Privacy Policy

How we collect, use, and protect your information when you use the TripNCity mobile application and website.

Last updated: May 1, 2026  ·  Effective date: May 1, 2026

This Privacy Policy describes how SaasFactory LLC (“SaasFactory,” “we,” “us,” or “our”), the operator of the TripNCity mobile application and related services (collectively, the “Service”), collects, uses, discloses, and protects information about you. By downloading, accessing, or using the Service, you agree to the practices described in this Policy.

1. Who we are

The Service is operated by:

SaasFactory LLC
30 N Gould St, Ste N
Sheridan, Wyoming 82801
United States of America

2. Information we collect

We collect the following categories of information:

a) Information you provide directly

  • Account information — name, email address, profile photo, preferred language, and authentication identifiers when you sign up or sign in (including via third-party providers such as Apple, Google, or email magic links).
  • Profile and travel preferences — interests, saved places, planned trips, languages spoken, and other content you choose to add.
  • User-generated content — reviews, photos, notes, AI-chat prompts, and feedback you submit.
  • Booking and payment information — booking details and limited transaction metadata. Card numbers are processed by our payment provider and are never stored on our servers.
  • Support correspondence — messages you send to us through email or in-app support.

b) Information collected automatically

  • Device data — device model, operating system and version, unique device identifiers, app version, language, and time zone.
  • Usage data — screens visited, features used, search queries within the app, scan/QR events, and crash logs.
  • Approximate or precise location — only when you grant location permission, used to surface nearby places, audio guides, and route suggestions.
  • Camera, photos, and microphone — only when you explicitly use a feature that requires them (e.g. scanning a QR code, uploading a photo, or recording a voice note).
  • Push-notification tokens — to deliver booking, trip, and account notifications via OneSignal.
  • Cookies and similar technologies — used on our website only, for session management and basic analytics.

c) Information from third parties

  • Authentication providers (Supabase Auth, Apple, Google) — basic profile data they share with us with your consent.
  • Content partners (e.g. TripAdvisor) — public information about places, points of interest, and reviews used to enrich our catalog.
  • Payment processors — confirmation of successful payments and refunds.

3. How we use your information

We use the information we collect to:

  • Provide, maintain, and improve the Service, including personalizing recommendations and audio guides;
  • Create and manage your account and authenticate you across sessions and devices;
  • Process bookings, send confirmations, and provide customer support;
  • Send you transactional and, with your consent, promotional communications (you can opt out at any time);
  • Detect, prevent, and address fraud, abuse, security, and technical issues;
  • Comply with legal obligations and enforce our Terms of Service.

4. Legal bases for processing (EEA / UK)

If you are located in the European Economic Area or the United Kingdom, we rely on the following legal bases:

  • Contract — to provide the Service you request;
  • Consent — for optional features such as location, push notifications, and marketing emails (which you can withdraw at any time);
  • Legitimate interests — to keep the Service secure, prevent abuse, and improve our products;
  • Legal obligation — when we must retain or disclose data to comply with applicable law.

5. How we share information

We do not sell your personal information. We share data only as described below:

  • Service providers acting on our behalf (cloud hosting, authentication, push notifications, email delivery, analytics, payment processing, AI inference, mapping, and customer support);
  • Travel and content partners when required to fulfill a booking or display third-party content you requested;
  • Legal and safety — to comply with subpoenas, court orders, or other legal process, or to protect the rights, property, or safety of users, the public, or SaasFactory LLC;
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality safeguards.

6. International data transfers

We are based in the United States and use service providers in multiple countries. When we transfer personal data from the EEA, UK, or Switzerland to a country that has not received an adequacy decision, we rely on appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission.

7. Data retention

We keep personal information only for as long as necessary for the purposes described in this Policy, to comply with our legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we delete or anonymize it. You can request deletion of your account at any time (see Section 9).

8. Security

We use industry-standard administrative, technical, and physical safeguards to protect your information, including TLS encryption in transit, encrypted storage at rest where supported, and least-privilege access controls. No method of transmission or storage is 100% secure; we cannot guarantee absolute security but we work continuously to strengthen our protections.

9. Your rights and choices

Depending on where you live, you may have the right to:

  • Access, correct, update, or delete your personal information;
  • Object to or restrict certain processing, or request data portability;
  • Withdraw consent at any time without affecting the lawfulness of prior processing;
  • Lodge a complaint with your local data-protection authority.

You can exercise most of these rights directly inside the app (Settings → Account) or by emailing us at privacy@tripncity.com. We may need to verify your identity before acting on a request.

California, Virginia, Colorado, Connecticut, and Utah residents have additional rights under their respective state laws (CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA). We honor those rights and do not discriminate against users who exercise them.

10. Children’s privacy

The Service is not directed to children under the age of 13 (or under 16 in the EEA/UK), and we do not knowingly collect personal information from them. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Permissions on Android and iOS

The mobile application requests the following permissions only to deliver specific features. Each is optional and can be revoked at any time in your device settings:

  • Location — to show nearby places, audio guides, and itineraries.
  • Camera — to scan QR codes and capture photos for trip notes.
  • Photos / Media — to attach images to your profile or trip entries.
  • Microphone — to record voice notes inside the AI travel chat.
  • Notifications — to deliver booking, trip, and account updates.

12. Third-party links and services

The Service may contain links to third-party websites, apps, or services that are not operated by us. This Policy does not apply to those third parties; please review their privacy notices before providing information to them.

13. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, by an in-app notice or email. Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

14. Contact us

If you have any questions or requests regarding this Policy or our data practices, contact:

SaasFactory LLC — Privacy Team
30 N Gould St, Ste N
Sheridan, Wyoming 82801, USA
Email: privacy@tripncity.com