Open Planner →
Last Updated: April 2026

Privacy & Security

Your trust matters to us. This policy explains what data TheTripArchitect collects, how we use it to generate your itineraries, and the safeguards we've put in place to protect it.

Information We Collect

When you sign in to TheTripArchitect using Google OAuth or another supported provider, we receive a minimal set of profile data: your name, email address, profile picture URL, and a unique provider identifier. We do not receive your Google password or access to any other Google services.

In addition, we store the trip preferences you submit through the planner — origin, destination, travel dates, traveler count, budget range, dietary preferences, and pace — so we can generate your itinerary and let you revisit it later from your history.

How We Use Your Data

The travel preferences you provide are used to construct prompts for our AI models. These prompts produce a personalized day-by-day itinerary, hotel suggestions, and local tips tailored to your inputs. Profile data (name and email) is used only to identify you across sessions, surface your saved itineraries, and send you account-related messages.

We do not sell your data to advertisers, brokers, or third parties. We do not build behavioral advertising profiles.

Data Security

All user data is stored in a secure, managed Postgres database with Row-Level Security (RLS) enabled on every table containing user content. RLS policies ensure that one user can never read or modify another user's itineraries, profile, or preferences — enforcement happens at the database layer, not just in application code.

All traffic between your browser and our servers is encrypted using TLS. Authentication tokens are stored as secure, HTTP-only session artifacts and rotated regularly.

Third-Party AI Services

To generate itineraries, the trip parameters you submit (such as destination, dates, and preferences) are sent to the Lovable AI Gateway, which routes the request to a large language model — currently Google Gemini. These providers process the request to return your itinerary content and may retain prompt logs in accordance with their own privacy policies.

We do not include your email address, full name, or any account-identifying information in AI prompts. Only the trip parameters required to generate the itinerary are sent.

Your Rights

You can request export or deletion of your account and all associated itineraries at any time by contacting us. Deletion is permanent and cascades across all related records.

Contact

Questions about this policy? Reach out via the contact link in the footer and we'll respond within a few business days.