Please note that this Privacy Policy was last revised on August 1, 2025.

At Tripwizy, protecting your personal information is a priority. This Privacy Policy explains in a clear and transparent manner:

what data we collect,
how we use it,
under what conditions we may share it,
and what your rights are to control your data.

This Policy applies when you use the Tripwizy Platform (including the Website, Backend, Interactive Maps and Mobile Applications) as well as our related services (“Services”).

By using our Services, you agree to the practices described in this Policy. If you are using the Services on behalf of an organization, you confirm that you have the necessary authority to bind that organization.

This Policy does not cover the practices of third-party companies that we do not own or control.

Automatic Information Collection

When you access the Tripwizy Platform, certain technical information is automatically collected by our servers, such as your IP address, the approximate location of your device, browser type and version, operating system, language preferences, the page you were viewing before arriving at our Services, pages visited, length of visit, searches performed, and other browsing data.

This information is collected to ensure the security of the Platform (detection of abuse, fraud prevention) and to establish technical operating statistics. The processing is based on our legitimate interest in securing and improving our Services.

This data is kept for a maximum of 24 months before being deleted or anonymized.

The use of cookies and third-party analysis tools (such as Matomo or Google Analytics) is described in the “Cookies and similar technologies” clause.

Collection of Personal Information

The use of the Tripwizy Platform is possible without creating an account and without providing us with information that identifies you. However, certain features (creating maps, subscribing, personalization) require the provision of personal data.

We collect and process the information you voluntarily provide when you create an account, make a purchase, fill out a form, or use certain features. This data may include:

Account details (username, unique identifier, password);
Contact information (email address, phone number, postal address);
Information related to an Organization (name, address, phone number);
Basic personal information (name, country of residence, age, gender, preferences, only if you choose to provide it);
Geolocation data from your device (latitude and longitude), only with your explicit consent via your device settings;
Data relating to your contractual and commercial relationship (prospect/customer status, subscription history, subscription and termination date), collected and managed in our CRM system to ensure relationship monitoring and, where applicable, to send you tailored marketing communications, subject to your rights to object.

The collection of this data is based, depending on the case, on:

the execution of our contract (e.g. managing your account, billing);
your consent (e.g. optional preferences, geolocation);
or our legitimate interest (e.g. B2B relationship with your Organization).

Your information is kept only for the time necessary to provide the Services or to comply with our legal obligations (e.g. retention of invoices for 10 years).

Data Category	Examples	Legal Basis	Retention Period	Recipients / Access
Account Data	Username, email, password	Performance of the contract (account management)	As long as the account is active + 2 years after deletion	Tripwizy (technical team), hosting providers
Contact Data	Email, phone, postal address	Performance of the contract (communication, invoicing)	As long as the account is active + legal duration (10 years for invoices)	Tripwizy, Stripe (payments)
Organization Information	Organization name, address, phone number	Legitimate interest (B2B relationship)	As long as the organization is a customer + 3 years after	Tripwizy
Payment Data	Bank details (via Stripe)	Performance of the contract	Not retained by Tripwizy (Stripe solely responsible)	Stripe
Browsing Data (server logs)	IP, OS, browser, pages visited	Legitimate interest (security, technical statistics)	24 months max	Tripwizy
Analytics Data (Matomo, Google Analytics, Clarity)	Anonymized or pseudonymized usage data, interactions (clicks, navigation, heatmaps, user journey)	Legitimate interest (self-hosted Matomo) / Consent (Google Analytics, Clarity)	Matomo: 12 months; Google Analytics and Clarity: 24 months	Tripwizy, Google, Microsoft
Geolocation Data	Latitude, longitude (mobile app)	Explicit consent	Duration of use + anonymization	Tripwizy
Optional Data	Gender, age, traveler preferences	Explicit consent	As long as the account is active or withdrawal of consent	Tripwizy
Feedback, Reviews, Comments	Suggestions, messages, feedback	Legitimate interest (improvement of Services)	3 years after collection	Tripwizy
CRM Data (commercial and marketing relationship)	Prospect / customer status, subscription history, subscription / cancellation date	Legitimate interest (relationship management and B2B prospecting)	Up to 5 years after the end of the contractual relationship, unless marketing opposition	Tripwizy (sales / marketing team)

Children’s Privacy

Our Services are primarily intended for adult users (tourists, professionals, organizations). Children may access the maps and the information they contain only under the supervision of their parents or legal guardians.

