details to improve our service.

8. Children's Privacy

On Your Trip is designed for adult users and families planning travel experiences. We are committed to protecting children's privacy and comply with the Children's Online Privacy Protection Act (COPPA) in the United States and similar regulations worldwide.

• Age Restrictions: On Your Trip is not intended for use by children under the age of 13 in the United States (or the applicable age of digital consent in your country, which may be 14-16 in Europe). We do not knowingly collect, use, or store personal information from children below these age thresholds. By using our service, you represent that you meet the minimum age requirement.
• No Targeted Collection: We do not direct our services to children, market to children, or knowingly collect information from users we know to be children. Our app stores require users to confirm they meet age requirements during account creation. If we learn that we've inadvertently collected information from a child, we will delete it immediately.
• Family Travel Planning: While parents and guardians can use On Your Trip to plan family vacations, we recommend that adults maintain control of the account and that children not create their own accounts. When planning trips with children, parents should be mindful of what information they share in reviews or public content (avoid posting children's names, ages, schools, or identifying photos in public reviews).
• Parental Rights and Actions: If you are a parent or guardian and discover that your child has created an account or provided personal information to On Your Trip without your consent, please contact us immediately at privacy@onytrip.com. Include your child's name, email address used, and any information that would help us identify the account. We will:
  • Verify your identity as the parent or guardian
  • Immediately suspend the account to prevent further data collection
  • Permanently delete all personal information associated with the account
  • Provide confirmation once the deletion is complete (typically within 48 hours)
• Educational and School Use: If schools or educational institutions wish to use On Your Trip for educational purposes (such as planning field trips or geography projects), they must obtain proper parental consent and ensure supervision by teachers or administrators. Educational institutions should contact us to discuss appropriate safeguards and compliance measures.

9. International Data Transfers

On Your Trip is a global travel planning service used by travelers worldwide. To provide you with fast, reliable service regardless of where you're located, we process and store data across multiple countries and regions:

• Global Infrastructure: Your data may be transferred to and processed in the United States, European Union, Asia-Pacific region, and other countries where our service providers operate data centers. This global distribution ensures that when you access On Your Trip from anywhere in the world, your experience is fast and responsive. Data is routed to the nearest server location to minimize latency and maximize performance.
• Varying Data Protection Standards: Different countries have different data protection laws and regulations. Some jurisdictions (like the European Union with GDPR) have comprehensive data protection frameworks, while others may have less stringent requirements. The United States, for example, doesn't have a single federal data protection law comparable to GDPR, though sector-specific regulations and state laws (like California's CCPA) provide certain protections.
• Your Consent to Transfer: By creating an account and using On Your Trip, you explicitly consent to the transfer of your personal information across international borders. This includes transfers from your country of residence to countries that may not provide the same level of data protection. If you do not consent to such transfers, unfortunately you cannot use our service as our global architecture is fundamental to how On Your Trip operates.
• Protective Safeguards: While data protection laws vary, we implement consistent security and privacy measures across all regions where your data is processed. These safeguards include:
  • Encryption of data in transit between regions using TLS 1.3
  • Encryption of data at rest in all data centers using AES-256
  • Contractual requirements for service providers to protect your data
  • Access controls that limit who can view or process your information
  • Regular security audits and compliance assessments
  • Data processing agreements that meet EU Standard Contractual Clauses where applicable
• EU-Specific Considerations: For users in the European Economic Area (EEA), UK, and Switzerland, we implement additional safeguards for data transfers to countries outside these regions. We rely on approved transfer mechanisms such as Standard Contractual Clauses (SCCs) approved by the European Commission, and we work with service providers who participate in recognized data protection frameworks. EU users have additional rights under GDPR, including the right to object to international transfers in certain circumstances.
• Government Access: Depending on where your data is processed, it may be subject to lawful access requests from government authorities in that jurisdiction. For example, data stored in US data centers may be subject to requests from US law enforcement agencies under applicable US law. We will only provide data in response to valid legal requests and will notify you of such requests unless prohibited by law or if the request is an emergency.

If you have questions or concerns about international data transfers, particularly if you're located in the EU, please contact us at privacy@onytrip.com. We're committed to transparency about how and where your data is processed.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons.

When we make material changes, we will:

• Update the "Last updated" date at the top of this policy
• Notify you through the app or via email
• Provide a prominent notice for significant changes

Your continued use of On Your Trip after changes become effective constitutes your acceptance of the revised policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days. For urgent privacy matters, please mark your message as "Urgent Privacy Request."