Privacy Policy

Privacy Policy


1. Who is responsible for your data

The data controller is [Trivaction], Leiden, Netherlands.

Contact: [contact@trivaction.com]

2. What we collect

You give us:


Account details: name, email address, password (stored hashed — we never see it).
If you sign in with Google: your name, email and profile picture from Google.
Profile: bio, photo, social links, favourite quotes, countries visited.
Content: itineraries, photos, recommendations, comments, trip plans.
Trip requests: destinations, dates, budget, preferences you tell us.


Collected automatically:


Technical data: IP address, browser type, device, pages visited, timestamps.
Cookies — see section 7.
Analytics data (only if you consent).


From others:


Stripe: payment status and payout information. We do not receive or store your full card number.
Google: your basic profile, if you use Google sign-in.


We do not intentionally collect special category data (health, religion, political views, etc.). Please do not put such information in your public content.

3. Why we use it, and our legal basis (GDPR Art. 6)

PurposeLegal basisCreate and run your accountPerformance of a contractPublish your itineraries and contentPerformance of a contractProcess donations and payoutsContract + legal obligationDeliver a paid custom trip planPerformance of a contractSend service emails (password reset, approvals)Contract / legitimate interestsPrevent spam, fraud and abuseLegitimate interestsKeep the site secure and workingLegitimate interestsAnalytics (Google Analytics)ConsentLoading YouTube videosConsentComply with tax and accounting lawLegal obligation

Where we rely on consent, you may withdraw it at any time (see section 7).

4. Who we share it with

We share data only as needed, with:


Stripe Payments Europe Ltd. — donations, payouts, identity checks (Ireland/EU).
Google — sign-in (OAuth), analytics (only with consent), and [Gemini] for translation/AI features.
[Anthropic] — AI features, if enabled.
YouTube (Google) — when videos load.
Cloudflare — Turnstile anti-bot protection.
Namecheap — website hosting.
[Email provider] — sending emails.
Authorities — where legally required.


We do not sell your personal data.

Anything you publish (itineraries, photos, profile, comments) is public and visible to anyone, including search engines.

5. International transfers

Some providers (e.g. Google, Cloudflare, [Anthropic]) may process data outside the European Economic Area, including the United States. Where they do, transfers are protected by the EU Standard Contractual Clauses and/or the EU–US Data Privacy Framework.

6. How long we keep it


Account data: while your account exists, then deleted or anonymised within [90] days.
Published content: until you delete it (copies may remain in backups for a short period).
Payment records: [7–10] years, as tax law requires.
Server logs: [12] months.
Analytics: as configured in Google Analytics ([14] months).


7. Cookies

Essential cookies (always on — no consent needed): keeping you logged in, security (CSRF), Cloudflare Turnstile, Stripe during checkout, and remembering your language and cookie choice.

Optional (consent required):


Google Analytics — tells us which pages are useful. Loads only after you press "Accept".
YouTube — sets its own cookies. Videos do not load at all unless you accept, or click "Load video" on that specific video.


If you press "Reject": analytics never loads, videos stay blocked behind a click-to-play button, and the rest of the site works normally.

You can change your choice at any time using the "Cookie settings" link in the footer.

8. Your rights (GDPR)

You have the right to:


Access your data and get a copy.
Correct inaccurate data.
Delete your data ("right to be forgotten").
Restrict or object to processing.
Data portability — receive your data in a machine-readable format.
Withdraw consent at any time.
Complain to a supervisory authority — [e.g. the Hellenic DPA, dpa.gr / the Dutch AP, autoriteitpersoonsgegevens.nl].


To exercise any right, email [contact@trivaction.com]. We reply within one month.

9. Security

We use HTTPS, hashed passwords, access controls and anti-bot protection. No system is perfectly secure, but if a breach puts your rights at risk, we will notify you and the supervisory authority as the law requires.

10. Children

The Service is not intended for children under 16. We do not knowingly collect their data. If you believe a child has given us data, email us and we will delete it.

11. Changes

We may update this policy. Material changes will be announced on the site (and by email where appropriate) before they take effect.

12. Contact

[contact@trivaction.com]
Trivaction

You can change your cookie choice at any time.

Continue with Google
or

Forgot your password?