Privacy Policy

Last updated: December 17, 2025

Data Controller: TRIPSORA CAPITALS LTD (Company Number: 16549250)

Summary of Key Points

What personal information do we collect? We collect information you provide directly (email, name, contact details), automatically generated information (device data, usage analytics), location data for our travel planning services, and chat interaction data for our AI services.

Legal basis for processing: We process your data based on contract performance, legitimate interests, legal obligations, and your consent where required.

AI Services: We use AI (Gemini API and GroqCloud) to provide chatbot services and generate travel itineraries. We do not use your personal data to train AI models.

International transfers: Your data may be transferred outside the UK/EEA to our service providers. We ensure appropriate safeguards are in place.

Your rights: Under UK GDPR, you have rights to access, rectify, erase, restrict, port, and object to processing of your personal data.

Contact us: For privacy queries, email [email protected]

1. Data Controller Information

Data Controller: TRIPSORA CAPITALS LTD
Company Number: 16549250
Address: 124 City Road, London, EC1V 2NX, United Kingdom
Email: [email protected]

2. What Personal Information We Collect

2.1 Information You Provide Directly

Email addresses and names
Usernames and passwords
Phone numbers and mailing addresses
Billing addresses and payment information
Communication preferences
Support inquiries and feedback
Travel preferences and destination interests (for itinerary generation)
Chat messages and queries (when using our AI chatbot)

2.2 Information Collected Automatically

Device information (IP address, browser type, operating system)
Usage data (pages visited, features used, time spent)
Location data (GPS coordinates, approximate location from IP)
Log files and analytics data
Cookies and similar tracking technologies (see our Cookie Policy)
Session data (for Message Boost service tracking)

2.3 AI Service Specific Data

Message Boost Service:

Email address (for service activation and identification)
Payment information (processed by Stripe)
Session data (60-minute service period tracking, active session status)
Chat interaction data (messages, queries, responses during boost period)
Timestamps of service activation and usage

AI-Generated Travel Itineraries:

Travel preferences (destinations, activities, budget)
Trip details (dates, duration, number of travelers)
Special requirements or requests
Email address (for delivery of itinerary)

2.4 Payment Information

Payment data is processed by our payment processor Stripe. We do not store complete payment card details. We receive only:

Transaction confirmation and status
Last 4 digits of card (for your records)
Billing email and name

View Stripe's privacy policy at: https://stripe.com/gb/privacy

3. Legal Basis for Processing

Processing Purpose	Legal Basis	Data Categories
Account creation and service provision	Contract performance	Contact details, account information
Payment processing	Contract performance	Billing information, payment data
Message Boost service delivery	Contract performance	Email, session data, chat history
AI itinerary generation	Contract performance	Travel preferences, trip details
Customer support	Legitimate interests	Contact details, support communications
Service improvement and analytics	Legitimate interests	Usage data, device information
Location-based services	Consent	Location data
Marketing communications	Consent	Email, communication preferences
Legal compliance	Legal obligation	All relevant data as required

4. How We Use Your Information

Provide and maintain our travel planning services
Deliver Message Boost service and track active sessions
Generate AI-powered travel itineraries based on your preferences
Process transactions and manage your account
Respond to customer support inquiries
Send service-related communications
Improve our services through analytics and user feedback
Provide personalized travel recommendations
Comply with legal obligations and protect our rights
Send marketing communications (with your consent)
Maintain chat history for customer support and quality assurance

5. Data Sharing and International Transfers

5.1 Who We Share Data With

Service Providers: Cloud hosting (Google Cloud), payment processing (Stripe), analytics providers (Google Analytics)
AI Service Providers:
- Google Gemini API - for AI chatbot and travel recommendations
- GroqCloud - for AI processing and inference
Legal Requirements: Law enforcement, regulatory authorities when required by law
Business Transfers: In case of merger, acquisition, or asset sale

5.2 AI Service Provider Information

Google Gemini API:

Purpose: AI-powered chat responses, travel recommendations, itinerary generation
Data Shared: Your chat queries, travel preferences, and context necessary for AI responses
Data Processor: Google acts as our data processor
Privacy Policy: Google Privacy Policy

GroqCloud:

Purpose: Fast AI inference and processing
Data Shared: Query text and context for AI processing
Data Processor: Groq acts as our data processor
Privacy Policy: Groq Privacy Policy

Important: We do not use your personal data to train or improve third-party AI models. Your data is processed only to provide you with immediate responses and services.

