Privacy Policy

Last updated: 17 June 2026 · DPDPA 2023 compliant

This policy explains what personal data TripOmeter collects, why, who it's shared with, and the rights you have over it under India's Digital Personal Data Protection Act, 2023 and the IT Rules, 2021. We've tried to write it in plain language — if anything is unclear, email support@tripometer.in.

Categories of data we collect

  • Account data — your email address, and the OTP/session tokens used to sign you in. We don't collect a phone number.
  • Trip & group data — destinations you save, groups you create or join, votes (dates, transport, destination, stay), chat messages, polls, itinerary edits, and expense entries you or your group add.
  • Live Trip location — your precise device location, but only at the moment you tap "Share my location" during an active Live Trip, after your group has sent a "Request locations" prompt. We never collect location in the background or without that explicit action.
  • Device & analytics data — basic, mostly anonymous data like browser type, device type, and page views, used to keep the app working and understand usage at a high level.

Why we process each category

  • Account data — to authenticate you, secure your account, and send service-related email (OTP codes, important account notices).
  • Trip & group data — to provide the core Service: showing your itinerary, syncing votes and chat across your group, and splitting expenses.
  • Live Trip location — solely to show your live position on the map to other members of that specific trip, for as long as you choose to share it.
  • Device & analytics data — to diagnose bugs, understand which features are used, and improve the product.
  • Our legal basis for each of these is your consent (given when you sign up, or in-the-moment for location) and/or our legitimate need to perform the Service you've asked for, consistent with the Digital Personal Data Protection Act, 2023 (DPDPA).

Who we share data with

  • Supabase — our database, authentication, and hosting provider. Supabase processes your account, trip, group, chat, and itinerary data on our behalf, under its own data-processing terms, solely to run the Service.
  • Google (Gmail API) — used only to send OTP emails from our support inbox. We do not share your chat, trip, or itinerary content with Google.
  • Third-party booking sites (for example Booking.com, MakeMyTrip, IRCTC, or RedBus) — we don't transmit your personal data to them. If you click a booking link, you're taken to that site directly, and anything you submit there (name, payment details, etc.) is governed by their own privacy policy, not ours.
  • We do not sell your personal data, and we do not share it with advertisers.
  • We may disclose data if required by law, court order, or to protect the rights, safety, or security of TripOmeter, our users, or the public.

Cookies & similar technologies

  • Session/auth cookies — keep you signed in between visits.
  • Preference cookies — remember settings like your selected budget tier or theme.
  • Anonymous analytics — aggregate, privacy-respecting usage data to help us understand which features matter.
  • We do not use ad-tracking cookies, and we do not use cross-site tracking. TripOmeter shows no ads.

Data retention

  • We keep your account, trip, group, chat, and itinerary data for as long as your account is active, so your trips and history remain available to you.
  • If you delete your account, we delete or anonymize your personal data within a reasonable period (target: 30 days), except where we're required to retain limited records for legal, security, or fraud-prevention purposes.
  • Live Trip location is the most sensitive data we handle — it is only ever stored transiently while sharing is active and is not retained as a historical location log once sharing stops.

How we protect your data

  • Data is encrypted in transit (HTTPS/TLS) between your device and our servers.
  • We use Supabase's row-level security to scope database access so users and groups can only read data they're authorized to see.
  • Authentication uses one-time passcodes and/or hashed passwords — we never store your OTP or password in plain text.
  • Access to production data is restricted to what's needed to operate the Service.
  • No system is 100% secure, and we don't claim specific third-party security certifications; we describe our practices honestly above and continue to improve them.

Children's privacy

  • TripOmeter is not directed at children under 18. We don't knowingly collect personal data from children, and we don't collect payment information from minors (we don't process payments at all). If you believe a child has provided us personal data, contact us and we'll delete it.

Your rights under the DPDPA, 2023

  • Access — request a copy of the personal data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your personal data, subject to legal retention requirements.
  • Withdraw consent — withdraw consent for any processing that relies on it, as easily as you gave it (this may limit features like Live Trip location sharing).
  • Grievance redressal — raise a complaint about how we've handled your data or content (see below).
  • Nominate — nominate another individual to exercise these rights on your behalf in the event of your death or incapacity.
  • To exercise any of these rights, email support@tripometer.in.
  • In accordance with the IT (Intermediary Guidelines) Rules, 2021 and the DPDPA, 2023, we've designated a Grievance Officer to handle data and content concerns. Mark your grievances to support@tripometer.in. We aim to acknowledge grievances within 48 hours and resolve them within 15 days, consistent with the IT Rules, 2021 timelines.

Where your data is hosted

  • Your data is hosted with cloud infrastructure of our database provider currently at ap-south-1 (South Asia - Mumbai) which is a primary setup.

Changes to this policy

  • We may update this Privacy Policy as the Service evolves or legal requirements change. We'll update the "Last updated" date below, and for material changes we'll make reasonable efforts to notify you in-app or by email.

© 2026 TripOmeter.in