Privacy Policy

Hoply is a collaborative trip-planning tool. This policy explains what personal data we collect, why we collect it, and what rights you have over it. If you have questions, write to us at hello.hoply@gmail.com.

For users in the EU/UK, the data controller is the operator of Trip Planner; you can reach us at the email above.

We collect only what we need to run the app:

• From your sign-in provider (Google): your email address, display name, and profile picture URL.
• What you put into the app: trips, events, places, notes, expenses, settlements, invite codes, and the cities you assign to days.
• Operational data: timestamps for records you create or edit, and a session cookie that keeps you signed in.

We do not collect your location, contacts, or browsing history.

• To provide the service — store your trips, sync them with your trip members, and let you sign in. Legal basis: performance of a contract (GDPR Art. 6(1)(b)).
• To show your profile to other trip members — name and avatar are visible to people you've invited to a trip. Legal basis: legitimate interests (Art. 6(1)(f)).
• To keep the service secure — detect abuse, fix bugs, prevent unauthorised access. Legal basis: legitimate interests.
• To meet legal obligations — for example, if we receive a valid legal request. Legal basis: legal obligation (Art. 6(1)(c)).

We do not use your data for advertising, profiling, or training machine-learning models, and we do not sell it.

Your data is processed by a small number of vendors who help us run the service. They are contractually bound to use it only on our instructions:

• Supabase — database, authentication, file storage, and realtime sync.
• Google — sign-in (OAuth). We receive only the profile fields listed above.
• Vercel — web hosting and content delivery.

We don't share your data with anyone else, except where required by law.

Data is stored on Supabase infrastructure and served via Vercel's global CDN. Some processing may happen outside your country, including in the United States. When your data crosses borders we rely on the European Commission's Standard Contractual Clauses (or an equivalent legal mechanism) to keep the protections in place.

We keep your account data for as long as your account is active. When you delete your account, your profile and the trip content you own are removed from our active databases within 30 days. Backups roll over within an additional 30 days. We may retain limited records longer if required by law (for example, billing records).

Hoply does not set any cookies of its own. We use only browser local storage on your device, which falls under "similar technologies" in EU/UK rules:

• Strictly necessary — your sign-in session, so you stay logged in between visits.
• Functional — your last selected trip, the trips you've pinned, and the events you've pinned, so the app remembers your preferences.

All of this is first-party (only this app reads it) and is never used to track you across other sites or services. We do not run analytics, advertising, fingerprinting, or any third-party tracking tools. Because none of our storage is used for tracking, no consent banner is required.

When you sign in with Google, Google's own cookies and privacy policy apply on their sign-in page — that's outside our control and governed by Google's Privacy Policy.

You can clear all of Hoply's local storage at any time from your browser's settings (look for "Clear browsing data" or "Site data"). Doing so will sign you out and reset your preferences but won't affect anything stored on our servers.

If we ever add analytics or any non-essential storage in the future, we'll update this section and ask for your consent first.

If you're in the EU, UK, or a similar regime, you have the right to:

• Access a copy of the personal data we hold about you.
• Correct data that is wrong or out of date — most of this you can edit yourself in the app.
• Delete your data — you can delete your account in the app, or email us.
• Export your data in a portable format.
• Object to processing based on legitimate interests, or ask us to restrict processing.
• Complain to your local data-protection authority if you think we've mishandled your data.

To exercise any of these rights, email hello.hoply@gmail.com. We aim to respond within 30 days.

Hoply is not intended for children under 13, and we do not knowingly collect data from them. In jurisdictions where the digital age of consent is higher (for example, 16 in some EU member states), users below that age should only use the service with their parent or guardian's involvement. If you believe a child has signed up, email us and we'll remove the account.

You can delete your account from the Account screen at any time. Deletion is permanent: your profile, the trips you own, and the events, expenses, and settlements within them are removed immediately. Your memberships, attendances, and splits in trips owned by other people are removed at the same time, and any references to you on those trips' records are anonymised so the trip's history stays coherent for the remaining members.

Profile pictures uploaded to our file storage may persist for up to 30 days after deletion before our periodic cleanup removes them. If you'd like an avatar removed sooner, email us. You can also email us to request account deletion if you'd rather not do it from the app.

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. If we make material changes — for example, adding a new sub-processor or starting to use analytics — we'll notify you in the app or by email before the change takes effect.

Questions, requests, or complaints? Email us at hello.hoply@gmail.com.