5.3 International Transfers

Important: Some of our service providers are located outside the UK/EEA, including:

Google Cloud and Gemini API (data centers in various locations)
GroqCloud (United States)

We ensure appropriate safeguards through:

Standard Contractual Clauses (SCCs) approved by the UK ICO
Data Processing Agreements with all processors
Adequacy decisions where applicable
Additional technical and organisational measures (encryption, access controls)

6. Data Retention

Data Type	Retention Period	Legal Basis for Retention
Account information	Duration of account plus 2 years	Contract performance, legal obligations
Payment records	7 years from transaction	Legal obligations (tax, accounting)
Chat history (AI chatbot)	90 days from chat date	Legitimate interests (customer support, quality improvement)
AI-generated itineraries	Until trip date occurs, then deleted within 30 days	Contract performance, data minimization
Message Boost session data	90 days from service activation	Legitimate interests (billing support, dispute resolution)
Support communications	3 years from last contact	Legitimate interests
Marketing data	Until consent withdrawn	Consent
Analytics data	26 months	Legitimate interests
Location data	Until consent withdrawn or account deletion	Consent

User Control: You can request deletion of your chat history or generated itineraries at any time before the automatic deletion period by contacting us at [email protected]

7. AI and Automated Processing

7.1 AI Services We Provide

We use artificial intelligence to enhance our travel planning services, including:

Message Boost AI Chatbot: Enhanced conversational AI with reduced message cooldown (15 seconds vs 45 seconds)
AI-Generated Travel Itineraries: Custom trip planning based on your preferences and requirements
Route Planning AI: Optimized travel routes and destination recommendations
Customer Support: AI-powered initial support and query routing

7.2 How AI Uses Your Data

Input Data (what you provide):

Your questions and chat messages
Travel preferences (destinations, activities, budget, dates)
Context from current conversation
Location data (if you provide it or consent to it)

Processing:

AI analyzes your input to understand intent and preferences
Generates personalized responses, recommendations, and itineraries
Uses context to provide coherent, relevant suggestions

Output Data (what AI generates):

Chat responses and recommendations
Custom travel itineraries in PDF format
Route suggestions and planning information

Important Limitation:

We do not use your personal data to train or improve AI models
Your conversations and data are processed only to provide immediate services
We do not share your data with AI providers for model training purposes
Each interaction is processed independently for your specific request

7.3 AI Data Retention

Chat history: Retained for 90 days for customer support and quality assurance purposes
Generated itineraries: Retained until your trip date occurs, then automatically deleted within 30 days
Session data: Message Boost session information retained for 90 days
User deletion rights: You can request immediate deletion of any AI-generated content at any time

7.4 Your Rights Regarding Automated Processing

Right not to be subject to automated decision-making: You have the right not to be subject to decisions based solely on automated processing that significantly affects you. Our AI features are designed to:

Assist and provide recommendations, not make binding decisions
Supplement rather than replace human judgment
Allow you to verify, modify, or reject AI suggestions
Provide transparency about how recommendations are generated

You can always:

Request human review of AI-generated content
Contest or question AI recommendations
Opt out of AI features where alternatives are available
Request explanation of how AI arrived at specific recommendations

8. Cookies and Tracking

We use cookies and similar technologies to provide and improve our services. For detailed information about our use of cookies, please see our Cookie Policy.

8.1 Types of Cookies We Use

Essential cookies: Required for basic website functionality and service delivery (e.g., session management, Message Boost activation)
Analytics cookies: Google Analytics to understand usage patterns and improve our services
Preference cookies: Remember your settings, language preferences, and choices
Marketing cookies: Personalized advertising and promotional content (requires consent)

8.2 Managing Cookies

You can manage cookie preferences through:

Cookie Preference Centre: Available on our website to customize your cookie settings
Browser Settings: Configure your browser to block or delete cookies
Google Analytics Opt-out: Install the Google Analytics opt-out browser add-on

Please note that blocking essential cookies may affect your ability to use certain features of our Service, including Message Boost.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

