Legal
Privacy Policy
Last updated: June 4, 2026
In plain words —
Your trips, your places, your memories — they belong to you.
01 Who We Are
Travelpin is a travel planning and trip management app built and operated by Travelpin ("we", "us", "our"), based in India. This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information when you use the Travelpin iOS app, website, and any related services.
Under India's Digital Personal Data Protection Act 2023, Travelpin operates as a Data Fiduciary — meaning we determine why and how your personal data is processed and are responsible for it. Where applicable, Travelpin is also subject to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and the Australian Privacy Act 1988 and Australian Privacy Principles.
This policy applies to users in India, the United States, Australia, and other jurisdictions where Travelpin is available. Where local laws provide additional rights or protections, those are described in the relevant sections of this policy. Where requirements differ by jurisdiction, we have noted them clearly throughout this document.
02 What We Collect and Why
We collect only what is necessary to provide the features you use. Here is a complete breakdown:
| Data Type | What We Collect | Purpose | Legal Basis |
|---|---|---|---|
| Account | Name, email address (optional) | Sync across devices, backup, account recovery | Contract / Consent |
| Trips & Flights | Flight numbers, routes, timings, airports, travel history | Flight tracking, ETA calculations, trip organisation | Contract |
| Precise Location | Current location, saved places (home, office), airport proximity | ETA calculations, travel insights | Consent |
| Pins & Memories | Saved places, notes, tags, visit dates | Personal travel map, memory recall, AI suggestions | Contract |
| Basecamp Insights | Travel patterns, routes, time-of-day preferences | Journey insights and statistics | Legitimate interests |
| Technical Data | Device type, app version, crash logs | App reliability and bug fixing | Legitimate interests |
| Analytics | Anonymous feature usage, screen interactions | Product improvement | Legitimate interests |
03 AI Features
Travelpin uses AI to suggest packing checklists, generate travel insights, and assist with trip planning. AI features are optional — the core app works without them.
- AI features use only the minimum data required for that specific function.
- Your raw notes and memories are not used to train Travelpin's own systems.
- Some AI features are powered by third-party AI service providers. These providers process only the data necessary to return a result and are contractually prohibited from using your data to train their models or for any secondary purpose.
- We do not use your personal data for automated decision-making that produces legal or similarly significant effects on you.
- You can opt out of AI features at any time in the app settings without losing access to other features.
04 Analytics and Tracking
We collect anonymous, aggregated usage data to understand what users value and improve the app.
- We do not track you across other apps or websites.
- We do not build advertising profiles.
- We do not use Apple's Advertising Identifier (IDFA) for tracking.
- Analytics data is anonymised before storage and cannot be linked back to you individually.
- We do not sell or share analytics data with data brokers or advertising networks.
05 Data Sharing
We do not sell your personal data. We do not share your data with advertisers or data brokers. We share data only where necessary to operate the service:
- Cloud infrastructure providers — for secure storage and sync. Servers may be located in India, the United States, or other countries.
- Flight data API providers — to retrieve live flight status and gate information. Only flight numbers and route data are shared.
- Mapping service providers — to support location-based ETA features. Location data is shared only when you actively use these features.
- Crash reporting and diagnostics tools — to identify and fix technical issues. Only anonymised technical data is shared.
- AI service providers — to power optional AI features. Only the minimum data required for the specific function is shared.
Each partner receives only the minimum data required for their specific function and is prohibited from using your data for any other purpose. We require all partners to maintain appropriate security standards.
We may disclose data if required by law, court order, or regulatory authority in India, the United States, Australia, or any other applicable jurisdiction, or to protect the safety and rights of our users.
06 Data Retention
We retain personal data only as long as necessary for the purpose it was collected:
| Data Type | Retention Period |
|---|---|
| Account & trip data | For the life of your account. Deleted within 30 days of account deletion. |
| Pins & memories | For the life of your account. Deleted within 30 days of account deletion. |
| Location data | Not stored persistently. Used in-session only, except for saved places which follow account retention. |
| Crash logs & technical data | Up to 90 days. |
| Analytics data | Anonymised immediately. Aggregated data may be retained indefinitely as it cannot be linked to you. |
We may retain certain data longer if required by applicable law or to resolve disputes. When data is no longer required, we securely delete or anonymise it.
07 Your Rights and Controls
Regardless of where you are located, you have the following controls within Travelpin at all times:
🇮🇳 India — DPDPA 2023
If you are located in India, you have the following rights under the Digital Personal Data Protection Act 2023:
- Right to access a summary of your personal data and how it is processed
- Right to correction and erasure of your personal data
- Right to grievance redressal — complaints must be acknowledged within 48 hours and resolved within 30 days
- Right to nominate a person to exercise your rights on your behalf in the event of death or incapacity
We process your data based on your consent, which you may withdraw at any time. Withdrawal of consent does not affect the lawfulness of processing before withdrawal, but may affect your ability to use certain features.
