TravelBinder Privacy Policy

Last updated: 2025-11-30

This Privacy Policy explains how TravelBinder ("we", "us", "our") collects, uses, and protects your information when you use our mobile application (Android and iOS), API, and related services (collectively, the "Service"). By using the Service, you agree to this policy.

1. Information We Collect

• Email content you forward to your unique TravelBinder address (including headers, bodies, attachments, and PDFs).
• Files you upload (e.g., PDFs and images) through the app, including trip attachments that you manually add to your trips.
• Parsed itinerary data derived from forwarded emails and uploaded files (e.g., trip, flight, hotel, car rental, activity, and dining details).
• User-generated content you create in the app, including checklists (Packing Lists and To-Do Lists), checklist items, and required arrangements.
• App and device information for reliability and security (e.g., app version, OS version, device model, crash reports, and diagnostic logs that are scrubbed of PII where possible).
• Device information collected when you submit feedback (e.g., device type, operating system version, device model and brand, app version and build number, screen dimensions and scale, locale, timezone, network type, tablet detection, notch detection, and React Native version). This information helps us diagnose and address issues you report.
• Authentication data (email address for magic link sign-in, tokens) and basic account metadata.
• Push notification tokens (Firebase Cloud Messaging) to deliver alerts.
• Optional Traveler Profile preferences you choose to set (e.g., trip frequency, styles, activities). These are used only to tailor travel suggestions when you ask for them.
• Optional contacts data:
  • Write: with your permission, we may create/update a single contact entry (e.g., “TravelBinder”) containing your unique forwarding email address.
  • Read (Android): with your permission, we may read your contacts locally to let you select email addresses when inviting co‑travelers. We do not upload or sync your address book; only the specific emails you choose are sent to our API to deliver invitations.

2. How We Use Information

• Provide and improve the Service, including parsing and organizing your travel information into trips and timeline items, storing your checklists and required arrangements, and managing your trip attachments (source documents and manually uploaded files).
• Store raw emails and files to support parsing, reprocessing, and auditability. Manually uploaded trip attachments are stored for your reference and organization.
• Deliver push notifications for new trips or items.
• Maintain security, prevent abuse, and perform debugging and analytics (aggregated, de‑identified where possible).
• Honor deletion requests (hard delete) and enforce user-level data isolation.
• Support account changes requested by you, such as updating your email address via secure, time‑limited confirmation links.

3. Contacts Permissions (Android)

• Write Contacts (optional): Enables adding or updating a single convenience contact that stores your unique TravelBinder forwarding address. No other contacts are modified.
• Read Contacts (optional): Enables selecting one or more contact email addresses to send trip invitations. We do not upload or store your address book. Only the email addresses you explicitly select are transmitted to our API to create invitations.
• Control: You can deny or revoke these permissions at any time in system settings. The app remains usable without them.

4. Data Processing and Storage

• Email/PDF Ingestion: Inbound emails are processed via Postmark inbound webhooks. Uploaded files are sent via our API.
• Processing Pipeline: Content is normalized to text and sent to our AI parsing service (OpenAI GPT-4o-mini primary; GPT-4o fallback) to extract structured itinerary data.
• Storage: Raw content and normalized text are stored in encrypted Azure Blob Storage. Parsed data is stored in Azure Database for PostgreSQL. All data is encrypted in transit and at rest.
• Data Residency: We target US-only data residency for storage and processing.

5. Retention and Deletion

• Retention: Raw emails/PDFs and derived data are retained to support reprocessing, auditability, and your app experience.
• Deletion: When you delete a trip or item, we perform a soft delete of that record and its linked data as designed. You may also request account-level deletion, which removes your user data (subject to legal or operational requirements) completely and permanently from our system.

6. Security

• Transport security (TLS 1.2+) for all API traffic.
• Encryption at rest for database and file storage using cloud-managed keys.
• Access controls and row-level security (RLS) isolate user-owned records.
• Structured logging with PII-scrubbing practices; secrets are not stored in code.

7. Third-Party Services

• Email Inbound: Postmark for inbound processing.
• Cloud Hosting and Storage: Microsoft Azure (App Service for API/Worker, Azure Blob Storage, Azure Database for PostgreSQL).
• Messaging/Queue: Azure Service Bus.
• AI Parsing: OpenAI models (GPT‑4o‑mini primary; GPT‑4o fallback) for itinerary extraction.
• Push Notifications: Firebase Cloud Messaging (Android and iOS).
• Observability: Sentry (mobile) and/or Azure Application Insights (API/Worker) for crash/error monitoring and basic performance telemetry.

We select reputable providers and contractually or operationally require appropriate safeguards. Providers process data on our behalf to deliver the Service.

8. Your Choices and Controls

• Access and Correction: You can view and edit items within the app.
• Permissions: You can manage app permissions (e.g., Contacts) in Android system settings.
• Notifications: You can control push notifications via OS settings.
• Deletion: You can delete individual trips/items in the app or contact us to request deletion of your account and associated data.

9. Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect information from children under 13.

10. International Users

Our Service is designed for US data residency. If you access the Service from outside the US, you understand your information may be transferred to, stored, and processed in the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the most recent changes. Material changes will be communicated via in‑app notice or email when appropriate.

12. Contact Us

If you have questions or requests (including account deletion), contact us at: [email protected]

—

Note on Definitions: "Personal information" means any information that identifies or can reasonably be linked to an identifiable person. "Processing" includes collection, storage, use, disclosure, and deletion.