privacy & data

What we keep,
and what we don't.

Plain English. No dark patterns. If you can't find what you need below, write to aditya@tripsmith.io and a human will reply.

Last updated · 16 May 2026

01What we collect.

When you submit a trip, we save your email, your preferences (diet, pace, who's travelling with you, any access notes), and the generated plan. We save which booking links you click on the way out the door, so we know which venues actually became real bookings.

Email. One address, used for magic-link sign-in and the trip-ready notification. Nothing else.
Trip preferences. Diet, pace, group shape, dates, the city. The things you typed into the form.
Generated trips. The itinerary itself — venues, hours, walking times, the chat history with Ask Smith.
Outbound click data. If you tap a Booking.com or GetYourGuide link inside the plan, we log that the click happened. We do not see whether you completed the booking unless the affiliate dashboard tells us so in aggregate.

02What we don't.

No third-party trackers. No Meta pixel. No Google Analytics. No Mixpanel, Amplitude, Heap, PostHog, Segment, Hotjar, FullStory, or any other behavioural-analytics SDK. No fingerprinting. No cross-site identity. No data brokers. We don't have a "data partner."

We don't sell your trips. We don't share your email. We don't build a profile of you to retarget anywhere. The same itinerary is generated whether you book through us or not.

03Where it lives.

One SQLite database on a Hostinger VPS in Europe (Lithuania). Nightly encrypted backups, also in the EU. The trip you generate is written to that one file, on that one server. No CDN cache of your personal data, no third-party database vendor.

04Third parties that touch the data.

The list is short, named, and deliberate. Every one is a working dependency — nothing here is "marketing."

Anthropic (Claude API) — the model that drafts the itinerary. Your destination, dates, and preferences are sent at generation time. Processed in the US. Anthropic does not train on API traffic.
Serper — places search for venue lookups. Sees city + query strings, not your email.
Hostinger SMTP — sends the magic-link email and the trip-ready email. Sees your address and the email body.
Booking.com, GetYourGuide, Viator, Klook — only when you click an outbound link. Standard affiliate redirect; they then see whatever you'd give them when booking directly.

05Cookies.

One cookie. It's called jt-token, it holds your sign-in session, and it expires when you sign out or after 30 days. No analytics cookies. No advertising cookies. No "we use cookies to improve your experience" banner, because there is nothing to consent to that isn't strictly necessary.

06How long we keep it.

Until you delete it. Your trip stays in your account so you can open it on the train next year. There's a Delete account button in your profile — it wipes your trips, your email, and any cached drafts within 24 hours. Or email aditya@tripsmith.io and we'll do it manually, faster.

If you want a copy of everything we have on you before deleting, ask. We'll send a JSON file with your account, your trips, and your chat history. It is your trip.

07Children.

TripSmith is not for users under 13. We don't knowingly collect anything from a child. If you believe a child has signed up, write to us and we'll delete the account. We follow the COPPA standard even though much of our audience is outside the US.

08International transfers.

Your account, your email, and your trips live in the EU. When we generate a plan, the prompt (destination, dates, preferences) travels to Anthropic in the US under standard contractual clauses. The plan comes back, and is stored in the EU again. Nothing about you is parked outside Europe at rest.

09Contact.

One human reads this inbox. Privacy questions, deletion requests, data exports, anything you'd like to ask about how we hold your information — write to aditya@tripsmith.io. We reply in a day, usually less.

What we keep,and what we don't.