Legal
Privacy Notice
Last updated: May 2026
This Privacy Notice explains how Partiitrip collects, uses, and protects your personal data. We are committed to handling your data responsibly and in line with UK GDPR and the Data Protection Act 2018.
1. Who We Are
Partiitrip is the data controller for personal data collected through the Service at partiitrip.com.
Contact: contact@partiitrip.com
We are based in England. If you have any questions about how we handle your data, or want to exercise your rights, please contact us at the email above.
2. What Data We Collect
The data we collect depends on how you use the Service:
| Data type | Who it applies to | How it is collected |
|---|---|---|
| Name and email address | Organisers, waitlist sign-ups, Operators | Provided directly by you when signing up or joining the waitlist |
| PIN (hashed) | Organisers and trip members (where PIN access is enabled) | Created by you; stored in hashed form only - we cannot read your PIN |
| Trip data | All users | Content you or your group enter into the Service - itineraries, notes, polls, expenses, receipts, map data |
| Device and browser information | All users | Automatically collected when you access the Service - includes browser type, device type, IP address, and pages visited |
Trip members who join via a shared link are not required to provide an email address or create an account. The only data we hold for members is any trip content they contribute and their session data.
3. Why We Collect Your Data
We use your data to provide, maintain, and improve the Service. Here is a breakdown:
| Purpose | Legal basis |
|---|---|
| Creating and managing your trip, providing access to app features | Contract performance - processing is necessary to deliver the service you have paid for or signed up to use |
| Managing the early access waitlist and communicating updates about Partiitrip | Legitimate interests (keeping prospective users informed); or consent where you have opted in to marketing communications |
| Improving and debugging the Service, detecting fraud or abuse, ensuring security | Legitimate interests - we have a legitimate interest in keeping the Service reliable and secure |
| Complying with legal obligations | Legal obligation |
| Sending you marketing communications about Partiitrip features or offers (if you have opted in) | Consent - you can withdraw this at any time |
4. Cookies and Tracking
We use a minimal number of cookies, strictly for functional purposes - for example, to keep you signed in during a session. We do not use tracking cookies for advertising or third-party analytics profiling.
By using the Service, you consent to the use of these functional cookies. You can adjust your browser settings to refuse cookies, but this may affect how the Service works.
5. Who We Share Your Data With
We do not sell your personal data. We only share data with trusted third-party providers who help us deliver the Service:
| Provider | Role | Where data is stored |
|---|---|---|
| Supabase | Database infrastructure - stores trip data, user records, and application data | European Union servers |
| Cloudflare | Content delivery network (CDN) and hosting - handles web traffic and serves the app | Global CDN; primary data centres in the EEA |
All third-party providers are required to handle your data in accordance with UK GDPR and are bound by appropriate data processing agreements. We will update this notice if we engage new providers.
We may also disclose data if required to do so by law, or to protect the rights, property, or safety of Partiitrip, our users, or others.
6. International Transfers
Your data is primarily stored on Supabase servers in the EU, which benefit from the UK's adequacy decision for EU data transfers. Where any data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place - such as standard contractual clauses or equivalent protections - in line with UK GDPR requirements.
7. How Long We Keep Your Data
| Data type | Retention period |
|---|---|
| Trip data (itinerary, expenses, notes, receipts, polls, map data) | Deleted 90 days after the trip end date |
| Organiser account data (name, email) | Retained while your account is active; deleted within 30 days of an account deletion request |
| Waitlist data (name, email) | Retained until you withdraw from the waitlist or request deletion |
| Device and session data | Retained for up to 90 days for security and debugging purposes |
8. Your Rights Under UK GDPR
Under UK data protection law, you have the following rights:
- Right of access - you can request a copy of the personal data we hold about you.
- Right to rectification - you can ask us to correct inaccurate or incomplete data.
- Right to erasure - you can ask us to delete your personal data in certain circumstances (the "right to be forgotten").
- Right to data portability - you can request your data in a structured, machine-readable format.
- Right to object - you can object to processing based on legitimate interests, including direct marketing.
- Right to restrict processing - you can ask us to limit how we use your data in certain circumstances.
- Right to withdraw consent - where we process your data based on consent, you can withdraw that consent at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at contact@partiitrip.com. We will respond within one month. There is no charge for exercising your rights.
9. Complaints
If you are unhappy with how we handle your data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) - the UK's data protection regulator - at ico.org.uk or by calling 0303 123 1113.
10. Children's Privacy
The Service is intended for users aged 18 and over. We do not knowingly collect personal data from anyone under the age of 18. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.
11. Security
We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or misuse. These include hashed PIN storage, encrypted data in transit (HTTPS), and access controls on our database. No system is completely secure, but we take security seriously and review our practices regularly.
12. Changes to This Notice
We may update this Privacy Notice from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you by email (if we hold your address) or by a notice on the Service. We encourage you to review this page periodically.
13. Contact
For any questions or requests related to this Privacy Notice or your personal data: