This Privacy Policy (“Privacy Policy”) explains how Tripoutbound UG (haftungsbeschränkt) (“Tripoutbound,” “we,” “our,” or “us”) collects, uses, and shares information in connection with our website at [tripoutbound.co] (the “Site”), our mobile applications, APIs, and any related online services (together, the “Services”). It also describes your rights and choices regarding such information.
By using the Services, you agree to this Privacy Policy. If you do not agree, you should not use or access the Services.
1. Information We Collect
A. Information You Provide
We may collect the following categories of information directly from you:
Account and profile information. Name, email address, password, username, and other identifiers you provide when registering, creating an itinerary, or joining our waitlist.
Contact information. Address, phone number, or other details you share for billing, support, or communication purposes.
Payment information. If you purchase subscriptions or services, payment details are provided to our payment processor (Stripe Payments Europe Ltd). We do not store full credit card numbers.
Correspondence and support content. Information you send us in messages, including feedback, questions, or attachments.
Preferences. Travel preferences, language settings, notification choices, or other optional details you choose to add to your profile.
User-generated content. Any itineraries, notes, or other content you upload or create within the Services.
B. Information Collected Automatically
We automatically collect information about your use of the Services, such as:
Device information. Device type, operating system, browser type, screen size, system settings, and unique device identifiers.
Usage information. Pages visited, features accessed, search queries, clicks, itinerary views, travel options selected, and engagement with our content.
Technical metrics. IP address, current URL, session duration, timestamps, event logs, error reports, crash data, and diagnostic logs.
Interaction data. Links clicked, campaigns engaged with, marketing UTM tags, and referral sources.
Behavioral data. Language settings, how you organize trips, which features you use most frequently, and the order in which you interact with components.
Analytics and performance data. Counts of events, time on site, scroll depth, and navigation flows.
C. Tracking Technologies
We use cookies, log files, web beacons, pixels, SDKs, and other technologies to automatically collect information. See Section 5 (“Cookies and Tracking”) for details.
2. Use of Information
We may use information we collect for the following purposes:
Operating the Services. Creating accounts, providing itineraries, managing subscriptions, processing payments, and sending confirmations.
Communications. Responding to inquiries, sending service updates, technical notices, security alerts, and administrative messages.
Personalization. Tailoring trip recommendations, itineraries, and offers to your travel history and preferences.
Improving the Services. Analyzing usage trends, monitoring performance, fixing errors, testing new features, and conducting research.
Marketing. Sending promotional messages, newsletters, and targeted campaigns (where legally permitted).
Fraud prevention and security. Detecting suspicious activity, preventing unauthorized access, and protecting rights and property.
Legal and compliance. Meeting regulatory requirements, enforcing agreements, and cooperating with authorities.
Corporate transactions. Evaluating or completing mergers, acquisitions, reorganizations, or financing events.
Consent-based activities. Any other purpose for which we obtain your explicit consent.
We may also use aggregated or de-identified data that cannot reasonably identify you for analytics, research, or business purposes.
3. Sharing of Information
We may share your information with:
Affiliates and group entities. For internal operations, consistent with this Privacy Policy.
Service providers. Vendors who provide hosting, analytics, communications, customer support, payments, and other operational services (e.g., AWS, Stripe, SendGrid, Google Analytics).
Professional advisors. Auditors, accountants, lawyers, or consultants for compliance purposes.
Business partners. Select partners who integrate or co-market with our Services, subject to your consent where required.
Authorities. Law enforcement, regulators, or courts if required by law or necessary to protect rights.
Corporate transactions. Potential buyers, investors, or merger partners in the context of due diligence or acquisition.
We do not sell your personal data.
4. Third-Party Services
The Services may contain links to third-party websites, applications, or integrations. These third parties may collect information independently and are responsible under their own privacy policies. Examples include:
Social media plugins (e.g., LinkedIn, X/Twitter)
Third-party analytics tools
External booking or affiliate links
We encourage you to review the privacy policies of any third-party services you use.
5. Cookies and Tracking
A. Do we use cookies?
Yes. Cookies and similar technologies help us provide functionality, measure usage, and personalize your experience.
B. Types of cookies we use
Strictly necessary. Essential for core site functions (e.g., login, navigation, payments).
Performance/analytics. Measure site usage, page views, errors, and performance (e.g., Google Analytics).
Functional. Remember user settings, preferences, and language.
Marketing/targeting. Deliver ads or campaigns, track UTM parameters, measure conversions.
C. Control options
You can manage cookies through your browser settings or via our cookie banner. If you disable certain cookies, parts of the Services may not function.
6. Data Security
We implement administrative, technical, and physical measures to protect your data:
Encryption in transit (TLS 1.2+) and at rest (AES-256).
Role-based access controls.
Regular vulnerability scanning and penetration testing.
Logging and monitoring of system access.
No method of transmission or storage is 100% secure.
7. Data Retention
We retain information for as long as necessary to provide Services or as required by law:
Account data: retained until account deletion + up to 3 years.
Transaction data: 10 years (per German commercial/tax law).
Log files: 6–12 months.
Marketing data: until consent withdrawn.
8. International Transfers
Information may be processed in the EU/EEA, United Kingdom, and other countries. Where transfers occur outside the EU/EEA, we rely on:
Adequacy decisions (Art. 45 GDPR).
Standard Contractual Clauses (Art. 46 GDPR).
Binding corporate rules or other safeguards.
9. Your Rights
EU/EEA/UK users
Under GDPR, you have rights to:
Access, rectify, or erase personal data.
Restrict or object to processing.
Data portability.
Withdraw consent at any time.
Lodge a complaint with the Berlin Data Protection Authority.
California residents
Under CCPA/CPRA, you have rights to:
Know categories and specific pieces of personal data collected.
Delete personal data (subject to exceptions).
Opt out of “sales” or “sharing” of personal data (we do not sell).
Non-discrimination for exercising rights.
Authorized agent rights.
Requests may be submitted to admin@tripoutbound.co.
10. Children
The Services are intended for users 18+. We do not knowingly collect data from children under 16. If you believe we have collected such data, contact us and we will delete it.
11. Business Transactions
If Tripoutbound is involved in a merger, acquisition, financing, or sale of assets, your data may be transferred to the successor entity.
12. Changes to this Privacy Policy
We may update this Privacy Policy periodically. Changes will be posted on the Site with an updated “last revised” date. Continued use of the Services after changes indicates acceptance.
13. Contact Us
Tripoutbound UG (haftungsbeschränkt)
Irmtraud-Morgner-Straße 4
10318 Berlin, Germany
Email: admin@tripoutbound.co