Policies and disclosures
Product terms, privacy details, and operational disclosures that match how Tripanomics works today.
This page lists the launch-baseline service providers and subprocessors that may receive limited personal information in order to operate Tripanomics.
The list below describes third parties that may process personal information on our behalf or as part of providing integrated product features.
Not every vendor receives information about every user. We aim to send only the data needed for the feature, support task, security control, payment flow, analytics event, or itinerary request involved.
| Vendor | Role | Data categories they may receive | Notes |
|---|---|---|---|
| Supabase | Authentication and PostgreSQL hosting | Account profile, saved itineraries, share state, subscription references | Core system of record |
| Stripe | Checkout, subscriptions, billing portal | Billing identifiers, subscription status, customer and invoice references | Payment processor |
| Resend | Transactional email delivery | Email address, message metadata, delivery status | Verification, password reset, and billing or support email |
| PostHog | Product analytics after consent | Consent state, event names, page paths, anonymous or user identifiers | Must stay consent-gated |
| Sentry | Error monitoring | Error payloads, request metadata, user identifiers when attached to error context | No intentional end-user content should be logged unless needed for debugging |
| Upstash Redis | Rate limiting and operational counters | IP and rate-limit metadata, system counters | Abuse prevention |
| Vercel or selected deployment host | Website hosting, server runtime, logging, and content delivery | Request metadata, page paths, server logs, and content needed to serve the app | Current deployment host may vary by environment |
| Anthropic or OpenAI | Itinerary generation | Trip inputs and related prompt context | AI provider selected by our runtime configuration |
| Google OAuth | Social sign-in | Account identity data for Google sign-in users | Optional sign-in provider |
| Google Places | Destination and place lookup | Search queries and place lookups from trip planning | Used for place enrichment and autocomplete |
| Mapbox | Map tiles and map interactions | Map-view requests, coordinates shown in itinerary map views | Client-side map rendering |
| Cloudflare Turnstile | Bot protection | Device and browser challenge data for protected forms | Signup and password-reset protection |
| Foursquare | Venue enrichment | Destination and place search context | Used when enriching trip content |
| Ticketmaster | Event enrichment | Destination and date search context | Used when live events are available |
| Unsplash | Destination imagery | Destination search context | Used for travel imagery |
| Pexels | Destination imagery fallback | Destination search context | Fallback image provider |
| Viator | Activity enrichment and affiliate links | Destination and date search context | Optional travel-activity provider |
| Open-Meteo | Weather enrichment | Destination and date weather lookup context | Forecast data for itineraries |
AI providers may receive trip inputs, preference context, generated itinerary context, and retrieved enrichment snippets needed to create or revise an itinerary. Travel-data providers may receive destination, date, place, category, coordinate, or search-query context needed to retrieve venues, events, imagery, weather, maps, or booking options.
These providers do not guarantee that a recommendation is current, available, safe, accessible, or suitable for a user's trip. Users should verify important travel details with the official source before relying on a recommendation.
We may update this list when vendors are added, removed, or materially changed.
If you have a subprocessor question, email support@tripanomics.com.