Privacy Policy

Last Updated:

May 22, 2026

Privacy Policy

Last Updated: May 22, 2026  ·  Effective Date: May 22, 2026

1. Introduction

This Privacy Policy describes how Trapalanda LLC ("Trapalanda," "we," "us," or "our") collects, uses, shares, and protects information about you when you use the Trapalanda mobile application (the "App"), our website at trapalanda.io (the "Website"), and any related services (collectively, the "Services").

Trapalanda LLC is a limited liability company organized under the laws of the State of Wyoming, USA, with registered address at 30 North Gould Street, Ste N, Sheridan, WY 82801, USA. For purposes of the EU/UK General Data Protection Regulation ("GDPR"), Trapalanda LLC is the data controller of your personal information.

By using the Services, you agree to the practices described in this Policy. If you do not agree, please do not use the Services.

2. Information We Collect

2.1 Information You Provide to Us

  • Account Information: name, email address, and profile photo, provided directly or through Google Sign-In or Sign in with Apple.

  • Travel Content: itineraries you create, including destinations, dates, planned activities, accommodations, flight details, packing lists, and any notes you add.

  • Support Communications: messages you send to us and the contents of those communications.

2.2 Information Collected Automatically

  • Device and Technical Data: device model, operating system and version, app version, language, time zone, IP address, and general region inferred from IP.

  • Usage Data: features used, screens viewed, interactions, session duration, and similar diagnostic information, collected via Firebase Analytics and Firebase Performance Monitoring.

  • Crash and Stability Data: stack traces and device state at the time of a crash, collected via Firebase Crashlytics.

  • Push Notification Tokens: a device identifier issued by Firebase Cloud Messaging to deliver notifications you have enabled.

2.3 Information From Third Parties

  • Authentication Providers (Google, Apple): basic profile information you authorize them to share, such as email and name.

  • Subscription and Purchase Data (Apple App Store, Google Play, via RevenueCat): subscription status, plan, renewal dates, and anonymized purchase identifiers. We do not receive your full payment card number or bank account information.

  • Flight Data Providers (FlightAware, Flightradar24): public flight status data based on flight numbers you provide.

2.4 Information We Do Not Collect

We do not collect: precise real-time GPS location, phone numbers, payment card or bank account numbers, or government-issued identification.

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Services, including creating and managing your account and storing your itineraries (legal basis under GDPR: performance of a contract).

  • Generate personalized travel recommendations, alerts, and adjustments using automated processing and AI (see Section 4) (legal basis: performance of a contract / legitimate interests).

  • Send transactional communications, such as account confirmations, OTP codes, flight alerts, itinerary updates, and security notices (legal basis: performance of a contract / legal obligation).

  • Send marketing communications about new features or offers, only where you have opted in and only where required by law (legal basis: consent). You can opt out at any time.

  • Process and manage subscriptions through Apple and Google (legal basis: performance of a contract).

  • Analyze usage patterns, debug issues, and improve the Services (legal basis: legitimate interests in operating and improving a stable product).

  • Detect, prevent, and respond to fraud, abuse, security risks, and technical issues (legal basis: legitimate interests / legal obligation).

  • Comply with applicable laws and respond to lawful requests (legal basis: legal obligation).

4. AI and Automated Processing

Trapalanda uses artificial intelligence to enhance your travel planning experience. Specifically, content you create in the App (such as destinations, activities, dates, and itinerary structure) may be processed by Google's Gemini API (Google Developer API) to generate recommendations, alerts, packing lists, and itinerary adjustments.

We use the Gemini Developer API under terms that do not permit the use of your data to train Google's models. Data is transmitted in real time for inference only and is not retained by the model provider for training purposes.

This processing is necessary to provide core features of the Services, and there is no opt-out separate from discontinuing use of the App. The processing does not produce legal or similarly significant effects on you within the meaning of GDPR Article 22.

5. How We Share Your Information

We do not sell your personal information and we do not share your personal information for cross-context behavioral advertising.

We share information only as described below:

5.1 Service Providers and Sub-Processors

We rely on the following third parties to operate the Services. Each is contractually bound to handle your data securely and only for the purposes described:

  • Google LLC (Firebase Auth, Firebase Cloud Messaging, Firebase Analytics, Firebase Crashlytics, Firebase Performance, Google Cloud Platform): authentication, push notifications, analytics, crash reporting, hosting, AI inference (Gemini API). USA.

  • Apple Inc. (Sign in with Apple, App Store): authentication, in-app purchases. USA.

  • RevenueCat, Inc.: subscription management. USA.

  • FlightAware LLC: flight status data. USA.

  • Flightradar24 AB: flight status data. Sweden.

  • Tomorrow.io: weather forecasts by destination (not user-linked). USA.

  • NewsAPI (Adventure Robotics Limited): destination news (not user-linked). United Kingdom.

  • Sendinblue SAS (Brevo): transactional email delivery. EU.

  • Mapbox, Inc.: maps and tiles. USA.

  • Google Places API: place autocomplete and details. USA.

  • Pexels GmbH: stock imagery (no personal data shared). Germany.

