Welcome to TripGlow, a mobile application operated by Endymion Labs ("we," "us," "our"). TripGlow helps travelers stay informed about attraction disruptions, including closures, construction, and crowd conditions across multiple cities.
This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the TripGlow mobile application (the "App") and related services (collectively, the "Services"). By using our Services, you agree to the collection and use of information in accordance with this Privacy Policy.
Account Information: When you create an account using Apple Sign-In or Google Sign-In, we collect your display name, email address, and a unique user identifier.
Location Data: We collect GPS coordinates and location data when you use location-based features. You can control location access through your device settings.
Photo Reports and EXIF Metadata: When you submit photo reports, we temporarily read EXIF metadata (GPS coordinates, timestamp, camera info) to validate that photos were taken at the correct location. After validation, we automatically strip all EXIF metadata from photos before permanent storage.
Photo Analysis via AI: Submitted photos are analyzed using Google Vertex AI (Gemini) to verify content, extract disruption information, and detect inappropriate content.
Device and Usage Data: Device type, operating system, app usage patterns, push notification tokens, IP address, and error logs.
Purchase and Subscription Data: Subscription status and purchase events via RevenueCat. We never collect or store your credit card information — all payment processing is handled by Apple.
Analytics Data: Feature usage patterns, session frequency, user flows, and crash reports.
We use your information to: provide and maintain the App; display relevant disruption information based on your location; process and display photo reports; send push notifications; manage your account; verify photo content using AI; improve our services; manage subscriptions; comply with legal obligations; and protect against fraud and abuse.
Clerk: User authentication via Apple Sign-In and Google Sign-In.
RevenueCat: Subscription and payment management.
Expo: Push notification delivery.
Google Cloud Platform / Vertex AI: Photo analysis using Gemini AI models.
Cloudflare R2: Photo and file storage (with EXIF data stripped).
PostHog: Usage analytics and product insights.
These third parties are contractually obligated to protect your data and use it only for the purposes we specify.
Your data is stored on secure cloud servers located in the United States and via Cloudflare R2 for photo storage.
We implement industry-standard security measures including encryption in transit (TLS/SSL), encryption at rest, access controls, regular security audits, automated EXIF metadata stripping, and network security controls.
No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
We retain your information as long as your account is active or as needed to provide Services.
When you delete your account: all personal information, photo reports, and uploaded photos are permanently deleted. Subscription data may be retained by RevenueCat for legal compliance. Analytics data may be retained in anonymized form.
You can request account deletion at [email protected] or through the App settings.
All Users: You have the right to access, correct, delete, restrict, or port your data, and to withdraw consent.
EU Residents (GDPR): You have additional rights including lodging complaints with supervisory authorities and objecting to automated decision-making. Legal bases for processing include contract performance, legitimate interests, consent, and legal obligation.
California Residents (CCPA): You have the right to know what data is collected, request deletion, and opt out of data sales. We do not sell personal information.
To exercise your rights, email [email protected]. We respond within 30 days (GDPR) or 45 days (CCPA).
Your information may be transferred to and processed in the United States. We ensure appropriate safeguards including Standard Contractual Clauses (SCCs) and Data Processing Agreements with third-party providers.
TripGlow is not directed to children under 13 (or 16 in the EU). We do not knowingly collect information from children. If you believe we have collected information from a child, contact us at [email protected].
We may update this Privacy Policy to reflect changes in practices, legal requirements, or new features. Material changes will be communicated via email and in-app notification. Continued use after changes constitutes acceptance.
Endymion Labs
[email protected]