Our legal basis for processing data in India is consent for all personal data collection. Where processing is necessary for the performance of a contract (providing the app service), we rely on that as an additional basis.
In accordance with the DPDPA 2023, we have designated a Grievance Officer for India.
Contact: hello@travelpinapp.com
Response time: Acknowledgement within 48 hours. Resolution within 30 days.
If your complaint is not resolved to your satisfaction, you may escalate to the Data Protection Board of India once it is constituted under the DPDPA 2023.
Children (India): Travelpin is not intended for users under 18 years of age. We do not knowingly collect personal data from minors under 18. If you believe a minor has registered, contact us immediately and we will delete their data promptly. Processing data of children under 18 requires verifiable parental consent under the DPDPA.
🇺🇸 United States — CCPA / CPRA
If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act:
- Right to know what personal information we collect, use, disclose, and sell
- Right to delete your personal information
- Right to correct inaccurate personal information
- Right to opt out of the sale or sharing of personal information
- Right to limit the use of sensitive personal information (including precise geolocation)
- Right to non-discrimination for exercising any of these rights
We do not sell your personal information. We do not share your personal information with third parties for cross-context behavioural advertising.
To exercise any of your rights, contact us at hello@travelpinapp.com. We will respond within 45 days. We may extend this by a further 45 days where necessary and will notify you.
For users in Virginia, Colorado, Connecticut, Texas, and other US states with privacy laws: you have similar rights to access, correct, delete, and opt out of data processing. We honour these rights for all US users regardless of state. Contact us to exercise them.
Children (US): Travelpin is not directed at children under 13. We do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If you believe a child under 13 has provided us with personal information, contact us and we will delete it immediately.
🇦🇺 Australia — Privacy Act 1988 (APPs)
Travelpin handles your personal information in accordance with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). This section is our APP Privacy Policy as required under APP 1.
You have the following rights under Australian privacy law:
- Right to access personal information we hold about you (APP 12) — we will respond within 30 days
- Right to correct personal information that is inaccurate, out of date, incomplete, or misleading (APP 13)
- Right to request we not use your personal information for direct marketing (APP 7)
- Right to complain about a breach of the APPs
Direct marketing: We do not use your personal information for direct marketing. If this changes, we will seek your consent first and provide a clear opt-out mechanism in every communication.
Overseas disclosure: We disclose personal information to overseas recipients including cloud infrastructure, AI service providers, and flight data providers. See Section 05 for details. We take reasonable steps to ensure overseas recipients handle your data consistently with the APPs.
1. Contact us first at hello@travelpinapp.com. We will acknowledge within 5 business days and respond within 30 days.
2. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.
Children (Australia): Travelpin is not intended for users under 13. We do not knowingly collect personal information from children under 13.
08 Security
We implement reasonable and appropriate technical and organisational measures to protect your personal data:
- All data is transmitted over encrypted connections (HTTPS / TLS 1.2 or higher)
- Data at rest is stored with encryption
- Access to personal data is restricted to authorised personnel with a legitimate need
- We use access controls and monitoring to detect and respond to unauthorised access
- We regularly review our security practices
No system is perfectly secure. In the event of a data breach that is likely to result in serious harm to affected individuals, we will notify the relevant authorities and affected users as required by law — including the Data Protection Board of India, the relevant US state authorities where applicable, and the Office of the Australian Information Commissioner under the Notifiable Data Breaches (NDB) scheme.
If you become aware of any security concern, please contact us immediately at hello@travelpinapp.com.
09 International Data Transfers
Travelpin is based in India. Your data may be processed on servers located in other countries, including the United States and the European Union, depending on the infrastructure providers we use.
When transferring data internationally, we take appropriate steps to ensure your data is protected:
- For transfers from India: we rely on consent and contractual safeguards with overseas recipients.
- For transfers involving Australian users: we take reasonable steps to ensure overseas recipients comply with principles consistent with the APPs (APP 8).
- For transfers involving EU/UK users: we rely on Standard Contractual Clauses (SCCs) or other appropriate safeguards under GDPR.
10 Changes to This Policy
We may update this policy as Travelpin evolves or as laws change. If changes are significant, we will notify you via the app or by email at least 14 days before they take effect.
The "last updated" date at the top of this page always reflects the current version. We encourage you to review this policy periodically. Continued use of the app after changes take effect constitutes your acceptance of the updated policy.
Previous versions of this policy are available on request by emailing hello@travelpinapp.com.
Contact and Grievance Redressal
For any privacy questions, data access requests, corrections, deletions, or complaints:
Email: hello@travelpinapp.com
Response time: Acknowledgement within 48 hours. Full response within 30 days.
Please include your name, the jurisdiction you are writing from, and a description of your request. This helps us direct your request appropriately.
If you are an Australian user and are not satisfied with our response, you may escalate to the OAIC at www.oaic.gov.au. If you are an Indian user, you may escalate to the Data Protection Board of India once constituted under the DPDPA 2023.