Privacy Policy

Account data

• Email address
• Encrypted password
• Account preferences

Signal data

• Travel preferences
• Monitoring criteria
• Signal activity

Billing data

Subscription status and payment identifiers. Payments are processed by Stripe. We do not store full credit card numbers.

Technical data

• IP address — we retain the last 10 login IP addresses per account to detect unauthorized access and prevent abuse
• Approximate geographic location (city, region, country) derived from each login IP address
• Browser/device data
• Log files
• Cookies

• Provide alerts and operate the Service
• Process subscriptions and payments
• Send service emails (account, billing, updates)
• Improve performance and reliability
• Prevent fraud and abuse
• Comply with legal obligations

We do not sell personal information.

We send price alerts and service-related emails (account and billing).

All commercial emails include our business name, mailing address, and an unsubscribe mechanism.

Unsubscribe requests are processed promptly in accordance with CASL.

We use third-party providers to run Trip Signal, including:

• Stripe (payments)
• Resend (email delivery)
• Google Analytics (usage analytics)
• PostHog (product analytics)
• Hetzner (Helsinki, Finland) (hosting)
• DataImpulse (residential proxy) - used to access publicly-available travel deal pricing from provider websites. No personal data is shared with DataImpulse.

These providers may process data outside Canada and are expected to protect your data appropriately.

Trip Signal allows you to sign in using your Google account via our authentication provider, Clerk. This section describes how we handle data received from Google APIs, in compliance with the Google API Services User Data Policy.

Data Accessed

When you sign in with Google, we receive the following from your Google account:

• Name
• Email address
• Profile picture

We do not request access to Gmail, Google Calendar, Google Drive, or any other Google services beyond basic sign-in.

Data Usage

Google user data is used solely to:

• Create and authenticate your Trip Signal account
• Display your name and profile picture within the application
• Send service-related communications to your email address

We do not use Google user data for advertising, marketing to third parties, or any purpose unrelated to operating Trip Signal.

Data Sharing

We do not sell, rent, or share your Google user data with any third parties, except as necessary for the following service providers that help us operate Trip Signal:

• Clerk - authentication and account management
• Resend - email delivery (receives your email address to send notifications)

These providers process data only on our behalf and are contractually obligated to protect it.

Data Storage & Protection

Google user data is stored securely by Clerk (our authentication provider) and in our application database hosted on Hetzner (Helsinki, Finland). All data is transmitted over encrypted connections (TLS). Access to production systems is restricted to authorized personnel only.

Data Retention & Deletion

Google user data is retained for as long as your account is active. When you delete your Trip Signal account:

• Your profile data (name, email, profile picture) is deleted from our systems within 30 days
• Authentication records are removed from Clerk
• You may also revoke Trip Signal's access to your Google account at any time via your Google Account permissions

To request deletion of your data, delete your account in Account Settings or email [email protected].

Trip Signal uses cookies and similar technologies (including browser local storage) for the following purposes:

Essential cookies (always active)

• Authentication session (Clerk) - keeps you signed in
• Consent preference - remembers your cookie choice
• Activation status - tracks onboarding completion

Analytics (require your consent)

• PostHog- page views, session recordings, feature usage, and product analytics. When you are signed in, PostHog links activity to your account. Data is sent to PostHog's US servers via our domain (tripsignal.ca). PostHog stores a device identifier in your browser's local storage.
• Google Analytics - page views, session data, and conversion events. When you are signed in, your account ID is linked to your analytics profile. Data is processed by Google in the United States.

Your choices

• A consent banner appears on your first visit. You can accept or decline analytics.
• If you decline, no analytics data is collected.
• You can change your preference at any time using the "Cookie Preferences" link in the footer.
• You can also block cookies in your browser settings, but some features may not work properly.

Because we use providers like Hetzner and Google Analytics, your data may be processed outside Canada and subject to the laws of those jurisdictions.

• Account data: until account deletion
• Login history (IP addresses and geolocation): last 10 entries per account; older entries are automatically overwritten as new logins occur
• Billing records: up to 7 years (tax compliance)
• Server logs: up to 90 days
• Email delivery logs: up to 90 days
• Google Analytics data: based on your Google Analytics retention settings
• PostHog analytics data: based on your PostHog project retention settings

We implement reasonable safeguards to protect personal information.

No method of transmission or storage is completely secure.

Under PIPEDA, you may request access to your personal information and request corrections.

Contact our Privacy Officer using the info below.

Trip Signal provides a self-service data export feature. You can download a copy of all personal data we hold about you, including your account information, signal configurations, and deal match history.

To export your data, go to Account Settings and click Download my data. Your data will be provided in JSON format.

You may also request a data export by emailing [email protected].

You can delete your account at any time from Account Settings. When you delete your account:

• Your subscription is canceled immediately (if applicable)
• Personal information (email, IP address, login data) is scrubbed from our database
• All active signals are deactivated
• Your authentication record is deleted from Clerk
• After 30 days, your account and all associated data (signals, deal matches, notification history) are permanently and irreversibly deleted

Retention exceptions: Stripe payment records may be retained as required by law. Server and email delivery logs are retained for up to 90 days.

We do not knowingly collect personal information from individuals under 18.

If we learn we have collected such information, we will take steps to delete it.

We may update this Privacy Policy periodically. Continued use means you accept the updated Policy.

Under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Canadian users have the following rights:

• Right to access: You may request a copy of the personal data we hold about you. You can also download your data directly from Account Settings using the "Download my data" feature.
• Right to data portability: You can export all your personal data (account information, signals, and deal match history) in a machine-readable JSON format at any time.
• Right to deletion: You may request deletion of your account and all associated personal data. Personal information is scrubbed immediately upon deletion. All remaining data is permanently removed after 30 days.
• Right to correction: You may request that inaccurate personal data be corrected.
• Retention exceptions: Stripe payment records may be retained as required by law or Stripe's own data retention policy. Server and email delivery logs are retained for up to 90 days.
• Response timeline: We will process all data deletion requests within 30 days.
• How to request: Delete your account or download your data in Account Settings, or email [email protected].

Trip Signal's Scout feature displays resort intelligence data collected from publicly available sources including resort websites, review platforms, and third-party travel data providers.

What we collect

• Resort names, locations, and amenity information
• Star ratings and review scores from third-party platforms
• Environmental and seasonal data (e.g. sargassum risk, weather patterns)
• Family, couple, and group suitability indicators

What we do not collect

Scout does not collect personal information from users browsing resort data. We may log which resort pages are viewed in aggregate for product improvement purposes.

Data accuracy

Resort Intel data is collected periodically and may not reflect current conditions. We do not guarantee accuracy and recommend verifying all information directly with the resort before booking.

Privacy Officer - Mighty Web Design

143 Fairway Rd, Emerald Park, SK, S4L 1C8

Email: [email protected]

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.