Privacy Policy
Effective date: April 13, 2025
HipTrip (“we,” “us,” or “our”), operated by RB Code Labs LLC, is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use hiptrip.com and our related services (the “Service”), how we use it, and the choices you have.
By using the Service you agree to the collection and use of information as described here. If you do not agree, please do not use the Service.
1. Information We Collect
Information you provide directly
- Account information — your email address and display name when you create an account or update your profile.
- Trip content — itinerary titles, destinations, dates, notes, and other details you enter or generate while using the trip planner.
- Support messages — the content of conversations you have with our in-app AI support assistant.
Information collected automatically
- Usage data — pages visited, features used, and interactions with the Service, collected via Vercel Analytics.
- Session data — authentication tokens stored in cookies to keep you signed in (30-day maximum).
- Device and log data — IP address, browser type, operating system, and referral URLs collected by our hosting infrastructure. Raw server logs containing IP addresses are retained for up to 60 days, then deleted or anonymized.
Payment information
When you purchase credits, payment is processed directly by Stripe. We do not store your full card number, CVV, or other sensitive payment credentials. We receive and store a Stripe session identifier, the product purchased, the amount, and the number of credits granted.
2. How We Use Your Information
We use the information we collect to:
- Create and manage your account.
- Generate and store personalized AI itineraries on your behalf.
- Process payments and manage your credit balance.
- Send transactional emails (magic sign-in links, purchase receipts) via Resend.
- Respond to support requests and improve the in-app support experience.
- Analyze aggregate usage to improve the Service (no individual profiling).
- Comply with legal obligations and enforce our Terms of Use.
We do not sell your personal information to third parties. We do not use your data to train AI models without your explicit consent.
3. Third-Party Service Providers
We share data with the following categories of service providers only as necessary to operate the Service:
| Provider | Purpose |
|---|---|
| Stripe | Payment processing |
| OpenAI | AI itinerary generation (trip details you provide are sent to OpenAI APIs) |
| Google Places | Location data for destinations and places |
| Resend | Transactional email delivery (magic links) |
| Vercel | Hosting, analytics, file storage |
| AWS | Database hosting (Aurora DSQL) |
Each provider processes data only as directed by us and is subject to their own privacy policies and data protection agreements.
4. Cookies and Tracking
We use two categories of cookies:
Strictly necessary
Required for the Service to function. These cannot be disabled.
- Session token — keeps you signed in for up to 30 days.
- CSRF token — protects against cross-site request forgery.
Analytics
Help us understand how the Service is used so we can improve it. We use Vercel Analytics, which is privacy-friendly and does not track you across other websites or build individual profiles.
- Pages visited and features used (aggregate, not per-user).
- Referral source and approximate geography (country level).
We do not use advertising cookies, retargeting pixels, or sell data to ad networks.
5. Data Retention
We retain your account and trip data for as long as your account is active. If you delete your account, we delete your personal information and associated content within 30 days, except where retention is required by law (e.g., financial records associated with purchases, which may be retained for up to 7 years).
Anonymized or aggregated data that cannot identify you may be retained indefinitely to improve the Service.
6. Your Rights and Choices
Depending on where you live, you may have the right to:
- Access — request a copy of the personal data we hold about you.
- Correction — update inaccurate information via your profile settings.
- Deletion — request deletion of your account and associated data.
- Portability — receive your data in a structured, machine-readable format.
- Opt-out of marketing — we currently only send transactional emails; you can stop these by deleting your account.
To exercise any of these rights, email us at hello@hiptrip.com. We will respond within 30 days.
7. EEA, UK, and Swiss Users
If you are located in the European Economic Area, United Kingdom, or Switzerland, the following applies in addition to the rights described in Section 6:
- Legal basis for processing — we process your data on the basis of contract performance (providing the Service), legitimate interests (security, analytics, fraud prevention), and your consent where required.
- Right to object — you may object to processing based on legitimate interests at any time.
- Supervisory authority — you have the right to lodge a complaint with your local data protection authority.
- International transfers — your data is transferred to the United States. We rely on standard contractual clauses and other approved transfer mechanisms where required under GDPR Chapter V.
9. Children's Privacy
The Service is intended for users 18 and older and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected such information, we will delete it promptly. If you believe a child has provided us personal information, please contact us.
8. Security
We use industry-standard measures to protect your data, including encrypted connections (TLS), secure token storage, and access controls. However, no system is completely secure. We cannot guarantee the absolute security of your information.
10. International Transfers
HipTrip is operated from Michigan, United States. If you access the Service from outside the US, your data will be transferred to and processed in the US. By using the Service you consent to this transfer. We apply appropriate safeguards for international transfers where required.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service at least 7 days before they take effect. Continued use of the Service after a change is posted constitutes acceptance of the updated Policy.
12. Contact Us
If you have questions or concerns about this Privacy Policy or how we handle your data, please contact us at: