Privacy Policy | Zeitrip

1. Who we are

The Services are provided by Zeitrip. When we say “Personal Data”, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with you or your household.

If you use the Services on behalf of an organization (for example, a company, school, or travel agency), that organization may be the “controller” or “business” for certain processing, and your use may be governed by their policies as well.

2. Scope

This policy covers Personal Data we process when you:

Visit our websites, including marketing pages and public share pages.
Create an account or authenticate (for example, using Google Sign‑In or email links).
Create trips, add events (flights, stays, activities), upload images, and collaborate with others.
Connect third‑party services (for example, Google Calendar).
Contact us for support, feedback, or other communications.

This policy does not cover third‑party products or services you access via the Services (for example, airlines, hotels, maps, or calendar providers). Their privacy practices are governed by their own policies.

2.1 Definitions

“Personal Data” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked (directly or indirectly) with an individual.
“Sensitive Personal Data” generally includes information such as precise geolocation, government IDs, health information, and certain other regulated categories. (Definitions vary by jurisdiction.)
“Processing” means any operation performed on Personal Data (for example, collecting, storing, using, disclosing, deleting).
“Controller” (or “Business”) generally determines why and how Personal Data is processed. “Processor” (or “Service Provider”) processes Personal Data on behalf of a controller.

3. Personal Data we collect

We collect Personal Data from (a) you, (b) your devices, (c) third‑party services you connect, and (d) other users if they invite you to collaborate. The categories below may apply depending on how you use the Services.

Category	Examples	When collected
Account & identity	Name, email, profile photo, authentication identifiers	When you sign up, sign in, or update your profile
Trip content	Trip names, dates, cities, flights, stays, activities, notes you add	When you create or edit trips and events
Collaboration data	Members, roles (owner/editor/viewer), invitations, edits and change history	When you share a trip, accept an invite, or collaborate
Uploaded content	Images and files you upload (e.g., cover images)	When you upload or replace media
Communications	Support requests, feedback, survey responses, emails you send to us	When you contact us or participate in research
Device & usage	IP address, browser type, language, time zone, approximate location, pages viewed, actions taken	When you use the Services
Log & security	Diagnostics, crash reports, authentication events, fraud/security signals	Automatically during use and security monitoring
Payments (if enabled)	Billing name, billing email, subscription status, payment tokens from our payment processor	If you purchase a paid plan (we do not store full card numbers)

3.1. Sensitive Personal Data

We do not require Sensitive Personal Data (such as government IDs, precise geolocation, health data, or biometric data) to provide the Services. Please avoid uploading sensitive information into trip notes, attachments, or descriptions unless you explicitly intend to share it with collaborators.

3.2. Inferences

We may derive inferences from your trip content and usage (for example, preferred destinations or commonly used features) to improve the Services, personalize your experience, and prevent abuse.

3.3. Sources of Personal Data

Directly from you: when you create an account, build itineraries, upload images, or contact support.
From connected integrations: when you choose to connect third‑party services such as Google Calendar.
From other users: when someone invites you to a trip or adds you as a collaborator.
Automatically from your device: when you use the Services (e.g., log data, device/usage information).

3.4. What we don’t collect

We do not intentionally collect your full payment card numbers or CVV (payments, if enabled, are handled by our payment processor). We do not need government IDs to provide the Services, and we do not intentionally collect precise geolocation. If you choose to include sensitive information in trip content, you may be sharing it with collaborators.

4. Google API / Google Calendar data

If you choose to connect Google Calendar, we access Google user data only to provide the calendar features you request (for example, checking connection status, syncing trip events to your calendar, or showing calendar‑related context).

Optional: You can use core trip planning features without connecting Google Calendar.
Limited use: Zeitrip’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
No ads / no generalized AI training: We do not use Google API data for advertising, and we do not use Google API data to develop, improve, or train generalized AI and/or machine learning models.
Permissions: The exact data we can access depends on the OAuth scopes you grant at the time you connect your account.
Disconnect: You can disconnect Google Calendar in settings (or by removing access in your Google Account security settings). Disconnecting stops future access, but does not automatically delete already‑synced trip content stored in Zeitrip.

If you want us to delete Google‑sourced data stored in your Zeitrip account, see “Your choices & rights” below or contact us at privacy@zeitrip.com.

5. How we use Personal Data

We use Personal Data to:

Provide, maintain, and improve the Services (including trip planning, collaboration, and exports).
Authenticate users, secure accounts, and prevent fraud and abuse.
Operate integrations you enable (such as Google Calendar) and keep data in sync when requested.
Process transactions and manage subscriptions (if you purchase a paid plan).
Respond to support requests and communicate about the Services (service messages, changes, and updates).
Analyze usage to understand demand, debug issues, and improve performance and reliability.
Comply with legal obligations and enforce our terms and policies.

We may use aggregated or de‑identified information for analytics, research, and product improvements. Where required by law, we maintain and use de‑identified data in a de‑identified form and do not attempt to re‑identify it.

6. Legal bases (EEA/UK)

If you are in the European Economic Area (EEA) or United Kingdom, we process Personal Data only when we have a valid legal basis, including:

Contract: to provide the Services you request and perform our agreement with you.
Legitimate interests: to secure, improve, and market the Services (balanced against your rights).
Consent: when we ask (for example, certain cookies or optional marketing).
Legal obligation: to comply with applicable laws, court orders, and lawful requests.

7. How we share Personal Data

We may share Personal Data in the following circumstances:

7.1. Service providers (processors)

We use third‑party vendors to help us operate the Services (for example: cloud infrastructure, databases, authentication, file storage, email delivery, analytics, customer support, and payment processing). They are authorized to process Personal Data only as needed to provide services to us under contractual obligations.

Today, our Services are built on Google Cloud / Firebase infrastructure in many deployments. Exact vendors can change over time as we scale; we update this policy when our practices materially change.

7.2. Other users and collaborators

If you share a trip with collaborators, they may see the trip content you add or modify (including certain metadata like who created or last edited items). If you invite someone, they may see limited information needed to accept the invitation (such as trip name and your display name).

7.3. Public links and template sharing

If you enable a public itinerary link or publish/share a template, people with the link can access the shared content. Shared templates may be sanitized to remove certain sensitive details (for example, reservation numbers), but you are still responsible for what you choose to include.

7.4. Legal, safety, and enforcement

We may disclose Personal Data if we believe in good faith it is necessary to: (a) comply with the law, legal process, or lawful requests; (b) protect the rights, property, and safety of Zeitrip, our users, or the public; (c) enforce our terms and policies; or (d) detect, prevent, or address fraud, security, or technical issues.

7.5. Business transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, we may transfer Personal Data as part of that transaction (subject to appropriate confidentiality protections and notice where required).

7.6. Service providers

We use service providers to host and operate the Services. The specific vendors we use may change over time as we scale, but they generally fall into these categories:

Category	What they do	Examples (may vary)
Cloud infrastructure	Hosting, databases, authentication, file storage	Google Cloud / Firebase (common in many deployments)
Analytics & performance	Usage analytics, performance monitoring, crash diagnostics	Analytics and monitoring providers (where enabled)
Customer support	Ticketing, user communications, support operations	Support tooling providers (if used)
Email & notifications	Transactional emails, verification links, service announcements	Email delivery providers (if used)
Payments (if enabled)	Subscription billing and payment processing	Payment processors (we do not store full card numbers)

If you need a current list of named subprocessors for enterprise/compliance review, contact us at privacy@zeitrip.com.

8. Public sharing & collaboration (important)

Zeitrip is designed for collaboration. Some features can make information visible to others:

Invite links: Anyone with a join link may be able to join a trip (depending on your settings and role controls).
Roles: Owners can grant editor or viewer access; editors may be able to add, modify, or delete trip items.
Public itineraries: A public link can be viewed without logging in. Treat it like a “secret URL”: anyone who has it can view the shared content, and it may be forwarded.
Templates: Publishing or sharing a template may expose trip structure and selected details, even if sanitized.

If you need strict confidentiality, do not enable public sharing and avoid including sensitive information in trip content.

9. Cookies & similar technologies

We and our service providers may use cookies, local storage, SDKs, and similar technologies to operate the Services, remember preferences, secure sessions, and understand usage.

Strictly necessary: required for core functionality, authentication, and security.
Preferences: store settings like language, time zone, and UI choices.
Analytics: help us understand product performance and improve reliability (where enabled).

You can control cookies through your browser settings and, where provided, in‑product controls. Blocking certain cookies may limit functionality.

Do Not Track (DNT) signals are handled according to your browser/device behavior and applicable law; there is no single industry standard for responding to DNT.

10. Data retention

We retain Personal Data for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and protect Zeitrip and our users. Retention depends on the data type and context.

Account data: retained while your account is active; deleted or anonymized upon deletion requests, subject to legal/technical limits.
Trip content: retained until you delete it or delete your account, unless it is shared and others retain copies under their accounts.
Logs & security data: typically retained for a limited period for security and debugging, then deleted or aggregated.
Backups: may persist for a limited time in encrypted backups even after deletion, then are overwritten.

