Privacy Policy

TripSynk (“TripSynk”, “we”, “our” or “us”) provides a mobile application that helps groups plan trips, track and split shared expenses, and share photos. TripSynk is an expense-tracking tool — it is not a payment processor and never moves money on your behalf. This Privacy Policy describes how we collect, use, disclose and safeguard information when you use the TripSynk mobile app, our websites (including tripsynk.app) and any related services (collectively, the “Services”).

By creating an account or using the Services, you agree to the practices described in this policy. If you do not agree, please do not use the Services.

We collect the following categories of information:

a. Information you provide

• Account details: phone number, display name and profile photo.
• Trip content: trips you create or join, itineraries, notes, destinations, dates and member lists.
• Expense data: amounts, descriptions, categories, payer and split information, and any receipts you choose to upload.
• Photos & memories: images you upload to a trip album and any captions or tags you add.
• Friends & contacts: people you invite to a trip, friend links and balances between friends.
• Support requests: messages, feedback and files you send us when contacting support.

b. Information collected automatically

• Device & app data: device model, OS version, app version, language, time zone and crash logs.
• Usage data: features used, screens viewed, actions taken (e.g. expense added, trip joined) and aggregated performance metrics.
• Identifiers: a TripSynk user ID, a Firebase installation ID and (where supported) a push-notification token.
• Diagnostics: error reports and stability information used to keep the app working reliably.

c. Information from other people

When a friend invites you to a trip, they share your contact reference (typically a phone number) so we can connect your accounts. If you have not yet signed up, that reference is held as a “ghost” profile and is merged into your account when you sign up.

We use the information we collect to:

• Provide, operate and maintain the Services.
• Authenticate you, secure your account and prevent fraud or abuse.
• Calculate balances and suggest who-owes-whom so your group can settle up outside the app.
• Sync your trips, expenses, photos and friend balances across your devices and with the people you travel with.
• Send transactional notifications (e.g. a friend added an expense, someone paid you back).
• Improve and develop new features through analytics and aggregated usage trends.
• Respond to support requests, enforce our Terms and comply with legal obligations.

TripSynk does not process payments. We do not collect, store or transmit bank accounts, card numbers, UPI IDs or any other payment credentials. Money moves directly between you and your friends through your own banking, UPI or cash — TripSynk only keeps a record of who owes whom.

We do not sell your personal information, and we do not use the content of your trips, expenses or photos for advertising.

We share information only in these limited cases:

• With your trip members. Trip details, expenses, balances and photos are visible to members of the same trip. Friend balances are visible to the two friends involved.
• With service providers. We use trusted vendors (see Section 11) to host data, authenticate users and deliver notifications. They process data only on our instructions.
• For legal reasons. We may disclose information if required by law, court order or to protect the rights, property or safety of TripSynk, our users or others.
• Business transfers. If TripSynk is involved in a merger, acquisition or asset sale, your information may be transferred subject to this policy.
• With your consent. Any other sharing will only occur with your explicit consent.

TripSynk uses Firebase (Google Cloud) for authentication and application delivery, and Supabase (managed Postgres) for trip, expense and friend data. Photos you upload are stored in Supabase Storage. Data is encrypted in transit (HTTPS/TLS) and at rest using industry-standard encryption.

Access to production data is restricted to a small number of authorized engineers, protected by role-based access controls and audit logs. Row-level security policies in our database ensure you can only access trips, expenses and friends you are a member of.

No method of transmission or storage is 100% secure. While we work hard to protect your information, we cannot guarantee absolute security. Please use a strong device passcode and keep your phone secure.

We retain your information for as long as your account is active or as needed to provide the Services. If you delete your account:

• Your profile and personal identifiers are deleted within 30 days.
• Trip and expense records you share with others may be retained in those trips so balances remain accurate, but your name is replaced with an anonymized label.
• Backups containing your data are purged within 90 days of deletion.
• Limited information may be retained longer if required by law (e.g. tax, accounting or fraud-prevention obligations).

Depending on where you live, you may have the right to:

• Access, correct or update the personal information we hold about you.
• Request a copy of your data in a portable format.
• Delete your account and associated personal data.
• Object to or restrict certain processing.
• Withdraw consent where we rely on it.
• Lodge a complaint with your local data protection authority.

To delete your account, email us at contact@tripsynk.in with your full name and the phone number you signed up with. We will verify your identity before acting on the request. See our Delete my account page for the full process.

TripSynk asks for these permissions only when you use the related feature. You can decline or revoke any of them at any time in your device settings.

• Camera & Photos: to scan receipts and upload photos to a trip album.
• Contacts:when you tap “Add from contacts,” your device’s contact picker opens and you manually select a single person. Only that selected contact’s name and phone number are then uploaded to our servers — solely to add them as a friend or trip member and to match them on TripSynk by phone number when they sign up. We never read or upload your full contact book, and we do not use this data for marketing or share it with third parties. Stored contact references are deleted when you remove the friend/member or delete your account.
• Notifications: to alert you about new expenses, settle-up requests and trip activity.
• Storage: to cache trip data for offline use.

TripSynk is not directed to children under 13 (or the applicable age of digital consent in your country). We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us and we will delete it.

We rely on the following sub-processors to operate TripSynk. Each has been chosen for its security posture and privacy practices:

• Google Firebase — authentication (phone OTP), hosting, crash reporting and push notifications.
• Supabase — Postgres database, storage and edge functions.
• Expo / EAS — app build, update delivery and diagnostics.
• Apple App Store & Google Play — app distribution and (where you opt in) reviews & ratings.

These services may collect their own diagnostic data subject to their respective privacy policies. We do not share your trip content with advertising networks or data brokers.

We may update this Privacy Policy from time to time. When we do, we will post the new version here and update the “Last updated” date. For material changes we will give you prominent notice (for example, an in-app banner or an email) before the changes take effect. Continued use of the Services after the effective date means you accept the revised policy.

Questions, concerns or requests about this Privacy Policy or your data? We’re happy to help.

Privacy questions, support requests and anything else — reach us at contact@tripsynk.in. We aim to respond to all verifiable requests within 30 days.