Trip Memory
Privacy Policy
Trip Memory is a personal travel journal. We try to collect as little about you as possible — just what we need to make the app work for you. This policy explains, plainly, what we collect, why, and what your rights are.
Operator: DMN Solutions SRL (Romania). Contact: andrei.damian@dmnsolutions.com.
1. What we collect
Account
- Email address (to sign in and recover your account)
- Display name (shown only to you)
- Hashed password — we never see or store your actual password (handled by Supabase Auth)
Trip data you create
- Cities, countries, and trip dates you add
- Photos you upload
- Reviews, ratings, and notes you write
- The coordinates and Google place ID of the places you save (returned to us by Google when you select a place from search — this is the place's location, not your device's)
- Optional metadata you fill in (price, company name, duration, etc.)
Preferences
- Default currency, theme preference (system / light / dark)
- Subscription / trial status
We do not collect: your device's location, contacts, calendar, microphone, browsing history, advertising identifiers, or device sensors. We do not track you across other apps or websites.
2. How we use it
Strictly to provide the app: sign you in, store and display your trips and entries, sync across your devices, fetch a cover image for cities you add, and let you search for places. That's it.
3. Where it's stored
All your data is stored on Supabase infrastructure (PostgreSQL database + object storage), hosted in the EU. Data is encrypted in transit (HTTPS/TLS) and at rest.
4. Third parties
- Supabase — hosts our database, file storage, and authentication. See supabase.com/privacy.
- Google Maps Platform — used when you search for a place to add it to a trip. Google receives your typed search query (e.g., "best ramen Tokyo"). We do not send your device's location to Google. See policies.google.com/privacy.
- Wikipedia — we fetch a cover image once per city, server-side, and store it in our own bucket. Your account is not sent to Wikipedia.
- Apple / Google — only if you choose to sign in with their account (currently disabled in the app).
We do not share or sell your personal data to advertisers, brokers, or analytics companies.
5. Your rights
- Access & correct — everything you've added is visible and editable in the app.
- Delete — open Me → Delete account. This permanently removes your account, all your trips, all your photos, and the associated database rows. There is no soft-delete and no grace period.
- Export — email us and we'll send you a copy of your data within 30 days.
- Object & complain — under GDPR, you can object to processing or complain to the Romanian DPA (ANSPDCP) at dataprotection.ro.
6. Retention
We keep your data until you delete your account. After deletion, account and trip data are removed immediately. Photo files are removed within 30 days from backup snapshots.
7. Children
Trip Memory is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will remove it.
8. International transfers
Your data is stored in the EU. Supabase may process data in other regions for redundancy. We rely on standard contractual clauses for any transfers outside the EEA.
9. Security
We use Row Level Security in PostgreSQL so your rows are only visible to your account. Auth tokens are stored in your device's secure storage. We don't claim perfect security — no one should — but we follow standard practices and update dependencies regularly.
10. Changes
If we change this policy in a meaningful way, we'll notify you in the app before the change takes effect. The "Effective" date at the top is updated whenever this page changes.
11. Contact
Questions about this policy or your data: andrei.damian@dmnsolutions.com.