Privacy Policy

Last updated: April 22, 2026

Who we are

Tripozi ("we", "us") is a travel-planning service. Data controller for GDPR / Polish RODO purposes:

Usługi Informatyczne Szymon Łysek
jednoosobowa działalność gospodarcza (Polish sole proprietorship)
Bielsko-Biała, Polska
NIP: 9372480969

Data-subject requests: [email protected].

What we collect

• Itinerary inputs you submit: destination, duration, style, budget, interests. Stored up to 30 days in our cache to speed up repeat requests. Not linked to your identity.
• Email address: only if you subscribe to the newsletter. Stored until you unsubscribe.
• Anonymous analytics: page views, referrers, country-level location, device type — via Plausible, a privacy-first, cookieless analytics provider we self-host.
• Advertising cookies: if you consent, Google AdSense may set cookies to show relevant ads. You can reject them via our cookie banner.

What we don't collect

• We never sell personal data.
• We never ask for payment details — Paddle handles all premium payments as merchant of record.
• We don't use third-party trackers beyond ones you consent to.
• We don't collect location data beyond what's voluntarily submitted.

Service providers (subprocessors)

Data we process flows through a short list of service providers. Each is bound by a data processing agreement or equivalent contractual commitment:

• OVH (Gravelines, France) — hosts the Tripozi server and Redis cache. EU data residency. OVH privacy.
• Cloudflare — edge CDN + DDoS protection. May log IP and request metadata for security. Cloudflare privacy.
• Google Gemini API — processes your destination / interest / travel-style inputs to generate itineraries. Google processes these via the Gemini API, not the Google Search product. Gemini API terms.
• Unsplash — destination photography. Photo URLs are loaded directly from Unsplash CDN; Unsplash may log image-view IP.
• OpenStreetMap — map tiles + venue data for accessibility / dietary pages. OSM may log tile-request IP. OSM privacy.
• Resend (when newsletter is enabled) — transactional email delivery. Stores your email address and delivery history.
• Google AdSense (if you consent to ads) — serves advertising, may set cookies and measure ad performance.

Advertising and affiliate links

We participate in affiliate programs including Booking.com, Viator, GetYourGuide, SafetyWing, and Amazon Associates. When you book through our links, we earn a commission at no extra cost to you. See our affiliate disclosure.

If you accept cookies, Google AdSense may show personalized ads based on your interests. You can opt out at Google Ads Settings.

Your GDPR rights (EU) + CCPA rights (California)

You can request access to, correction of, or deletion of any personal data we hold by emailing [email protected]. We respond within 30 days.

Data retention

• Newsletter subscribers: until you unsubscribe.
• Cached itineraries: 30 days rolling.
• Analytics: 12 months aggregated.

Changes

Material changes will be announced via email to newsletter subscribers and via a banner on the site.