tripbudget.ai
Sign inGet an estimate
Legal

Privacy policy

Last updated: 23 May 2026

1. Who we are

TripBudget (the "Service") is operated by Cihat Karakoyun, sole trader, based in Athens, Greece (the "Controller"). For any privacy-related question or request, contact us at privacy@tripbudget.ai.

2. What we collect

We collect only what we need to run the Service:

  • Account data: email address, hashed password (or OAuth identity from Authentik), tenant name and slug, default currency, locale.
  • Usage data: the trip queries you submit (destination, dates, party size, style tier), saved itineraries, and the per-segment booking attempts your account triggers.
  • Payment data: we do not store full card numbers. Card details are tokenised by Stripe and we retain only the last 4 digits, brand, and expiry for display.
  • Operational logs: request metadata (IP, user-agent, timestamp) for security, debugging, and rate-limiting. Logs are retained for 30 days.

3. Why we collect it

We process your data on the basis of (a) contract performance — running the Service you signed up for; (b) legitimate interest — fraud prevention, security monitoring, aggregate analytics; and (c) legal obligation — tax invoicing and bookkeeping under Greek law.

4. Who we share it with

  • Stripe Payments Europe Ltd — payment processing (card data, billing details).
  • Travel inventory + payout providers — when you book or we pay out to a supplier, the counterparty receives the strictly necessary booking and payout fields (passenger name, contact, dates, amount). A current list of subprocessors is available on request to privacy@tripbudget.ai.
  • Hetzner Online GmbH (Germany) — hosting; all production data resides in the EU.
  • LLM inference providers — the trip-parsing pipeline sends the raw trip query and resolved preferences only. No card data, no PII beyond what's in the text of your request, ever leaves to an LLM.

We do not sell your data. We do not run third-party advertising trackers.

5. Your rights (GDPR)

You can request access, correction, deletion, or export of your data, and you can object to processing or restrict it, by emailing privacy@tripbudget.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Greek Data Protection Authority (HDPA).

6. Cookies

We use a single first-party session cookie (tripbudget_session, iron-session sealed) to keep you signed in. No tracking cookies, no analytics cookies. We use essential local storage for client-side query caching.

7. Children

The Service is not directed to children under 16. If you believe a child has provided us with personal data, please contact us so we can remove it.

8. Changes to this policy

We will post material changes here with a new "last updated" date and, when feasible, notify active users by email. Continued use after a change constitutes acceptance.

9. Contact

Cihat Karakoyun
Athens, Greece
privacy@tripbudget.ai