Legal

Privacy Policy

Last updated: 2026-05-03

TripPortfolio AI (“TripPortfolio,” “we,” “us,” or “our”) builds the operating system for luxury travel advisors. This Privacy Policy explains what information we collect when you visit tripportfolio.ai, sign up for the platform, or interact with a trip shared by your advisor through our mobile app or share links. It also describes how we use that information, who we share it with, how long we keep it, and the rights you have over it.

We designed TripPortfolio around a multi-tenant architecture where every piece of trip data belongs to the agency (“organization”) that created it. The org owns its data; we host it. The same principle drives this policy.

1. Information we collect

We collect three categories of information:

  • Account information. When an advisor signs up for a workspace we collect your name, email address, organization name, and a hashed password. If you sign up via an OAuth provider we receive your name, email, and a provider-issued user identifier. Travelers who create an account in the mobile app provide their name, email, and a hashed password.
  • Trip and client data.Advisors enter or upload itinerary content, client contact details, hotel and DMC quotes, invoices, commissions, documents (passports, visas, vouchers), notes, and conversations. This information is owned by the advisor’s organization and is scoped to that organization in our database.
  • Usage analytics. We measure aggregate site and product usage with Plausible Analytics, which is cookie-less and does not collect or store any personal data, IP addresses, or device identifiers in a way that can be used to identify or track an individual. We do not use third-party advertising trackers, cross-site cookies, or fingerprinting libraries.

2. How we use information

We use the information above to operate, secure, and improve the service: authenticating sessions, scoping every database query to your organization, processing payments, sending transactional email, generating itinerary content with AI on request, and answering support tickets. We do not sell personal information, and we do not use trip or client data to train any general- purpose AI model.

3. The share-token model

When an advisor shares a trip with a traveler, we mint a share token scoped to that single trip and grant read access (and, for chat threads, write access) only to holders of that token. The traveler does not need a TripPortfolio account to view a shared trip in a browser. If the advisor revokes the share, the token stops working immediately. Share tokens never grant access to other clients’ trips, the agency’s roster, or back-office data.

4. Third-party processors

We rely on a small set of vetted infrastructure and service providers to deliver the platform. Each one only receives the minimum data needed for its job, and each is bound by a data processing agreement.

  • Google Cloud Platform — hosts our application servers, Firestore database, and document storage in US regions.
  • Anthropic — powers Claude Cowork agentic itinerary planning and the in-product AI knowledge base. Prompts and responses for your trips pass through Anthropic under their zero-data-retention enterprise terms.
  • xAI — provides web-grounded research capabilities for trip planning prompts that need fresh external information.
  • Stripe — processes subscription payments and stores card data. We never see your raw card number.
  • Resend — delivers transactional email such as invoices, share notifications, and password resets.

5. Data retention and deletion

Trip and client data are retained for as long as the organization keeps its TripPortfolio workspace active. The organization owner can delete individual records, an entire client, or the workspace itself at any time from settings. When a workspace is deleted, we purge it from our primary database within seven days and from encrypted backups within thirty days. Deletion requests for a specific traveler or client should be routed through the advisor that owns the record; we cannot unilaterally delete records on behalf of an advisor’s organization.

6. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete the personal data we hold about you, to object to certain processing, or to withdraw consent. We honor requests under the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA). To exercise any of these rights email privacy@tripportfolio.ai from the address associated with your account. We respond within thirty days.

7. Security

All traffic to TripPortfolio is encrypted in transit via TLS. Data at rest is encrypted using Google Cloud’s default storage encryption. Access to production systems is gated by single-sign-on with hardware-key second factors and is restricted to the small group of engineers on call. We log administrative access for audit and review.

8. Children

TripPortfolio is built for travel professionals and adult travelers and is not directed to children under sixteen. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact privacy@tripportfolio.ai and we will delete it.

9. International transfers

TripPortfolio is operated from the United States and our primary data hosting region is in the US. If you access the service from outside the US, you understand and consent to the transfer of your information to the US, where data protection law may differ from your country of residence. We rely on Standard Contractual Clauses for transfers of personal data from the European Economic Area, the UK, and Switzerland.

10. Changes to this policy

We will update the “Last updated” date at the top of this page when we revise the policy. For material changes that affect how we process personal data, we will also email the workspace owners on file and post a notice in the product. Continued use after a change becomes effective is acceptance of the revised policy.

11. Contact us

Questions, concerns, or rights requests should be sent to privacy@tripportfolio.ai. For general inquiries email hello@tripportfolio.ai.