We do not knowingly collect personal information from children under the applicable minimum legal age.

In the United States, this age is set at 13 years old (in accordance with COPPA).
In the European Union and other jurisdictions, the minimum age may vary between 13 and 16 years depending on national legislation.

If you are below this age, you must not use our Services or transmit personal information to us without the prior consent of your parent or legal guardian.

If we learn that a child under the applicable minimum age has transmitted personal data to us without parental consent, we will take the necessary steps to delete it. Parents or guardians can contact us via the contact form on our website https://tripwizy.com to request the deletion of this data.

We encourage parents and guardians to supervise their children’s use of the Internet and to remind them never to share personal information online without their consent.

Use and processing of collected information

Our role may vary depending on the situation:

When we manage the data of our own users (e.g. account creation, billing, subscription management), we act as a data controller.
When our clients (e.g. tourist offices) enter information into their interactive maps, we act as a data processor, and process this data only on their instructions, in accordance with the data processing agreement concluded where applicable.

We use the personal information collected for the following purposes:

Create and manage user accounts;
Provide and operate the Services;
Manage subscriptions and payments;
Respond to support requests and communicate with you;
Send administrative information (technical notifications, invoices, updates to terms);
Improve and personalize the Platform;
Collect user feedback;
Send, only to Users with a Backend account (card creators), marketing and promotional communications, including targeted advertising tailored to their profile and use of the Platform, subject to their explicit consent;
Comply with our legal obligations (e.g. retention of invoices).

The processing of your personal data is based on various legal bases provided for by the GDPR:
– Performance of a contract: management of your account, provision of the Services, invoicing.
– Consent: marketing communications and targeted advertising for card creators, collection of certain optional data (e.g. geolocation). You can withdraw your consent at any time by using the unsubscribe link in our emails or through your account settings.
– Legal obligation: retention of billing data, compliance with tax obligations.
– Legitimate interest: improvement of the Services, B2B relationship with client organizations, security of the Platform.

Simple visitors to interactive maps do not receive targeted advertising and are not subject to direct marketing communications from Tripwizy.

Payment processing

When you make a payment to access our Services, your payment information (e.g. bank details, credit card) is collected directly by our third-party payment service providers (such as Stripe, App Store or Google Play).

Tripwizy does not store your credit card details and never has access to them. Transactions are processed exclusively by these providers, who apply the strictest security standards (including PCI-DSS compliance) and ensure the encryption of exchanges.

Your information is used solely for the purposes of payment processing, billing, subscription management, and, where applicable, refunds or claims processing.

The use of your personal data by these providers is governed by their own privacy policies, which we encourage you to review.

The legal basis for this processing is the performance of the contract (payment of your subscription or in-app purchases).

Information Management

You have the right to access, rectify, delete, and port your personal information, as well as the right to limit or oppose its processing, in accordance with applicable data protection laws.

You can modify or delete certain information directly from your user account. The categories of data accessible may evolve depending on the Services.

If you wish to permanently delete your account and personal information, you can follow the procedure described at the following address: https://tripwizy.com/delete-account.

However, some data may be retained after your account is deleted in the following cases:

To comply with our legal obligations (e.g., retention of invoices for a period of 10 years);
For the prevention of fraud or abuse;
For the exercise or defense of a legal right.

In all cases, the data retained will only be kept for the period strictly necessary for these purposes, then deleted or anonymized.

Disclosure of Information

We share your personal information only in the following cases:

With our affiliates (entities belonging to the same group as Tripisgreat LLC) when necessary to provide the Services;
With our trusted service providers (e.g., hosting, payment processing, customer support, e-mailing services, analytical tools), who act solely on our behalf and in accordance with our contractual instructions;
When required or permitted by law (e.g., legal obligations, legal proceedings, requests from public authorities);
When we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, investigate fraud, or respond to a government request.

