Last updated · June 2026

Privacy

Trip Pocket saves your travel ideas and syncs them across your devices through our own service, so the café you saved on your phone is there on your iPad too. This page covers what data the app collects, where it goes, and how long it sticks around.

The short version

  • You sign in with Apple. We get a private user identifier and the email Apple gives us (often a private relay address), plus your name if you choose to share it. No password.
  • Your saved places, lists, trips, captions and the screenshots you import are stored in your account on our service so they sync across your devices. A copy stays on your phone for offline use.
  • To turn an image into a place, our service sends it to Google's Gemini API. On the paid tier we use, Google doesn't train on it.
  • To enrich a place card (photo, address, rating), we look up the place name and city against Google Places and Apple Maps.
  • Crashes and anonymous diagnostics go to Sentry so we can fix bugs.
  • We don't sell data, run ads, load tracking SDKs, or train AI on what you save.
  • You can delete your account and everything in it at any time from Settings.

Signing in

Trip Pocket uses Sign in with Apple, which is required to use the app. From it we receive a stable identifier for your account and the email address Apple passes along — if you choose Apple's "Hide My Email", that's a private relay address and we never see your real one. If you share your name, we store it to label your account. There's no password for us to hold.

What we store and sync

So your pocket works on every device you sign in to, the following is stored in your account on our service (a self-hosted backend, with images held in Cloudflare R2 object storage):

  • The screenshots and photos you import.
  • Captions and text you bring in from shared Instagram or TikTok posts.
  • The structured place cards we generate (name, city, category, summary, photo URL, address, rating, price level).
  • Your lists, trips, and how you've organised them.
  • Your in-app settings.

A copy is also kept on your phone so the app works offline. This content is private to your account; we don't make it public or share it with other users. Deleting the app removes the local copy; to remove the synced copy from our service, delete your account (see "Your rights" below).

The AI extraction

When you save a screenshot or share a post, the app sends the image and any caption text to our service, which forwards the content to Google's Gemini API to read the places out of it. Gemini processes it under Google's API terms. On the paid Gemini API tier we use, Google does not use the content you send for model training. The image itself is saved to your account so it's available on your devices and is removed when you delete the place or your account.

Place enrichment

Once we have a place name and city, the app calls Google Places and, for some lookups, Apple Maps to fetch a real photo, a short summary, the address, a rating, and a price band. Those requests send only the extracted place name and city, never your image, caption, or device info.

Subscriptions and the App Store

Billing runs entirely through Apple. Trip Pocket receives only the subscription status (active, in trial, expired) needed to unlock features, which we tie to your account through RevenueCat. We never see your payment details or App Store account. Apple's own privacy policy covers everything on their side.

Crash reports and anonymous telemetry

To keep the app from breaking in silence, we use Sentry to collect crash reports and a small amount of anonymous usage telemetry. A typical event contains the crash stack trace, the app version, the iOS version, a Sentry-generated install identifier, your device's IP address, and breadcrumbs noting which screens you visited before the problem. The contents of your place cards, screenshots, and captions never leave your phone. We rely on this under our legitimate interest in keeping the app stable.

We never collect your name, email, precise location, or advertising identifiers through Sentry or anywhere else. If you want the crash data tied to your install wiped, email [email protected] and we'll remove it.

The marketing website

This website (trippocket.app) serves static pages and doesn't run third-party advertising trackers, analytics SDKs, or social pixels. The host we use sees standard request metadata (IP address, user agent, the URL you asked for) to deliver the site and protect it from abuse. Logs are kept briefly and not joined to any other data we hold.

What we don't do

  • We don't sell, rent, or trade your data.
  • We don't show advertising, and we don't profile you for ads anywhere else.
  • We don't read your camera roll. Only the photos you actively import enter the app.
  • We don't track your precise location. Trip Pocket has no location permission.
  • We don't use the content of your saves to train AI models.

Children

Trip Pocket isn't designed for, marketed to, or knowingly used by children under 13 (or under 16 in the European Economic Area). If you believe a child has used the app, please contact us and we'll help.

Your rights

Most of these are a matter of opening the app:

  • Access: open Trip Pocket and your data is right there.
  • Correction: edit any trip or place card directly inside the app.
  • Deletion: delete a place or a list inside the app, or delete your whole account from Settings → Delete account, which permanently removes your account and all its data from our service. Deleting the app removes only the local copy. Crash reports stored at Sentry can be wiped on request.
  • Portability / objection / restriction: email us and we'll honour reasonable requests.

If you're in the EEA, the UK, California, or another region with statutory data rights and want help exercising them, email [email protected]. You also have the right to lodge a complaint with your local data protection authority.

International transfers

Our model providers and Sentry process data in countries that may be outside your own, including the United States. When data leaves the EEA or the UK, we rely on the providers' standard contractual clauses and the safeguards described in their privacy policies.

Data retention

Your account content (places, lists, trips, screenshots, settings) is retained until you delete it in the app or delete your account, at which point it's removed from our service; residual copies in routine backups age out shortly after. The local copy on your phone is gone as soon as you uninstall. Place enrichment lookups follow the cache policies of Google Places and Apple Maps. Crash reports at Sentry are kept for up to 90 days and then deleted automatically.

Security

On-device data benefits from iOS's standard sandboxing and encryption-at-rest. Network traffic between the app and our service is encrypted with TLS, and access to your account is gated by Sign in with Apple. No system is perfectly secure, but we try to keep the moving parts to a minimum.

Changes to this policy

If we change how the app handles data, we'll update this page and bump the date at the top. Material changes will also be flagged in the app the next time you open it.

Getting in touch

Email [email protected] with any privacy question, request, or concern, or find other ways to reach us on the contact page. We'll reply within a few days.