← Back to TripAware

Privacy Policy

Last updated: February 17, 2026

Introduction

TripAware (“we,” “us,” or “our”) is a weather-optimized travel discovery platform. We respect your privacy and are committed to protecting any personal data you share with us. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

This policy applies to all visitors and users of TripAware, regardless of where you are located. We comply with applicable data protection laws including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and other applicable regional privacy laws.

Data Controller

The data controller responsible for your personal data is TripAware, operated by Daniel. For any privacy-related inquiries, please contact us at our contact page.

Information We Collect

Information you provide directly

When you use TripAware, you may provide information through our search features, including your travel preferences (climate type, activity vibe, travel month) and departure airport. If you contact us, we may collect your name and email address. We do not require account creation to use TripAware.

Information collected automatically

When you visit TripAware, our hosting infrastructure (Cloudflare) may automatically collect limited technical data necessary to deliver the service, including:

  • IP address (used for content delivery and security; not stored long-term by TripAware)
  • Browser type and version
  • Device type
  • Pages visited and time spent
  • Referring URL

Information we do not collect

We do not collect, store, or process:

  • Payment or financial information
  • Government-issued identification
  • Precise geolocation data
  • Social media account data
  • Health, biometric, or sensitive personal data
  • Data from children (see Children’s Privacy below)

How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the service: Processing your search queries to match destinations to your climate and activity preferences.
  • Flight search: When you use our flight search feature, your origin airport, destination, and travel dates are sent to the Duffel API to retrieve live flight pricing. We act as an intermediary and do not store your flight search history.
  • Improving the service: Understanding how users interact with TripAware to improve functionality and user experience.
  • Communication: Responding to inquiries you submit through our contact form.
  • Security: Protecting the service from abuse, fraud, or security threats.

Legal bases for processing (GDPR)

Under the GDPR, we process personal data on the following legal bases:

  • Legitimate interest (Article 6(1)(f)): For providing and improving the service, analytics, and security. We have assessed that these interests do not override your fundamental rights and freedoms.
  • Consent (Article 6(1)(a)): Where we ask for your consent, such as for optional communications. You may withdraw consent at any time.
  • Contractual necessity (Article 6(1)(b)): To deliver the service you have requested, such as processing search queries.

Cookies and Tracking

TripAware does not use advertising cookies, tracking pixels, or social media tracking. We do not engage in cross-site tracking or behavioral advertising.

Our hosting provider (Cloudflare) may set strictly necessary cookies for security and performance purposes (such as bot protection). These are essential for the operation of the service and do not require consent under GDPR.

If we introduce analytics in the future, we will use privacy-friendly solutions that do not use cookies and do not track individuals across sites. This policy will be updated accordingly before any such tools are deployed.

Third-Party Services

We use the following third-party services to operate TripAware:

  • Cloudflare (hosting and CDN): Provides web hosting, content delivery, and DDoS protection. Cloudflare processes visitor IP addresses and request metadata. Cloudflare Privacy Policy.
  • Supabase (database): Stores destination and climate data. User search queries are processed through Supabase but we do not store personally identifiable information in our database. Supabase Privacy Policy.
  • Duffel (flight search): When you use the flight search feature, your search parameters (origin, destination, dates) are sent to Duffel to retrieve live pricing from airlines. Duffel Privacy Policy.
  • Open-Meteo (climate data): Provides historical weather data used to build climate profiles. No user data is shared with Open-Meteo; we only query climate data for destinations.
  • Unsplash (images): Destination images are loaded from Unsplash’s CDN. Your browser connects directly to Unsplash servers when loading images. Unsplash Privacy Policy.

When you click outbound booking links (such as links to Google Flights, Kayak, or Booking.com), you leave TripAware and are subject to those platforms’ privacy policies. We do not currently use affiliate tracking parameters in these links.

International Data Transfers

Our service infrastructure is hosted globally through Cloudflare’s edge network and Supabase’s cloud infrastructure. Your data may be processed in countries outside your country of residence, including the United States.

Where personal data is transferred from the European Economic Area (EEA), the UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) as adopted by the European Commission, or equivalent mechanisms provided by our third-party service providers.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Search queries: Not stored persistently. Search parameters are processed in real time and not logged with personally identifiable information.
  • Contact form submissions: Retained for as long as necessary to respond to your inquiry, then deleted within 12 months unless ongoing correspondence requires retention.
  • Server logs: Cloudflare retains standard web server logs according to their retention policy (typically up to 72 hours).

Your Rights

Depending on your location, you have the following rights regarding your personal data:

Rights under GDPR (EEA and UK residents)

  • Right of access: You can request a copy of the personal data we hold about you.
  • Right to rectification: You can request that we correct inaccurate or incomplete data.
  • Right to erasure: You can request deletion of your personal data (“right to be forgotten”).
  • Right to restrict processing: You can request that we limit how we use your data.
  • Right to data portability: You can request your data in a structured, commonly used, machine-readable format.
  • Right to object: You can object to processing based on legitimate interests, including any profiling.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: You have the right to file a complaint with your local data protection supervisory authority.

Rights under CCPA (California residents)

  • The right to know what personal information we collect and how it is used.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale of your personal information. We do not sell personal information.
  • The right to non-discrimination for exercising your privacy rights.

Rights under other laws

If you are located in Brazil (LGPD), Canada (PIPEDA), Australia, or other jurisdictions with applicable privacy laws, you have equivalent rights under your local legislation. We will honor your rights in accordance with the applicable law.

To exercise any of these rights, please contact us via our contact page. We will respond within 30 days (or the timeframe required by applicable law).

Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (HTTPS/TLS), secure hosting infrastructure, and access controls. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Children’s Privacy

TripAware is not directed at children under 16 years of age (or 13 in jurisdictions where permitted by law). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

Do Not Track

TripAware does not engage in cross-site tracking. We honor Do Not Track (DNT) browser signals. Because we do not track users across third-party websites, no change in behavior occurs when a DNT signal is detected.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will post the updated policy on this page with a revised “Last updated” date. For material changes, we will provide prominent notice on the TripAware homepage. Your continued use of TripAware after any changes constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out via our contact page.

If you are located in the EEA or UK and are unsatisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.