Welcome to TripGlow, a mobile application operated by Endymion Labs ("we," "us," "our"). TripGlow helps travelers stay informed about attraction disruptions, including closures, construction, and crowd conditions across multiple cities.
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the TripGlow mobile application (the "App") and related services (collectively, the "Services"). By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.
Account Information: When you create an account using Apple Sign-In or Google Sign-In, we collect your display name, email address, and a unique user identifier.
Location Data: We collect GPS coordinates and location data when you use location-based features. You can control location access through your device settings.
Photo Reports and EXIF Metadata: When you submit photo reports, we temporarily read EXIF metadata (GPS coordinates, timestamp, camera info) to validate that photos were taken at the correct location. After validation, we automatically strip all EXIF metadata from photos before permanent storage.
Photo Analysis via AI: Submitted photos are analyzed by automated systems to verify content, extract disruption information, and detect inappropriate content.
Device and Usage Data: Device type, operating system, app usage patterns, push notification tokens, IP address, and error logs.
Travel Planning Data: Searches, saved attractions, attraction ratings, trip plans, shared-trip collaboration records, roadmap votes or requests, city requests, and routing inputs such as origin and destination coordinates when you use planning features.
Purchase and Subscription Data: Subscription status and purchase events. We never collect or store your credit card information - all payment processing is handled by Apple.
Analytics Data: Feature usage patterns, session frequency, user flows, and crash reports.
We use your information to: provide and maintain the App; display relevant disruption information based on your location; process and display photo reports; send push notifications; manage your account; verify photo content; improve our services; manage subscriptions; comply with legal obligations; and protect against fraud and abuse.
We share data with vendors in the following categories, all bound by data processing agreements:
Identity provider - to authenticate sign-in via Apple and Google.
Subscription management platform - to manage premium subscription status and purchase events.
Push notification delivery service - to deliver notifications to your device.
Email delivery service - to send account, invite, digest, city-request, and disruption-alert emails.
AI inference providers - to analyze photos, process public content for disruption detection, and power AI travel assistant responses.
Map, place search, and routing providers - to search places, display maps, and calculate walking, driving, or transit routes.
Object storage provider - to store photos (with EXIF stripped) and other files.
Data acquisition / web scraping provider - to retrieve public attraction information.
Public enrichment APIs - to enrich attraction records with publicly available place details.
Public APIs and feeds - including transit data feeds (GTFS) and public social feeds we monitor for disruption signals. These do not receive personal data from us.
Error monitoring service - to detect and diagnose application errors.
Product analytics provider - to understand usage patterns.
For the current list of named sub-processors with their purpose, region, and links to their own privacy policies, see our Sub-processor List.
TripGlow application data is stored on secure cloud servers located in Montreal, Canada. Photo storage and some vendor processing may occur in other regions as described in the Sub-processor List. Photo storage is provided by an object storage provider with EXIF data stripped before persistence.
We implement industry-standard security measures including encryption in transit (TLS/SSL), encryption at rest, access controls, regular security audits, automated EXIF metadata stripping, and network security controls.
No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
We retain your information as long as your account is active or as needed to provide Services.
AI chat conversations (messages sent to and received from our AI travel assistant) are automatically deleted after 30 days. This applies to all chat sessions across general and trip-specific conversations.
When you delete your account: personal account records, photo reports, uploaded photos, saved places, ratings, notifications, subscriptions, trip data, city requests, roadmap votes, and other user identifiers in TripGlow systems are deleted or anonymized. Subscription records may be retained by our subscription provider for legal compliance. Analytics data may be retained in anonymized or aggregated form.
You can request account deletion through Settings in the App or by emailing [email protected]. You can request a portable copy of your data through Settings, which produces a JSON bundle of the account data we maintain for portability, including profile, trips, chat history still within retention, saved attractions, reports, gamification records, notifications, subscriptions, corrections, ratings, roadmap activity, city requests, shared-trip collaboration records, and email delivery records.
All Users: You have the right to access, correct, delete, restrict, or port your data, and to withdraw consent.
EU Residents (GDPR): You have additional rights including lodging complaints with supervisory authorities and objecting to automated decision-making. Legal bases for processing include contract performance, legitimate interests, consent, and legal obligation.
California Residents (CCPA): You have the right to know what data is collected, request deletion, and opt out of data sales. We do not sell personal information.
To exercise your rights, email [email protected]. We respond within 30 days (GDPR) or 45 days (CCPA).
Your information may be transferred to and processed in Canada, the United States, and other regions where our sub-processors operate. We ensure appropriate safeguards including Standard Contractual Clauses (SCCs) and Data Processing Agreements with third-party providers.
TripGlow is not directed to children under 13 (or 16 in the EU). We do not knowingly collect information from children. If you believe we have collected information from a child, contact us at [email protected].
We may update this Privacy Policy to reflect changes in practices, legal requirements, or new features. Material changes will be communicated via email and in-app notification. Continued use after changes constitutes acceptance.
Endymion Labs
[email protected]