TripPlanner

Privacy Policy

Last updated: March 2026

1. Who We Are

TripPlanner is a personal travel and trip-planning application operated by CrunkA3. Questions about this policy can be directed to the application administrator.

2. What Data We Collect

When you create an account and use TripPlanner we process the following personal data:

  • Account data: e-mail address, hashed password, display name (optional).
  • Location data: home location latitude / longitude / name that you voluntarily enter in your profile.
  • Content data: wishlists, places, trips and GPX tracks you create.
  • Technical data: session cookies required for authentication and security (no third-party tracking cookies are used).

3. Legal Basis for Processing (GDPR Art. 6)

  • Contract (Art. 6(1)(b)): processing required to provide the service you registered for.
  • Consent (Art. 6(1)(a)): for any optional processing you have explicitly agreed to.
  • Legitimate interest (Art. 6(1)(f)): security logging and abuse prevention.

4. Cookies

TripPlanner uses only strictly necessary cookies for authentication and anti-forgery protection. No analytics, advertising or third-party tracking cookies are set. Because these cookies are essential to the functioning of the service, they are placed without additional consent (Recital 30 ePrivacy Directive).

5. Data Sharing

We do not sell, rent or share your personal data with third parties, except where required by law or where you explicitly share content with other users of the application.

6. Data Retention

Your personal data is retained for as long as your account is active. You may delete your account and all associated data at any time from Account › Personal Data.

7. Your Rights Under GDPR

As a data subject you have the following rights:

  • Right of access (Art. 15): download a copy of your data from Account › Personal Data.
  • Right to rectification (Art. 16): update your data from Account › Manage.
  • Right to erasure (Art. 17): permanently delete your account and data from Account › Delete Personal Data.
  • Right to data portability (Art. 20): export your data in machine-readable format via the download feature.
  • Right to object / restrict processing (Art. 18, 21): contact the administrator.

8. Data Security

Passwords are stored as salted hashes using ASP.NET Core Identity. All data is stored locally in the configured database and is not transmitted to external services.

9. Changes to This Policy

We may update this policy from time to time. The date at the top of this page will reflect the latest revision. Continued use of the application after changes constitutes acceptance of the revised policy.

An unhandled error has occurred. Reload 🗙

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please reload the page.