Privacy Policy

This Privacy Policy explains how TripClub (“TripClub”, “we”, “us”) collects, uses, stores, and protects personal data when you use our website and app. It also describes your rights under applicable data protection laws, including the GDPR.

Last updated: January 3, 2026

Quick summary
  • We collect account and profile information you provide, plus basic usage/security logs.
  • If you use Google Sign-In, we only use Google data to authenticate you and create/manage your TripClub account.
  • We do not sell your personal data and we do not use Google user data for ads.
  • You can request access, export, correction, or deletion of your data.

1. Who we are (Data Controller)

The data controller for personal data processed under this policy is TripClub. If you need to contact us about privacy, use the details in the Contact section.

2. Scope

This policy applies to:

  • Our website: https://tripclub.eu and https://tripclub.gr
  • Our web app / PWA: https://app.tripclub.eu

If you follow links to third-party services, their privacy policies apply to your activity on those services.

3. Personal data we collect

3.1 Data you provide

  • Account data: email address, username, password (stored as a secure hash), authentication identifiers.
  • Profile data: display name, photo/avatar, bio, location and travel preferences (only if you choose to provide them).
  • Content & interactions: posts, comments, messages, trip listings, and other content you create on TripClub.
  • Support requests: information you provide when contacting support.

3.2 Data collected automatically

  • Usage data: pages/screens visited, actions taken, timestamps, referring URLs.
  • Device & log data: IP address, browser type, device identifiers, operating system, and diagnostic logs.
  • Security data: information used to prevent fraud, abuse, and unauthorized access.

3.3 Data from third-party sign-in providers

If you sign in using third-party providers (e.g., Google), we receive limited data from them as described in Section 4.

4. Google OAuth / Google Sign-In

TripClub uses Google OAuth (“Google Sign-In”) so you can authenticate securely and access your TripClub account. Our use of Google user data is limited to what is necessary for authentication and account management.

4.1 Google data we access

When you choose Google Sign-In, TripClub may access:

  • Your Google account email address
  • Your public profile name
  • Your profile picture (if available)

TripClub does not request access to sensitive Google data such as contacts, Google Drive files, Gmail content, or Google Calendar data unless explicitly stated in the future and reflected in this policy.

4.2 How we use Google data

  • Create and manage your TripClub user account
  • Authenticate you during login and maintain account security
  • Show your name and avatar inside the app (optional and based on what you provide via Google)

4.3 Storage, sharing, and sale of Google user data

  • Google user data is stored in TripClub’s database as part of your account profile (e.g., email, name).
  • We do not sell Google user data.
  • We do not share Google user data with third parties for advertising purposes.

4.4 Data retention and deletion (Google OAuth)

We retain Google account data for as long as your TripClub account remains active. You can request account deletion at any time (see Section 12). After deletion, we remove associated personal data from active systems within a reasonable timeframe, unless we must retain certain data for legal or security reasons.

4.5 Compliance

TripClub’s use of Google user data is designed to comply with the Google API Services User Data Policy and applicable terms.

5. How we use personal data

We use personal data for the following purposes:

  • Provide the service: create accounts, enable login, show profiles, and operate community features.
  • Community functionality: allow users to publish travel plans, interact, and communicate.
  • Support: respond to requests and troubleshoot issues.
  • Safety & security: prevent spam, abuse, fraud, and unauthorized access.
  • Service improvement: analytics and debugging to improve reliability and user experience.
  • Legal compliance: comply with applicable laws and lawful requests.

If you run marketing emails/notifications, add a paragraph here describing opt-in/opt-out and email provider usage.

7. Sharing and disclosures

We may share personal data only in the following situations:

  • Service providers (processors): hosting, database, monitoring, email delivery, and security services that help us operate TripClub.
  • Legal requirements: if required by law, regulation, or valid legal process.
  • Protection: to protect the rights, safety, and security of TripClub and our users.

We do not sell your personal data.

Optional (recommended): List key subprocessors (e.g., hosting provider) if you want maximum transparency.

8. Data retention

We retain personal data only as long as necessary for the purposes described in this policy, including to provide the service, comply with legal obligations, resolve disputes, and enforce agreements.

  • Account data: retained while your account is active.
  • Content you post: retained unless you delete it or request account deletion (subject to platform rules and legal requirements).
  • Security logs: retained for a limited period to prevent abuse and ensure service integrity.

9. Security

We use reasonable technical and organizational measures to protect personal data, such as access controls, encryption in transit (HTTPS), and monitoring for suspicious activity. No system is 100% secure, but we work to protect your data and improve our security practices.

10. Cookies & similar technologies

We may use cookies and similar technologies to operate TripClub, keep you signed in, prevent abuse, and understand basic usage patterns.

  • Strictly necessary cookies: required for login and core functionality.
  • Preferences: remember settings (if used).
  • Analytics: help us understand performance and improve the service (if enabled).

If you use analytics (e.g., Google Analytics), add provider name, what data is collected, and how users can opt-out.

11. International transfers

If we use service providers located outside the European Economic Area (EEA), we take steps to protect your data through appropriate safeguards (such as Standard Contractual Clauses) where required by law.

12. Your rights

Depending on your location, you may have the right to:

  • Request access to your personal data
  • Request correction or deletion
  • Object to or restrict certain processing
  • Request data portability
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with your local data protection authority

To exercise your rights, contact us at [email protected]. We may need to verify your identity before fulfilling requests.

Account deletion

You can request deletion of your TripClub account and associated data by emailing [email protected] from the email address connected to your account.

13. Children’s privacy

TripClub is not intended for children under the age of 13 (or the minimum age required in your country). If you believe a child has provided personal data, contact us and we will take appropriate steps.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top. If changes are material, we will provide additional notice where appropriate.

15. Contact

For privacy questions, requests, or complaints, contact us:

We reserve the right to make changes to this policy. Any changes to this policy will be posted.

Terms of use | Privacy Policy | Mobile version | Contact Us
© Copyright TripClub
Oxwall Community Software