Our service providers only have access to the information strictly necessary for the performance of their duties and are not authorized to use this data for their own account, in particular for marketing purposes.

Some of our service providers may be located outside the European Economic Area (EEA). In this case, we ensure that appropriate safeguards are in place, such as the use of Standard Contractual Clauses approved by the European Commission, to ensure an adequate level of protection of your personal data.

Information retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Policy and in the table presented in the “Collection of personal information” paragraph (e.g. account management, billing, assistance, legal obligations).

The data related to your account (identity, contact details, identifiers) are kept as long as it remains active, then deleted or anonymized at the closure, except for legal obligation of conservation (e.g. invoices: 10 years).
The content you enter in the Backend (e.g. places, routes, descriptions, images, files) are kept as long as your account and/or the corresponding map remain active. If you delete a map or your account, this content is also deleted, unless its retention is required by law or for legitimate reasons (e.g. fraud prevention, dispute resolution).
Data relating to your contractual and commercial relationship (e.g. your subscription history, customer status, subscription and termination date) may be stored in our Customer Relationship Management (CRM) system after the end of the subscription, in order to monitor the relationship, analyze our business and send you adapted marketing communications, subject to your rights of opposition.
Aggregated or anonymized data, which no longer allows you to be identified, may be retained without limitation of time for statistical, analytical or Platform improvement purposes.

Once the retention period has expired, your personal data and content are deleted or anonymized. Consequently, your rights of access, rectification, deletion and portability no longer apply to this deleted or anonymized data.

Information Transfer

Your personal data may be processed and stored in countries other than the one in which you reside. In particular, Tripwizy uses servers located both in Europe (European Union) and in the United States.

In addition, some of our subcontractors and third-party service providers (for example: Stripe for payments, Google for analytics, cloud hosts and technical providers) may process your data outside the European Economic Area (EEA) or Switzerland.

When data is transferred from the European Economic Area (EEA) or Switzerland to countries that do not benefit from an adequacy decision from the European Commission (such as the United States), we put in place appropriate safeguards in accordance with the GDPR. These safeguards include in particular the conclusion of Standard Contractual Clauses (SCC) approved by the European Commission with our service providers, as well as, where appropriate, additional technical and organizational measures (e.g. encryption, data minimization).

You can obtain more information on these guarantees by contacting us via the “Contact Us” section of this Policy.

Your data protection rights (GDPR)

If you reside in the European Economic Area (EEA) or Switzerland, you have specific rights regarding your personal data. You can notably:

Access the personal data we hold about you and obtain a copy of it;
Request the rectification of inaccurate or incomplete data;
Request the erasure of your data (“right to be forgotten”) in certain situations;
Temporarily limit the processing of your data, for example during the verification of its accuracy;
Object to the processing of your data based on our legitimate interests, including direct marketing (in this case, we will immediately cease all marketing mailings);
Withdraw your consent at any time, when the processing is based on your consent (e.g. preferences, geolocation, newsletters);
Receive your data in a structured and machine-readable format (“portability”) and, where technically possible, transmit it to another provider;
File a complaint with your local data protection authority if you believe that your rights have not been respected.

To exercise your rights, you can contact us at any time (see the “Contact Us” section). We will respond to your request within a maximum period of one month, in accordance with the GDPR.

California Privacy Rights (CCPA / CPRA)

If you reside in California, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

In the last twelve (12) months, we have collected the following categories of personal information:

Identifiers (such as email address, phone number, account identifiers);
Personal characteristics (such as age, gender, country of residence);
Information related to the use of the Services (e.g., activities on the Platform, preferences).

Under the CCPA/CPRA, you have the following rights, among others:

Right to know what data we collect, use, share, and, if applicable, sell;
Right to access specific pieces of personal data we hold about you;
Right to request the deletion of your personal information;
Right to correct inaccurate personal information;
Right to limit the use and disclosure of sensitive personal data;
Right to opt out of the sale or sharing of your personal data to third parties (we do not currently sell any personal data to third parties);
Right not to be discriminated against if you exercise your rights.

To exercise your CCPA/CPRA rights, you can contact us via the information in the “Contact Us” section. We will respond within a legally required timeframe of 45 days.

