Legal

Privacy Policy

Effective date: June 1, 2026  ·  mytriplog.app

This Privacy Policy describes how MyTripLog ("we", "us", or "our") collects, uses, and protects information about you when you use our service at mytriplog.app ("Service"). By using the Service you agree to this policy.

The short version: Your full-resolution photos never touch our servers — they go directly from your device to your own cloud storage. We store only trip metadata, waypoint records, and small photo thumbnails. We do not sell your data or use it for advertising.

1. What We Collect

We collect only what is necessary to provide the Service:

  • Account information — your email address and any display name you set during sign-up.
  • Trip records — titles, descriptions, date ranges, and timezone settings you create.
  • Waypoint records — location coordinates, place names, timestamps, notes, categories, and star ratings you save.
  • Photo thumbnails — compressed copies of your photos (typically under 1 MB each) used to display previews in the app and on shared trip links.
  • Cloud storage references — file IDs and folder paths pointing to full-resolution photos in your connected storage. We store the reference, not the file.
  • OAuth tokens — access and refresh tokens for connected cloud storage accounts (Google Drive, Dropbox), stored encrypted, used only to perform uploads and generate download links on your behalf.
  • Session data — standard authentication tokens stored in your browser to keep you signed in.

We do not collect payment data, government-issued identification, precise real-time location data (beyond what you explicitly save as a waypoint), or any data from your device beyond what you actively provide.

2. What We Do Not Collect

Full-resolution photos are never stored on our servers. When you connect a cloud storage account and upload a photo, your device sends the full-resolution file directly to your Google Drive or Dropbox — MyTripLog's servers are not in that data path. We receive only the thumbnail you authorise us to store.

We do not track your location in the background. We do not run analytics that identify you individually across sites. We do not build advertising profiles. We do not use third-party advertising networks.

3. How We Use Your Information

We use the information we collect solely to provide and improve the Service:

  • To authenticate your account and maintain your session.
  • To store and display your trips, waypoints, and photo thumbnails.
  • To generate public share links at your request.
  • To upload photos to your connected cloud storage on your behalf.
  • To send transactional emails — password resets, account notifications — when you initiate them. We do not send marketing email unless you explicitly opt in.
  • To diagnose errors and improve reliability.

We do not use your data for advertising, profiling, or any purpose unrelated to operating the Service.

4. Data Storage and Security

Trip records, waypoint data, thumbnails, and account information are stored on Supabase (PostgreSQL database hosted on AWS). OAuth tokens are encrypted at rest. All data in transit is protected by TLS.

Access to your data is controlled by row-level security policies: your records are readable only by you (and, for shared trips, by anyone with the share link you generate).

We apply commercially reasonable technical and organisational measures to protect your data. No system is perfectly secure; if you believe your account has been compromised, contact us immediately at hello@mytriplog.app.

5. Connected Cloud Storage

When you connect Google Drive or Dropbox, you authorise MyTripLog to create folders and write files using the permissions you grant through each provider's OAuth flow. The OAuth access and refresh tokens are stored encrypted on our servers and used only to upload photos and generate download links on your behalf.

If you disconnect a storage account, we delete the stored tokens immediately. The files already in your storage are not affected — they remain yours, in your account, governed by your agreement with that provider.

Full-resolution photos uploaded through a connected account are subject to the privacy policy of that provider (Google or Dropbox). We have no access to other files in your storage account beyond the folder we create.

6. Cookies and Local Storage

We use browser storage (cookies and localStorage) only for:

  • Authentication session tokens (to keep you signed in).
  • User interface preferences such as the current trip and theme setting.

We do not use third-party tracking cookies or analytics cookies.

7. Public Share Links

When you enable sharing for a trip, that trip's waypoints, notes, and thumbnails become readable by anyone with the link — without an account. No personal account information (your email, display name) is exposed through a share link.

You can revoke a share link at any time from Trip Settings. After revocation, the trip is immediately inaccessible to link holders.

8. Third-Party Services

We use the following third-party services to operate MyTripLog:

  • Supabase — database, authentication, and file storage. Privacy policy.
  • Cloudflare — DNS, CDN, and hosting. Privacy policy.
  • MapTiler — map tiles displayed in the app. Tile requests include your IP address. Privacy policy.
  • Nominatim / OpenStreetMap — reverse geocoding (converting coordinates to place names). Requests include the coordinates of the waypoint being named. Privacy policy.
  • Google Drive / Dropbox — connected cloud storage (only if you choose to connect). Governed by your agreement with each provider.

We do not share your personal data with any other third party, and we do not sell your data.

9. Your Rights

You can access, correct, export, or delete your data at any time:

  • Delete your account — from Account Settings. This permanently removes all your trips, waypoints, thumbnails, and account information from our servers. Deletion is immediate and irreversible.
  • Disconnect cloud storage — from Account Settings. This deletes the stored OAuth tokens.
  • Revoke share links — from Trip Settings for any trip.
  • Data export or correction requests — email hello@mytriplog.app. We will respond within 30 days.

If you are in the European Economic Area or the United Kingdom, you have additional rights under the GDPR / UK GDPR, including the right to lodge a complaint with your supervisory authority.

10. Children

The Service is not directed at children under 16. We do not knowingly collect personal information from anyone under 16. If you believe a child under 16 has provided us with information, contact us at hello@mytriplog.app and we will delete it promptly.

11. Data Retention

We retain your data for as long as your account is active. When you delete your account, all associated data is permanently removed from our servers. Backups may retain data for up to 30 days, after which it is purged from backup storage as well.

OAuth tokens for connected storage accounts are deleted immediately upon disconnection.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date above and, for material changes, notify registered users by email. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

13. Contact

Questions or requests about your privacy? Email us at hello@mytriplog.app.