Privacy Policy

Last updated: April 2026

TripSquad ("we", "us") is a product of Afia Labs. This policy explains what we collect, why, and your rights.

What we collect

• Account data: email, display name, emoji, optional @tag handle, profile photo URL.
• Trip data: trip names, destinations, dates, budgets, preferences, votes, chat messages, itineraries you create or participate in.
• Device data: push notification tokens (only if you grant permission), platform, app version.
• Diagnostics: minimal crash and performance data to keep the app working.

We do not collect your location unless you explicitly share it in a trip. We do not sell your data.

How we use it

• To provide the service — sync your trips, deliver realtime updates to your squad, generate AI trip options.
• To send you notifications about trip activity you're part of.
• To improve Scout (our AI) using aggregate, de-identified prompts. We do not train models on the content of your private squad chats or DMs.

Who we share with

• Supabase (backend hosting and realtime).
• Anthropic (Claude API — Scout's responses). Prompts are sent to generate AI output and not retained for training per Anthropic's policies.
• Firebase Cloud Messaging / Apple APNs for push delivery.
• Squad members you invite. Trip-specific data (preferences, votes, chat) is visible to squad members you add.

We don't share your data with advertisers.

Your rights

• Access / export: email us and we'll send you a copy of your data.
• Delete: delete your account in the app (Profile → settings) or email us. Deletion removes your profile, trips you host, and your chat messages within 30 days.
• Correct: update your profile fields any time in the app.
• Opt out of notifications: system settings or in-app toggle.

Children

TripSquad is not intended for users under 13. We do not knowingly collect data from children under 13.

Security

Data is transmitted over HTTPS. Supabase Row Level Security restricts access to your trips to you and your squad. Passwords are hashed. Push tokens are stored per-user and revoked on sign out.

International users

We process data in the United States. If you're in the EU/UK, we rely on standard contractual clauses.

Contact

Questions? Email [email protected].