If you collaborate on a trip owned by someone else, that owner controls retention of the shared trip content.

11. Security

We implement administrative, technical, and organizational measures designed to protect Personal Data, such as access controls, encryption in transit, monitoring, and least‑privilege practices. However, no method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials and for using secure devices and networks.

11.1. Security incidents

If we become aware of a security incident that affects your Personal Data, we will take steps to mitigate the impact and, where required by applicable law, notify you and/or relevant authorities.

12. Your choices & rights

12.1. Account controls

Profile: update certain profile fields in the app settings.
Integrations: connect/disconnect third‑party integrations like Google Calendar.
Sharing: manage collaborators, roles, invite links, public links, and templates (where available).
Deletion: request account deletion by contacting us (or via in‑app controls if provided).

12.1.1. Communications preferences

You may receive service communications that are necessary to provide the Services (for example, security alerts, billing notices, and product or policy updates). Where we send optional marketing emails, you can opt out using the unsubscribe link in the message or by contacting us at privacy@zeitrip.com. Opting out of marketing does not affect service communications.

12.2. Legal rights (may vary by region)

Depending on your location, you may have rights to: access, correct, delete, port, restrict processing, object to processing, and withdraw consent (where processing is based on consent). You may also have the right to appeal certain decisions.

To exercise your rights, contact us at privacy@zeitrip.com. We may need to verify your identity and request additional information to process your request. Authorized agents may submit requests where permitted by law.

12.3. EEA/UK & Switzerland

If you are in the EEA/UK (or Switzerland), you may also have the right to lodge a complaint with your local data protection authority. If we process your data on the basis of legitimate interests, you can object; we will stop unless we have compelling legitimate grounds or it is needed for legal claims.

12.4. California (CCPA/CPRA) notice

We do not sell Personal Information and we do not share Personal Information for cross‑context behavioral advertising as those terms are defined under California law. We may disclose Personal Information to service providers to operate the Services.

In the last 12 months (depending on your use of the Services), we may have collected the following categories of Personal Information:

Identifiers: name, email address, account identifiers.
Internet/network activity: usage data, device identifiers, IP address, log data.
Geolocation data: approximate location derived from IP address or device settings (not precise geolocation).
Commercial information: subscription status and billing metadata (if you purchase a paid plan).
User content: trip details, notes, and files/images you upload.

We disclose these categories to (a) service providers that help us run the Services and (b) other users you choose to share with (e.g., collaborators and recipients of public links), as described in Sections 7 and 8. For retention, see Section 10.

California residents may have rights to know/access, delete, correct, and limit certain uses of Sensitive Personal Information (if applicable), and to not be discriminated against for exercising these rights. To submit a request, email privacy@zeitrip.com.

12.4.1. Other U.S. state privacy laws

Residents of certain U.S. states (for example, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) may have similar rights to access, delete, correct, and obtain a copy of their Personal Data, and to opt out of certain processing such as targeted advertising, sale of personal data, or profiling in furtherance of decisions with legal or similarly significant effects.

We do not sell Personal Data and we do not use Personal Data for targeted advertising. To exercise applicable rights or appeal a decision on a request, contact privacy@zeitrip.com.

12.4.2. Other jurisdictions

If you are located outside the U.S., you may have additional rights under local law (for example, Canada’s PIPEDA, Brazil’s LGPD, Australia’s Privacy Act, and others). We will respond to requests in accordance with applicable law. Contact privacy@zeitrip.com.

12.5. Automated decision‑making

Zeitrip does not use automated decision‑making that produces legal or similarly significant effects on you (as that term is used in certain privacy laws). We may use automated systems to protect the Services and our users (for example, detecting spam, fraud, abuse, or security incidents), and you may contact us if you believe such systems have affected you unfairly.

13. International transfers

We may process and store Personal Data in countries other than where you live (including the United States), where our service providers operate. When required, we use safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.

13.1. Third‑party links

The Services may include links to third‑party websites, apps, or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with Personal Data.

14. Children’s privacy

The Services are not directed to children and we do not knowingly collect Personal Data from children under 13 (or under 16 in certain jurisdictions). If you believe a child has provided Personal Data to us, contact us at privacy@zeitrip.com.

15. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by posting the updated policy and updating the “Last updated” date, and we may provide additional notice where required by law.

16. Contact us

For privacy questions or requests, contact us at privacy@zeitrip.com.

Attn: Privacy
Daniele Canton
Zurich, 8052
Switzerland

Key points (quick read)