How to exercise your rights

You can exercise your rights by contacting us using the information in the “Contact Us” section of this Policy. We will respond to your request within the timeframe provided by applicable regulations (generally 30 days in Europe, 45 days in California).

To protect your data, we may need to verify your identity before fulfilling your request. Your request must contain sufficient information to allow us to confirm your identity or that of your authorized representative.

If your request is submitted by an authorized representative, we may require proof of valid written authorization or power of attorney.

Exercising your rights is free of charge, except in the case of manifestly unfounded, excessive, or repetitive requests, in which case reasonable fees may be charged in accordance with the law.

Cookies and similar technologies

The Tripwizy Platform uses cookies and similar technologies to:

ensure the proper functioning and security of the Platform (necessary cookies),
personalize the user experience,
perform audience and performance measurements (e.g., Matomo, Google Analytics),
offer, where appropriate, relevant marketing content.

Some cookies are strictly necessary and cannot be disabled. Others are only used with your consent.

During your first visit, a banner (“cookie banner”) allows you to manage your preferences and consult the detailed list of cookies used. You can modify your choices at any time via the preference center accessible from the Platform.

You can also configure your browser to block cookies, but some features of the Platform may then be limited.

Data Analysis

We use analytics tools to measure the use of the Platform and improve our Services. These tools collect aggregated statistical information such as pages visited, duration of consultation, or the type of device used. This data is not used to identify you individually.

We use in particular:

Matomo (self-hosted): used for internal statistics purposes, based on our legitimate interest in analyzing the use of the Platform. IP addresses may be anonymized and no data is transmitted outside the European Union.
Google Analytics: activated only with your consent via the cookie banner. The collected data may be transferred to the United States and processed in accordance with the Standard Contractual Clauses of the European Commission.

You can manage your preferences regarding analytical cookies at any time from the cookie banner on the Platform.

“Do Not Track” Signals

Some web browsers have a “Do Not Track” (DNT) feature that allows users to signal to websites they visit that they do not want to be tracked. To date, there is no uniform technical standard for websites and online services to interpret and respond to these signals consistently.

Therefore, the Tripwizy Platform does not currently interpret DNT signals. However, your tracking and cookie preferences can be managed directly through our cookie management banner, which takes precedence over this mechanism.

Advertising and Marketing Communications

Tripwizy may use your information to send you promotional communications and display advertisements in several ways:

Basic Segmentation
We may target certain communications based on your use of the Services (e.g., subscription type, number of cards created, options enabled). This processing is based on our legitimate interest in promoting our Services to our existing customers and users.

Personalized Advertising (Profiling and Retargeting)
We may also, with your prior consent, use more advanced advertising solutions, such as:

retargeting: displaying ads for Tripwizy on third-party sites or applications based on your past interactions with our Platform;
advertising profiling: adapting advertisements or marketing communications based on your characteristics (e.g., location, industry, stated preferences).

These treatments are carried out only with your explicit consent, collected via our cookie banner or an equivalent preference management mechanism. You can withdraw this consent at any time without affecting your use of the Services.

Transparency and Limitations
If you refuse these cookies, only non-personalized (contextual) advertisements may be displayed.
We never share your personally identifiable information with third-party advertisers without your consent.

Advertisements displayed by our partners may use cookies or similar technologies, in accordance with your choices expressed in our cookie preference center.

Social Media Features

Our Services may integrate social media features, such as share buttons (“Like”, “Share”, etc.) offered by third parties like Facebook, X (Twitter), LinkedIn or Instagram (collectively, the “Social Features”).

The use of these Social Features may result in the collection by their providers of certain technical data (such as your IP address, the pages viewed on our Services) and the installation of cookies necessary for their proper functioning. These cookies are only activated with your prior consent via our cookie banner.

Your interactions with these Social Features are governed by the privacy policies of their respective providers, over which Tripwizy has no control. We encourage you to review them before using these features.

Email Marketing

We may offer you the opportunity to receive newsletters and marketing communications, subject to your explicit consent upon registration. You can withdraw this consent at any time by using the unsubscribe link in each email or by contacting us directly.

