Privacy Policy
Last updated: March 16, 2026
Scope and approach
This policy explains how TripNoted handles your information when you use tripnoted.com and the TripNoted app. We focus on trip-related email only and do not perform general inbox scanning outside travel workflows.
Travel-candidate matching is probabilistic. TripNoted uses patterns and model signals to find likely travel emails. That means some non-travel messages may be looked at by the system and some travel messages may be missed.
How We Protect Google User Data
If you choose to connect a Google account to TripNoted, TripNoted uses Google OAuth so you authorize access directly with Google. TripNoted uses Google OAuth and does not ask for or store your Google password.
TripNoted uses technical safeguards to protect sensitive Google user data. Google OAuth refresh tokens are encrypted at rest. Access tokens are not stored at rest. Access to connected-account data is limited to authenticated, user-scoped application systems and controlled operational workflows.
For TripNoted's regular Gmail import and sync flow, TripNoted's core application database is designed to store message metadata needed to identify, organize, and display travel information, such as message IDs, thread IDs, sender and recipient information, subject lines, timestamps, and connected-account routing data. TripNoted's core application database is designed not to store Gmail message bodies or raw Gmail payloads for the normal Gmail sync flow.
When message content is needed to identify a travel confirmation, parse travel details, or display live message content inside the product, TripNoted may retrieve or process that content transiently as part of the requested feature. In limited cases involving inbound email processing, temporary email payloads may be stored for a short period to support processing, reprocessing, and live-view functionality, and are subject to cleanup and deletion workflows.
TripNoted's operational logging is designed to avoid storing full Gmail-derived content by default. Where logs are kept for reliability, debugging, and security purposes, TripNoted aims to retain only the information needed to operate and secure the service.
You can disconnect your Google account at any time to stop future access for that connection. You can also request deletion of your TripNoted account and related stored data through TripNoted's account deletion tools, subject to limited records retained where necessary for legal, fraud-prevention, billing, or similar compliance reasons described elsewhere in this Policy.
TripNoted's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
For a shorter plain-English overview, see Is it safe to connect my Gmail account to TripNoted?.
Google API Services commitments
TripNoted requests only the Google access needed for the feature you choose. For example, Gmail access is used for travel-import and trip-organization features you ask TripNoted to perform.
- We request only the Gmail scopes needed for TripNoted features.
- We do not use Google user data to serve ads.
- We do not sell Google user data.
- We do not use Google user data to train generalized or general-purpose AI/ML models.
- You can revoke Google access any time at Google Account permissions.
Storage and retention matrix
The table below summarizes the main categories of Google-connected and account-related data that TripNoted may retain, how it is handled, and the expected retention approach.
| Category | How we handle it | Retention |
|---|---|---|
| Google OAuth refresh tokens | Refresh token material for connected accounts is encrypted at rest. | Retained while the connection remains active; removed when the connection is disconnected or the account is deleted. |
| Google OAuth access tokens | Short-lived access tokens are used server-side for active requests and are not stored at rest. | Not retained at rest. |
| Gmail metadata records | Message and thread metadata is stored to organize trips and power app workflows. | Retained while account is active, then deleted through account-deletion flow (target completion within 24 hours). |
| Gmail body/raw content (normal Gmail sync path) | The core application database is designed not to store Gmail message bodies or raw Gmail payloads for this path. Content may be processed transiently for parsing or live view when needed. | No persistent core DB retention by default for this path. |
| Temporary inbound email payloads | Raw inbound payloads may be stored temporarily to support processing, reprocessing, and live-view functionality. | Approximately 7 days under cleanup policy. |
| Debug and operational logs | Operational logging is designed to avoid storing full Gmail-derived content by default, and prompt/context payloads are redacted by default. | Operational retention follows infrastructure lifecycle settings. |
| Archived identity after deletion | A minimal identity record may remain for legal, billing, and fraud-prevention records only. | Up to 7 years for billing/legal obligations. |
Named processors and subprocessors
TripNoted uses the following processors and infrastructure providers as of March 16, 2026. This list is intended to reflect the services currently used for Google-connected data and related product functionality.
| Processor | Purpose | Data categories |
|---|---|---|
| Clerk | Logging you in and confirming active sessions | Account identity details and session tokens |
| Google / Google APIs | Handling account connection and user-authorized Gmail and Calendar access | Google account connection details plus Gmail or Calendar data you authorize TripNoted to access |
| Supabase | Keeping your account and trip data secure | Trip records, account data, and secure token storage |
| Cloudflare | Receiving and processing forwarded emails and trip images | Inbound email payloads and generated image files |
| OpenAI | Supporting classification, parsing, summaries, and assistant features where applicable | Trip-related email metadata and extracted text or prompts needed for requested AI features |
| Google Places API | Place suggestions and enrichment | Place queries and location context |
| Google Distance Matrix API | Travel-time calculations | Origin and destination coordinates |
| Open-Meteo | Weather enrichment | Latitude, longitude, and date window |
| AviationStack / Amadeus | Flight enrichment | Flight date and normalized flight/airport identifiers |
| Google Gemini | Trip image generation | Generated prompt text from trip metadata |
Your controls: disconnect and delete
- Disconnect Google access: disconnect the Google connection in TripNoted or remove TripNoted in Google Account permissions.
- Delete account data: follow instructions on /account-deletion. Signed-in deletion requests run immediately and are completed within about 24 hours.
Legal and billing retention after deletion
After account deletion, TripNoted retains only a minimal archived identity record for billing and legal obligations. This retained record does not contain travel content or OAuth token material.
The billing/legal retention window for that minimal archived record is up to 7 years.
Contact
- Support: support@tripnoted.com
- Privacy: privacy@tripnoted.com
- Legal: legal@tripnoted.com