Privacy Policy

1. Introduction

Good Work Dojo LLC ("Company," "we," "us," or "our") operates TripRiff, accessible at tripriff.com and related subdomains (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our Service. By using the Service, you consent to the practices described in this Privacy Policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and display name. If you authenticate via Google OAuth or Apple Sign-In, we receive your name, email address, and profile picture from the identity provider. We store a hashed version of your credentials; we never store plaintext passwords.

2.2 Travel Data

You voluntarily provide travel information including countries and US states visited, visit types (visited, lived, want to go), travel dates, ratings, written reviews, trip notes, activity tags, and photographs. This data is provided at your sole discretion and you may modify or delete it at any time.

2.3 Usage and Device Data

We automatically collect certain information when you use the Service, including your IP address, browser type and version, operating system, device type, referring URL, pages visited, time spent on pages, and interaction patterns. We use Vercel Analytics for aggregated, privacy-friendly web analytics that does not use cookies for tracking.

2.4 Local Storage Data

We use browser local storage to persist certain user preferences and temporary state, such as map builder selections for unauthenticated users and cookie consent preferences. This data remains on your device and is not transmitted to our servers unless you create an account and choose to save it.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Personalize your experience and generate travel recommendations using algorithmic analysis of your travel patterns
• Calculate travel statistics, progress metrics, and award achievement badges
• Enable social features including friend connections, leaderboards, and travel map comparisons
• Generate your public profile page and shareable map, if you opt in by setting a share link
• Generate dynamic Open Graph images for link previews when you share your profile
• Communicate with you about your account, security alerts, or changes to the Service
• Monitor and analyze usage trends to improve the Service, fix bugs, and develop new features
• Detect, prevent, and address fraud, abuse, or technical issues
• Comply with legal obligations

4. Data Storage and Security

Your data is stored using Supabase, which provides encrypted storage at rest and in transit, row-level security policies, and authenticated access controls. Photographs are stored in Supabase Storage with access controls that restrict access to the uploading user and, where applicable, users viewing a public profile.

We implement industry-standard security measures including HTTPS encryption, secure cookie-based session management, parameterized database queries, and row-level security policies on all database tables. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

5. Cookies and Tracking

We use strictly necessary cookies to maintain your authentication session. We use browser local storage to remember your cookie consent preference and to persist temporary application state. We do not use advertising cookies, tracking pixels, or cross-site tracking technologies. Our analytics solution (Vercel Analytics) is privacy-friendly and does not use cookies.

6. Third-Party Services

We integrate with the following third-party services:

• Google OAuth / Apple Sign-In — for authentication. Their respective privacy policies govern data collected during sign-in. We receive only the information necessary for account creation (name, email, profile image).
• Supabase — for data storage, authentication, and file storage. Data is processed in accordance with Supabase's privacy policy and data processing agreement.
• Vercel — for hosting, serverless functions, and privacy-friendly web analytics.

We do not share your personal information with any other third parties for marketing or advertising purposes.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

• Public profile: If you create a shareable profile link, your display name, travel map, travel statistics, and country list will be publicly accessible to anyone with the URL. Setting a share link automatically makes your profile public.
• Friends: If you connect with other users as friends (via invite link or profile referral), they can view your travel data, compare maps, and see your position on shared leaderboards.
• Collaborative recommendations: Your anonymized travel patterns may be used in aggregate to generate recommendations for other users. No personally identifiable information is shared in this process.
• Legal requirements: We may disclose information if required by law, subpoena, court order, or other valid legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfer: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service prior to your information being subject to a different privacy policy.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete personal data
• Delete your account and all associated data
• Export your travel data in a portable format
• Withdraw consent for data processing at any time by deleting your account
• Opt out of public profile visibility in your profile settings
• Object to processing of your personal data in certain circumstances

To exercise any of these rights, contact us at tripriff@gmail.com. We will respond to your request within 30 days.

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal obligations, dispute resolution, or enforcement of our agreements. Anonymized and aggregated data that cannot be used to identify you may be retained indefinitely for analytical purposes.

10. International Data Transfers

Your information may be transferred to and processed in countries other than the country in which you reside. These countries may have data protection laws that differ from the laws of your country. By using the Service, you consent to the transfer of your information to the United States and other countries where our service providers operate.

11. Children's Privacy

The Service is not intended for children under 13 years of age (or under 16 in the European Economic Area). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will take steps to delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new Privacy Policy on this page, updating the "Last updated" date, and, where required by law, sending you an email notification. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:

Good Work Dojo LLC
Email: tripriff@gmail.com