9.1 Technical Measures

Encryption of data in transit (TLS/SSL) and at rest (AES-256)
Secure authentication and access controls
Regular security assessments and penetration testing
Automated security monitoring and threat detection
Regular software updates and security patches
Secure API communications with AI service providers

9.2 Organisational Measures

Staff training on data protection and security
Access restricted to authorized personnel only
Incident response and business continuity procedures
Data Processing Agreements with all processors
Regular privacy impact assessments

9.3 Data Breach Notification

Data breach notification: In case of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

Notify the ICO within 72 hours of becoming aware
Notify you without undue delay if the breach affects you
Describe the nature of the breach and likely consequences
Explain the measures taken or proposed to address the breach

10. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

10.1 Access and Portability

Right of access: Request a copy of your personal data, including chat history and generated itineraries
Right to data portability: Receive your data in a structured, commonly used, machine-readable format (e.g., JSON, CSV)

10.2 Correction and Deletion

Right to rectification: Correct inaccurate personal data
Right to erasure ("right to be forgotten"): Request deletion of your personal data, including:
- Chat conversation history
- AI-generated itineraries
- Account information
- Marketing preferences

10.3 Processing Controls

Right to restrict processing: Limit how we use your data in certain circumstances
Right to object: Object to processing based on legitimate interests, including:
- Marketing communications
- Profiling for personalized recommendations
- Analytics and research
Right to withdraw consent: Withdraw consent for consent-based processing at any time, such as:
- Location tracking
- Marketing emails
- Optional cookies
Right not to be subject to automated decision-making: Request human review of decisions made solely by AI

10.4 How to Exercise Your Rights

To exercise your rights, contact us using any of these methods:

Email: [email protected]
Online form: Submit a data subject request through your account settings
Post: TRIPSORA CAPITALS LTD, 124 City Road, London, EC1V 2NX, United Kingdom

Response timeframes:

We will respond to your request within one month
For complex requests, we may extend this by two additional months
We will inform you of any extension within the first month
We will explain the reasons for any delay

Verification: To protect your privacy, we may ask you to verify your identity before processing your request.

11. Children's Privacy

Our services are not intended for children under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you are under 18, please do not use our Service or provide any personal information.

If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information as quickly as possible. If you believe we have collected data from a child under 18, please contact us immediately at [email protected]

12. Marketing Communications

We may send you marketing communications if you have:

Provided consent to receive marketing emails
Purchased or expressed interest in similar services (soft opt-in)

12.1 Types of Marketing

Product updates and new features (e.g., Message Boost promotions)
Travel tips and destination recommendations
Special offers and discounts
Newsletters and company updates

12.2 Opt-Out Options

You can opt out of marketing at any time by:

Clicking "unsubscribe" in any marketing email
Updating your email preferences in your account settings
Emailing [email protected] with your request

Note: Even if you opt out of marketing, we will still send service-related communications (e.g., payment confirmations, account notifications).

13. Complaints and Regulatory Authority

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK's supervisory authority:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom

We encourage you to contact us first at [email protected] so we can try to resolve your concerns directly.

14. Changes to This Policy

We may update this privacy policy from time to time to reflect:

Changes in our practices or services
Legal or regulatory requirements
New features or technologies (e.g., new AI capabilities)
User feedback and best practices

14.1 Notification of Changes

When we update this policy, we will:

Post the updated policy on our website
Update the "Last updated" date at the top of this page
Notify you of material changes via email (if you have an account)
Display a prominent notice on our website for significant changes
Obtain fresh consent where required by law (e.g., for new processing purposes)

Your continued use of our Service after changes indicates acceptance of the updated policy.

15. Contact Information

For any questions about this privacy policy or our data practices:

Data Controller:
TRIPSORA CAPITALS LTD
Company Registration Number: 16549250
124 City Road
London, EC1V 2NX
United Kingdom

Privacy Contact:
Email: [email protected]

Our Websites:
www.routeplanner.ai
www.trip-planner.ai
www.tripbuilder.ai
www.tripsora.com
www.startlifedubai.com
www.stock-ideas.com

Related Policies:
Cookie Policy
Terms of Service

Legal Compliance: This privacy policy complies with:

UK General Data Protection Regulation (UK GDPR)
Data Protection Act 2018
Privacy and Electronic Communications Regulations (PECR)
Consumer Rights Act 2015

Version 2.0 - Last updated: December 17, 2025