We may update this list from time to time. Material changes will be reflected in an updated version of this Policy.

5.2 Legal and Safety

We may disclose information when we believe in good faith that disclosure is necessary to: comply with applicable law, regulation, legal process, or government request; enforce our terms; protect the rights, property, or safety of Trapalanda, our users, or others; or detect, prevent, or address fraud or security issues.

5.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

6. International Data Transfers

Trapalanda is based in the United States and our primary servers are hosted in Google Cloud Platform in the United States (us-central1 region). If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States or other countries that have not received an adequacy decision, we rely on appropriate safeguards, including the EU Standard Contractual Clauses and equivalent UK and Swiss addenda where applicable.

7. Data Retention

We retain your personal information for as long as your account is active. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain certain information for legal, accounting, fraud prevention, or security reasons (in which case the data is securely stored and access is restricted).

Backups may persist for an additional limited period before being overwritten as part of normal backup rotation.

8. How We Protect Your Information

We implement technical and organizational measures designed to protect your personal information, including:

  • Encryption in transit using TLS 1.2 or higher for all client-server communication.

  • Encryption at rest for data stored in Google Cloud Platform and Firebase services.

  • Authentication via Firebase Authentication with industry-standard token signing.

  • Restricted access to production systems on a need-to-know basis.

  • Regular security reviews of our infrastructure and dependencies.

No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Your Rights

Depending on where you live, you may have the following rights with respect to your personal information:

  • Access: request a copy of the personal information we hold about you.

  • Correction: request that inaccurate information be corrected.

  • Deletion: request that we delete your personal information.

  • Portability: receive your data in a structured, machine-readable format.

  • Restriction / Objection: restrict or object to certain processing.

  • Withdraw consent: where processing is based on consent, withdraw it at any time.

  • Lodge a complaint with your local data protection authority.

To exercise these rights, contact us at support@trapalanda.io. You can also delete your account directly from the App, which initiates account deletion as described in Section 7.

We will respond to verifiable requests within the timeframes required by applicable law (typically 30 days under GDPR, 45 days under CCPA, extendable when permitted).

9.1 Notice to California Residents (CCPA / CPRA)

In the last 12 months, we have collected the following categories of personal information from California residents:

  • Identifiers (e.g., name, email, device identifiers, IP address).

  • Internet or other electronic network activity information (e.g., usage data, interactions).

  • Geolocation data (approximate, derived from IP — no precise GPS).

  • Commercial information (subscription status).

  • Inferences drawn from the above to generate recommendations.

Sources of this information, purposes for collection, and categories of recipients are described in Sections 2, 3, and 5 of this Policy.

We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA.

California residents have the right to: know what personal information we collect and how we use it; request deletion; request correction; limit the use and disclosure of sensitive personal information (we do not use sensitive PI for purposes beyond those permitted without a right to limit); and not be discriminated against for exercising these rights.

To exercise these rights, contact support@trapalanda.io. You may also designate an authorized agent to make a request on your behalf, subject to verification.

9.2 Notice to Residents of the European Economic Area, the United Kingdom, and Switzerland

Trapalanda LLC acts as the data controller of your personal information. The legal bases on which we rely are described alongside each processing activity in Section 3.

You have the right to lodge a complaint with your local supervisory authority. If you are in the EU, you can find your authority at edpb.europa.eu. In the UK, the supervisory authority is the Information Commissioner's Office (ico.org.uk).

10. Children's Privacy

The Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a resident of the European Economic Area or the United Kingdom, the minimum age is 16 (or the lower age permitted by your country, no younger than 13), unless verifiable parental consent has been obtained.

If you believe a child under the applicable minimum age has provided us with personal information, please contact support@trapalanda.io and we will take steps to delete that information.

11. Marketing Communications

We will only send you marketing communications (such as newsletters or promotional offers) if you opt in to receive them. You can opt out at any time by clicking the "unsubscribe" link in any marketing email, or by contacting us at support@trapalanda.io.

Transactional communications (such as account confirmations, OTP codes, flight alerts, and security notices) are part of the Services and cannot be opted out of without closing your account.

Push notifications can be disabled at any time in your device settings.

12. Cookies and Similar Technologies

Our Website does not use cookies or third-party tracking technologies for analytics or advertising purposes.

Our mobile App uses device identifiers (such as the Firebase Installation ID and the device's advertising identifier where permitted by you in iOS App Tracking Transparency settings) for analytics, crash reporting, and performance monitoring, as described in Section 2.2. We do not use these identifiers for advertising.

13. Third-Party Links and Services

The Services may contain links to, or be used in conjunction with, third-party websites, apps, or services (for example, airline websites, hotel booking platforms, or map providers). This Policy does not apply to those third parties. We encourage you to review their privacy policies before providing them with personal information.

14. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify you through the App, by email, or by other reasonable means before the changes take effect. The "Last Updated" date at the top of this Policy indicates when it was most recently revised. Your continued use of the Services after an update constitutes acceptance of the updated Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Policy or your personal information, please contact us:

Trapalanda LLC
30 North Gould Street, Ste N
Sheridan, WY 82801, USA
Email: support@trapalanda.io