Privacy Policy

Effective: 2025-01-15 | Version 2.0

This Privacy Policy explains how we collect, use, and protect your information when you use the TripGuard app ("App"). "We", "us" and "our" refer to the TripGuard provider.

1. Controller (Responsible Party)

The controller responsible for data processing is:

Pilatusmedia
Philipp Waldispühl
Schützenrain 18
6012 Obernau
Schweiz
Email: tripguard@protonmail.com

2. Data We Collect

2.1 Account Data

• Email address (required for registration)
• Display name (optional)
• Encrypted password (stored as hash, never in plain text)
• User ID (UUID)

2.2 Trip and Expense Data

• Trip details: title, description, dates, destination, coordinates
• Budget information: amounts, currencies, daily budgets
• Transactions: amounts, categories, payment methods, descriptions
• Location data of expenses (if you add location to transactions)
• Custom categories you create

2.3 Receipt/Photo Data

• Photos of receipts (if you use the receipt scanning feature)
• Extracted receipt data: merchant name, amounts, dates

2.4 Location Data

• GPS coordinates (only when you grant location permission)
• Used for: map display, weather information, location-based expense tracking

2.5 Device and Technical Data

• Device model and manufacturer
• Android version
• App version
• Push notification tokens (FCM tokens)
• Crash logs and diagnostics
• IP address (automatically collected by servers)

2.6 Subscription and Payment Data

• Subscription status (Free, Trial, Premium)
• Purchase tokens from Google Play
• Trial start/end dates

Note: We do NOT store credit card numbers or payment details. All payments are processed by Google Play.

3. Purposes and Legal Bases (GDPR Art. 6)

4. Third-Party Services

We use the following third-party services that may process your data:

4.1 Google AdMob (Advertising)

Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Purpose: Display advertisements in the Free tier of the App

Data collected: Advertising ID, IP address, device information, ad interactions

Note: Premium and Trial users do not see ads and no advertising data is collected.

Privacy Policy: https://policies.google.com/privacy

4.2 Firebase Cloud Messaging (Push Notifications)

Provider: Google LLC

Purpose: Send push notifications about subscription changes, trip invitations

Data collected: FCM token, device information

Privacy Policy: https://firebase.google.com/support/privacy

4.3 Firebase Analytics

Provider: Google LLC

Purpose: Analyze app usage, crashes, and performance

Data collected: App events, device info, crash reports (anonymized)

Privacy Policy: https://firebase.google.com/support/privacy

4.4 Google Play Billing

Provider: Google LLC

Purpose: Process in-app purchases and subscriptions

Data collected: Purchase information, subscription status

Note: Payment details are handled exclusively by Google Play, not by us.

Privacy Policy: https://policies.google.com/privacy

4.5 Google Maps

Provider: Google LLC

Purpose: Display maps, trip routes, expense locations

Data collected: Location coordinates, map interactions

Privacy Policy: https://policies.google.com/privacy

4.6 Geoapify (Geocoding)

Provider: Geoapify GmbH, Germany

Purpose: Convert addresses to coordinates and vice versa (Premium feature)

Data collected: Search queries, coordinates

Privacy Policy: https://www.geoapify.com/privacy-policy

4.7 Open-Meteo (Weather)

Provider: Open-Meteo, open-source weather API

Purpose: Display weather information for trip destinations

Data collected: GPS coordinates

Privacy Policy: https://open-meteo.com/en/terms

4.8 Microsoft Azure Document Intelligence (Receipt Scanning)

Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052, USA

Purpose: Extract text and data from receipt photos (Premium feature)

Data collected: Receipt images you upload

Note: Images are processed and not stored permanently by Microsoft.

Privacy Policy: https://privacy.microsoft.com/privacystatement

4.9 Hetzner (Server Hosting)

Provider: Hetzner Online GmbH

Purpose: Host our backend servers and database

Data stored: All account, trip, and transaction data

Privacy Policy: https://www.hetzner.com/legal/privacy-policy

5. Data Transfers to Third Countries

Some of our service providers are located outside the European Economic Area (EEA), particularly in the USA:

• Google LLC (AdMob, Firebase, Maps, Play Billing) - USA
• Microsoft Corporation (Azure Document Intelligence) - USA

These transfers are protected by:

• EU-US Data Privacy Framework (where applicable)
• Standard Contractual Clauses (SCCs) approved by the European Commission

6. Data Retention

7. Local Data Storage

The App stores some data locally on your device:

• Authentication tokens: Stored in encrypted storage (AES-256-GCM)
• User preferences: App settings, selected currency
• Cached data: For offline functionality

This data is deleted when you log out or uninstall the App.

8. Your Rights (GDPR)

You have the following rights regarding your personal data:

• Right of access (Art. 15): Request a copy of your data
• Right to rectification (Art. 16): Correct inaccurate data
• Right to erasure (Art. 17): Request deletion of your data
• Right to restriction (Art. 18): Limit how we use your data
• Right to data portability (Art. 20): Receive your data in a portable format
• Right to object (Art. 21): Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent at any time (e.g., for ads, push notifications)

To exercise these rights, contact us using the details in Section 1.

You also have the right to lodge a complaint with a supervisory authority (e.g., your local data protection authority).

9. Advertising Consent (Free Tier)

If you use the free version of TripGuard, we show personalized advertisements via Google AdMob. Before showing personalized ads, we request your consent through a consent dialog (Google User Messaging Platform).

You can change your consent settings at any time in the App settings.

Premium and Trial users: No advertisements are shown, and no advertising-related data is collected.

10. Push Notifications

We may send push notifications for:

• Subscription status changes
• Trip invitation updates
• Expense reminders (if enabled)

You can disable push notifications in your device settings at any time.

11. Password Reset

If you use the "Forgot Password" feature, we send a password reset email to your registered email address. This email contains a time-limited reset link. We do not share your email with third parties for this purpose.

12. Security Measures

We implement appropriate technical and organizational measures to protect your data:

• HTTPS/TLS encryption for all data transmission
• Passwords stored as secure hashes (never in plain text)
• Encrypted local storage on your device (AES-256-GCM)
• JWT token-based authentication
• Server hosted in Germany (EU) with Hetzner
• Regular security updates

No method of transmission or storage is 100% secure. If you discover a security issue, please contact us immediately.

13. Children

TripGuard is not intended for children under 16 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will indicate the new effective date at the top. For significant changes, we will notify you through the App or via email.

15. Contact

For privacy questions, data requests, or complaints, please contact us using the details provided in Section 1.