Privacy Policy
Effective: May 2026 (Proposed)
1. Who we are
TripBuddy ("the App", "we", "us", "our") is operated by GPEE APPS, based in Victoria, Australia. You can contact us at privacy@gpeeapps.com or via gpeeapps.au.
We are committed to protecting your personal information and handling it in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
2. Scope
This policy describes how we collect, use, store and disclose personal information when you use TripBuddy through any browser, device or interface we provide.
3. Information we collect
- Account details: first and last name, email address, and an authentication credential (password is stored as a salted hash by our auth provider; we never see your plain password).
- Profile preferences: home currency, theme settings (dark/light mode, banner colour, text colour, pastel intensity), and feature toggles such as Trip Budgets.
- Trip and expense data you create: trip names, destinations, dates, budget figures, expense amounts, currencies, exchange rates, categories, notes, work/personal classification, commission entries, and any receipt images or voice recordings you upload.
- Usage analytics: aggregated information about feature use, page views and clicks, used to understand product performance.
- Error and diagnostic logs: error messages, stack traces and the actions leading up to an error, used to debug and improve reliability.
- Technical data: IP address, browser/user-agent string, device type, language, and timestamps of requests.
4. How we collect it
- Directly from you when you sign up, edit your profile, create trips or enter expenses.
- Automatically when you use the App (analytics events, error logs, technical request data).
- From third-party services you ask us to use (e.g. AI providers returning a transcript of your voice recording).
5. Why we use your information
- To provide the App and the features you choose to use.
- To convert currencies using third-party exchange-rate data.
- To process voice recordings and receipt images using AI providers, returning structured expense data to you.
- To send you administrative emails (e.g. account verification, password reset, important service notices).
- To send the operator (us) aggregated metrics emails about App usage.
- To debug issues, improve features, and maintain security and integrity of the service.
- To comply with legal obligations.
6. Disclosure to third parties
We do not sell your personal information. We share limited data with the following service providers strictly to operate the App:
- Lovable Cloud / Supabase — hosting, database, authentication, file storage.
- AI providers (e.g. Google Gemini, OpenAI, accessed via the Lovable AI Gateway) — to transcribe voice recordings and extract data from receipt images.
- Exchange-rate API providers — to look up published market rates between currencies.
- Email delivery providers — to send transactional and administrative emails.
- Government, regulators or courts — where required by law.
7. AI processing notice
When you use voice entry or receipt scanning, the audio or image is transmitted to a third-party AI provider for processing. Per the providers' published terms, content sent through their commercial APIs is not used to train their models. We retain only the structured result and (optionally) the original file you uploaded.
8. International data transfers
Some of our service providers process data outside Australia (including in the United States and the European Union). By using the App you consent to this transfer. We take reasonable steps to ensure overseas recipients handle your information consistently with the APPs.
9. Data retention
We retain your account data for as long as your account remains active. If you delete your account, we will delete or de-identify your personal information within a reasonable period (typically 30 days), except where we are required to retain it for legal, accounting or security reasons.
10. Security
We use industry-standard measures to protect your information, including HTTPS encryption in transit, hashed credentials, row-level security on our database, and access controls on administrative functions. No system is perfectly secure, and you are responsible for keeping your account password confidential.
11. Your rights
Under the Privacy Act and the APPs, you may:
- Request access to the personal information we hold about you.
- Ask us to correct information that is inaccurate, out of date or incomplete.
- Request deletion of your account and associated data.
- Make a complaint about how we handle your information.
Email privacy@gpeeapps.com and we will respond within a reasonable period (usually 30 days). If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
12. Cookies and local storage
The App uses browser local storage and cookies to keep you signed in, remember your theme preferences, and remember which "What's New" entries you've seen. We do not use third-party advertising cookies.
13. Children
TripBuddy is not directed at children under 18. If you believe a child has provided us with personal information, please contact us and we will delete it.
14. Changes to this policy
We may update this policy from time to time. Material changes will be announced through the App's "What's New" panel or by email. The "Effective" date at the top of this page indicates when the current version took effect.
15. Contact
Privacy enquiries: privacy@gpeeapps.com
Website: gpeeapps.au