Tripilot Privacy Policy

Last Updated: 2025/12/16

1. Introduction

Welcome to Tripilot ("we," "our," or "us"). We provide an AI-powered travel assistant service designed to help you plan, book, and navigate your trips. We are committed to protecting your personal privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and mobile application (the "Service").

2. Information We Collect

We collect information that you provide directly to us, information we collect automatically, and information from third parties.

2.1 Information You Provide

  • Account Information: Name, email address, phone number, and password.
  • Identity & Travel Documents: Passport numbers, issuance/expiration dates, nationality, visa details, and photos of identification documents (strictly for booking purposes).
  • Travel Preferences: Dietary restrictions, accessibility needs, hotel preferences, and loyalty program numbers.
  • AI Interactions (User Content): Text queries, voice commands, uploaded images, and conversation history with our AI Agent.
  • Payment Information: Billing address and payment method details (processed by our secure payment providers; we do not store full credit card numbers).

2.2 Information Collected Automatically

  • Device Information: Device ID, IP address, operating system, and browser type.
  • Location Data: Real-time GPS location (only with your explicit permission) to provide local recommendations and navigation.
  • Usage Data: How you interact with the AI, features used, and time spent on the app.

3. How We Use Your Information

We use your data to provide and improve our AI Travel Agent services:

  • Service Fulfillment: To book flights, hotels, trains, and tickets based on your instructions.
  • AI Personalization: To tailor travel itineraries and recommendations based on your chat history and preferences.
  • Model Processing: Your text/voice inputs are processed by our AI algorithms (and potentially third-party LLM providers) to generate responses.
    • Note: We use your personal conversation data to train our AI recommendation models.
  • Communication: To send booking confirmations, itinerary updates, and emergency alerts.
  • Legal Compliance: To comply with travel regulations (e.g., submitting passenger data to border control or airlines).

4. How We Share Your Information

We do not sell your personal data. We strictly share data only as necessary to fulfill your requests:

  • Travel Service Providers: We adhere to the "Need to Know" principle. We share your Identity Data (Name, Passport) with airlines, hotels, railway operators, and tour agencies solely to complete your bookings.
  • AI & Cloud Infrastructure: We use trusted third-party providers (e.g., Aliyun Cloud, AWS) to host our servers and process AI queries. Data sent to LLMs is anonymized where possible.
  • Legal Authorities: We may disclose information if required by law, court order, or government regulations in the countries you travel to or from.

5. International Data Transfers

Since we facilitate international travel, your information may be transferred to, stored, and processed in countries other than your own (e.g., transferring data from the EU to China for a hotel booking).

  • By using our Service, you consent to the transfer of information to countries outside of your country of residence, which may have different data protection rules.
  • We rely on legal mechanisms (such as Standard Contractual Clauses) to ensure your data remains protected during transfer.

6. Data Security

We employ industry-standard security measures, including:

  • Encryption: Data in transit (TLS/SSL) and data at rest (AES-256).
  • Access Control: Strict internal access controls regarding passport and payment data.
  • Data Minimization: We aim to delete sensitive travel documents (like passport images) from our active servers 15 days after your trip concludes.

7. Your Rights

Depending on your location (e.g., GDPR for EU, CCPA for California), you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update inaccurate information.
  • Deletion: Request deletion of your account and data ("Right to be Forgotten").
  • Export: Request your data in a portable format.
  • Opt-out: You may opt-out of marketing communications.

To exercise these rights, please contact us at contact@tripilot.io.

8. Third-Party Links

Our AI Agent may provide links to external websites (e.g., restaurant reviews, museum sites). We are not responsible for the privacy practices of these external sites.

9. Children's Privacy

Our Service is not directed to children under 13 (or other age as required by local law). We do not knowingly collect personal information from children without parental consent.

10. Changes to This Policy

We may update this policy periodically. We will notify you of significant changes via the App or Email.

11. Contact Us

If you have questions about this Privacy Policy, please contact: