HipTrip Legal Policy Brief
Prepared: April 13, 2025
Scope: Terms of Use and Privacy Policy — competitive analysis, decisions made, and rationale
1. What We Built
Two legal pages for hiptrip.com:
/terms— Terms of Use/privacy— Privacy Policy
Both use the same layout/styling as the About page. Linked from the site footer under the Company column.
2. Competitive Analysis
We reviewed policies from three comparable products. AllTrails (JS-rendered, could not fetch full text) provided partial data via search snippets. Komoot and Wanderlog were fully accessible.
Komoot (komoot.com)
- German company (Komoot GmbH), subject to full GDPR
- Liability cap: greater of €100 or 12 months fees — protects against free-tier zero-liability gap
- User content license: perpetual, survives account deletion — aggressive
- No arbitration clause
- Governing law: German law (German text controls)
- Strong outdoor safety disclaimer in liability section
- IP log retention: 90 days; location/GPS data: 28 days
Wanderlog (wanderlog.com / Travelchime Inc.)
- US company, California law
- Age minimum: 18+ (higher than typical 13+)
- Feedback clause: exclusive, irrevocable, perpetual ownership of any feedback submitted
- Non-refundable subscriptions (except as required by law)
- Advertising cookies present; third-party ad networks
- Account deletion: self-service, 2-week processing window
- AI itinerary features present but no explicit AI content disclaimer in TOU
AllTrails (alltrails.com)
- US company, binding arbitration with 30-day opt-out window
- Class action waiver
- Full advertising/attribution SDK stack (Facebook, Google Ads, AppsFlyer, Amplitude)
- Background GPS tracking; HealthKit integration
3. Decisions Made and Rationale
Terms of Use
| Decision | What we did | Why |
|---|---|---|
| Age minimum | 18+ | HipTrip takes payments and describes physical outdoor risk; Wanderlog also uses 18+; 13+ creates liability exposure |
| User content license | Non-exclusive, worldwide, royalty-free, sublicensable | Added sublicensable to cover CDN and infrastructure delivery; kept narrow ("solely to provide and improve the Service") — more user-friendly than Komoot's perpetual/post-deletion terms |
| Feedback clause | Added — HipTrip may use freely, no compensation | Wanderlog uses exclusive/irrevocable language; ours is softer but still protects the company from feature idea claims |
| Liability floor | Greater of $5 or 12 months fees paid | Free users pay $0; without a floor the cap was literally nothing. Komoot uses €100; we used $5 as a minimal but non-zero floor |
| Credits on termination | If we terminate without cause → refund unused credits | We already said credits expire on user-initiated termination; added user protection for company-initiated termination without cause |
| Arbitration | Not included | Neither Komoot nor Wanderlog use it; arbitration clauses are anti-consumer and a trust negative for an early-stage product |
| Governing law | Michigan | RB Code Labs LLC is based in Michigan |
| Outdoor risk section | Dedicated section (§4) | Komoot buries this in liability; for a hiking/biking AI app this deserves prominent treatment |
| AI content disclaimer | Dedicated section (§3) | Neither Komoot nor Wanderlog generate AI itineraries; unique to HipTrip and important to call out explicitly |
Privacy Policy
| Decision | What we did | Why |
|---|---|---|
| IP log retention | 60 days | Komoot: 90 days; we chose 60 as a reasonable middle ground |
| Cookie categories | Split into Strictly Necessary and Analytics tiers | Better transparency; matches how regulators and users expect cookie disclosures to work |
| Analytics disclosure | Vercel Analytics — privacy-friendly, no cross-site tracking, country-level geography only | Differentiates us from AllTrails (7 ad SDKs) and Wanderlog (ad networks); a genuine trust advantage |
| GDPR/EEA section | Added §7 — EEA, UK, and Swiss Users | Neither Komoot nor Wanderlog (despite being GDPR-covered) made this easy to find for US-operated services; covers legal basis, right to object, supervisory authority, transfer mechanism |
| Children's privacy | 18+ intent stated, plus under-13 COPPA catch | Aligns with TOU age minimum; COPPA compliance still required even if we don't intend to serve minors |
| No advertising | Explicitly stated — no ad cookies, no data sold to ad networks | Genuine differentiator vs. AllTrails; worth stating prominently |
| AI training | No training without explicit consent | Directly addresses a top user concern; Wanderlog is silent on this; makes HipTrip's position clear |
| Account deletion | Email hello@hiptrip.com, 30-day processing | Wanderlog has self-service in-app deletion (2 weeks); we don't have that UI yet so email-based is correct for now; consider building self-service later |
4. What We Deliberately Left Out
- Arbitration clause / class action waiver — common in US consumer products (AllTrails has one) but adds friction and is anti-consumer. Not appropriate for an early-stage product trying to build trust.
- Perpetual content license post-deletion — Komoot's content license survives account termination. Ours does not. User-friendly choice.
- Advertising infrastructure — AllTrails runs Facebook, Google Ads, AppsFlyer, Amplitude, Braze. We run Vercel Analytics only. This is a feature, not a gap.
- Subscription auto-renewal language — HipTrip uses one-time credits, not subscriptions. Not applicable.
5. Things to Revisit Later
- Self-service account deletion — currently requires emailing hello@hiptrip.com. Build an in-app delete flow (Profile settings) when possible; reduces support load and improves user trust.
- EU-specific cookie consent banner — if HipTrip acquires significant EEA traffic, a proper consent management layer (for analytics cookies) will be needed under GDPR/ePrivacy.
- CCPA — if the user base grows to include significant California residents, consider adding a "Do Not Sell My Personal Information" section (though we don't sell data, the disclosure may still be required above certain thresholds).
- Age verification — the 18+ minimum is stated but not technically enforced. At current scale this is fine; note it if the product grows.
- Effective date — both documents are dated April 13, 2025. Update when making material changes.
6. Key Company Details
- Legal entity: RB Code Labs LLC
- State of incorporation / governing law: Michigan
- Contact for legal/privacy matters: hello@hiptrip.com
- Third-party processors: Stripe, OpenAI, Google Places, Resend, Vercel, AWS Aurora DSQL