Your email address will be used only for sending these communications and will only be shared with our service providers specializing in emailing (for example, Brevo), acting as subcontractors and subject to strict confidentiality obligations.

We will retain your data for commercial prospecting purposes until you unsubscribe, or for a maximum of three (3) years after your last interaction with our marketing emails.

In accordance with the CAN-SPAM Act (for users in the United States) and the GDPR/ePrivacy (for European users), all emails will clearly indicate the sender and contact details, as well as a visible unsubscribe link.

Transactional emails (e.g., subscription confirmations, invoices, technical notifications) will continue to be sent to you even if you unsubscribe from marketing emails.

Affiliate Links

Our Services may contain affiliate links to products or services offered by third parties. If you click on one of these links and make a purchase, we may receive a commission at no additional cost to you.

When necessary, an affiliate cookie may be placed on your browser to enable transaction tracking and commission attribution. These cookies are only activated with your prior consent via our cookie banner and are kept for a maximum of sixty (60) days, depending on the partner program concerned.

In accordance with applicable regulations, we clearly indicate when a link is an affiliate link in order to ensure fair and transparent information.

Links to Other Resources

The Services may contain links to websites, applications or resources operated by independent third parties. These links are provided for your convenience only. Tripwizy has no control over these external resources and their presence does not imply our endorsement of their content or practices.

We are not responsible for the privacy, security, or data collection practices of these third parties. We encourage you to be vigilant when you leave our Services and to carefully review the privacy policies applicable to each external resource you visit.

Information Security

We implement appropriate technical, organizational, and physical measures to protect your personal information from unauthorized access, use, modification, or disclosure. Your data is stored on secure servers in a controlled environment and all communications with the Platform are protected by encryption (TLS/SSL).

We only work with providers that comply with industry standards (e.g., PCI-DSS standards for payments via Stripe).

However, you acknowledge that the transmission of data over the Internet or via a mobile network cannot be completely guaranteed. Although we make our best efforts to protect your information, we cannot ensure absolute security.

Data Breach Event

In the event of a personal data breach or security vulnerability that could create a risk to your rights and freedoms, we will immediately take all reasonable steps to contain, correct and mitigate the incident.

In accordance with applicable regulations (including the General Data Protection Regulation – GDPR – and the California Consumer Privacy Act – CCPA), we undertake to:

Notify the competent authority (e.g. a data protection authority in the European Union) within the legal deadlines, i.e. within a maximum of seventy-two (72) hours after becoming aware of the breach, unless it is unlikely to create a risk to the rights and freedoms of the data subjects;
Inform the data subjects without undue delay when the breach is likely to create a high risk (EU) or a significant risk of harm (US, Canada, etc.), specifying the nature of the data affected, the potential consequences and the corrective measures put in place;
Cooperate with the competent authorities and provide all the information necessary for the investigation and monitoring of the breach;
Implement appropriate corrective measures, such as strengthening system security, resetting access credentials or adopting additional protective measures to limit the consequences of the incident.

Changes and Amendments

We reserve the right to modify this Privacy Policy at any time. When we do, we will update the revision date at the bottom of the page.

In the event of substantial changes regarding the use of your personal information, we will notify you by an appropriate means (e.g., notification in the Backend or email). In this case, if required by law, we will request your consent again before these changes take effect.

An updated version of the Policy is effective upon its publication, unless otherwise stated. Your continued use of the Services after the effective date constitutes your acceptance of the revised Policy.

Acceptance of this policy

By accessing and using the Services, you acknowledge that you have read and understood this Policy and agree to its application to your personal information.

However, certain uses of your data (such as marketing prospecting, geolocation, or the placing of non-essential cookies) are subject to your explicit consent, which you may give, refuse, or withdraw at any time via the mechanisms provided (cookie banner, account preferences, unsubscribe link, etc.).

If you do not agree to the terms of this Policy, you must not use the Services.

Contacting us

If you have any questions, concerns, or complaints regarding this Policy, we encourage you to contact us using the contact form on the homepage of the website https://tripwizy.com/contact or the Live Chat accessible at the bottom right.

Please note that the Privacy Policy was last revised on August 1, 2025.