TrovaTripPrivate Groups
← Back home

Privacy Policy

Effective April 25, 2026. We may update this from time to time — the latest version always lives at this URL.

This Privacy Policy explains how TrovaTrip, Inc. (“TrovaTrip,” “we,” “us,” or “our”) collects, uses, shares, and protects information about you when you use TrovaTrip Groups at groups.trovatrip.com (the “Service”). By using the Service, you consent to the practices described here.

TrovaTrip Groups is operated by the same company as TrovaTrip’s primary booking platform. Information you share with us through the Service may also be used to complete your booking on the primary TrovaTrip platform once a trip locks in. The primary platform’s separate Privacy Policy also applies in that context.

1Information We Collect

1.1Information you provide directly

  • Account information. Organizers sign in via our identity provider (Clerk) using email plus password or a social provider. We receive your name, email address, profile image (if any), and the unique Clerk user ID.
  • Commitment information. When you commit to a trip we collect your first name, last name, email address, and any personal note you choose to add. If a trip offers multiple dates, we collect which dates work for you.
  • Trip details. If you organize a trip, we collect the trip name, your personal message to invitees, and your selected proposed departure dates.
  • Payment information. Card details are submitted directly to our payment processor (Stripe, Inc.) and are never stored on our servers. We receive a tokenized reference to the payment method, the Stripe customer identifier, and the status of the authorization.
  • Booking information. If a trip locks in and is confirmed under the parent TrovaTrip platform, additional information will be requested at that point (e.g., legal name as on passport, date of birth, nationality, passport details, emergency contact, dietary or medical needs).

1.2Information collected automatically

  • Device & log data. IP address, user agent, referring URL, pages visited, and timestamps. We use this for operating, securing, and improving the Service.
  • Cookies and local storage. See Section 4.

1.3Information from other sources

  • From the parent TrovaTrip platform. If you also use TrovaTrip’s primary platform, we may link your account information across both products.
  • From friends who invite you. When an Organizer creates a trip and shares the link with you, we receive that you arrived from a particular trip’s URL but not your identity until you commit.

2How We Use Information

We use the information we collect to:

  • Create, operate, and manage your trips and commitments.
  • Authorize and (when applicable) capture deposit holds via our payment processor.
  • Send transactional emails (commitment confirmations, lock-in notifications, trip expirations, organizer notifications).
  • Hand off the trip to TrovaTrip’s ops team and the Operator once a trip locks in.
  • Maintain the security and integrity of the Service, including detecting fraud and abuse.
  • Comply with legal obligations and respond to lawful requests.
  • Improve the Service through aggregated and de-identified analysis.

We do not sell your personal information for monetary consideration. We do not use your information to deliver targeted advertising on third-party platforms.

3How We Share Information

We share information only with the parties below and only as needed to operate the Service:

  • Payment processor — Stripe, Inc. Receives your card details directly via Stripe’s embedded payment form. Stripe’s use is governed by its privacy policy.
  • Identity provider — Clerk, Inc. Manages organizer authentication. Subject to Clerk’s privacy policy.
  • Email provider — Resend. Delivers transactional emails.
  • Hosting & database — Railway. Operates the servers and the PostgreSQL database that hold the Service’s data.
  • TrovaTrip ops team and Operators. When a trip locks in, we share traveler names, emails, and the relevant trip details with our internal ops team and the Operator delivering your trip on the ground.
  • The TrovaTrip primary platform. To complete your booking after lock-in, we transfer relevant trip and traveler information to the primary platform.
  • Other organizers and travelers on the same trip. Your first name and (if a trip offers multiple proposed dates) the dates you indicated are visible to other committed travelers on the trip page.
  • Professional advisors. Attorneys, accountants, and insurers, under confidentiality.
  • Legal & safety. When we believe disclosure is necessary to comply with applicable law, respond to lawful requests, protect our rights or those of users, or prevent fraud or harm.
  • Business transactions. If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred subject to standard confidentiality protections.

4Cookies, Local Storage & Tracking

We use a limited set of browser storage mechanisms to operate the Service:

  • Authentication cookies set by Clerk to keep you signed in as an Organizer.
  • Local storage on your device to remember which trips you have committed to in this browser, so that the trip page can show you a “share with friends” experience instead of asking you to commit again.
  • Stripe cookies set by the payment form to operate the secure card input.

We do not currently use third-party advertising or behavioral tracking cookies. We do not use Google Analytics or similar third-party analytics tools on the Service. You can disable cookies in your browser, but parts of the Service (especially authentication and the payment form) will not function without them.

We do not respond to “Do Not Track” browser signals because there is no industry consensus on how to interpret them.

5Data Retention

We retain personal information for as long as necessary to provide the Service, comply with our legal obligations (including financial recordkeeping), resolve disputes, and enforce our agreements. Authorization records and commitment metadata may be retained for up to seven (7) years for accounting and tax purposes. You may request earlier deletion under the rights described in Section 6.

6Your Rights & Choices

Depending on where you live, you may have rights to access, correct, delete, or port the personal information we hold about you, and to object to or restrict certain processing. To exercise any of these rights, email hi@trovatrip.com. We will respond within thirty (30) days where required by law (or sooner where practical).

You may opt out of transactional emails by replying to any commitment notification with “unsubscribe.” We will continue to send essential service emails (e.g., confirmations of holds and captures, and lock-in or expiration notifications) for trips you are actively committed to.

7Children's Privacy

The Service is not directed to children under thirteen (13). We do not knowingly collect personal information from children under thirteen. If you believe a child has provided us with personal information, please contact us so that we can delete it.

8Security

We use commercially reasonable technical and organizational safeguards to protect your information, including TLS in transit, encrypted database storage at rest via our hosting provider, and tokenization of card details by Stripe. No system is perfectly secure, and we cannot guarantee absolute security. If we discover a security incident affecting your information, we will notify you as required by law.

9International Users

The Service is hosted in the United States. By using it, you consent to the transfer and processing of your information in the United States, which may have different data-protection laws than your country of residence.

10State-Specific Rights (U.S.)

10.1California (CCPA / CPRA)

California residents have rights to know, access, delete, correct, and opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising. To make a request, email hi@trovatrip.com with the subject line “California Consumer Request.” You may designate an authorized agent.

10.2Colorado, Connecticut, Utah, Virginia

Residents of Colorado, Connecticut, Utah, and Virginia have rights similar to the California rights above under their respective privacy laws. Email hi@trovatrip.com with the subject line for your state (e.g., “CPA Consumer Request”). We respond within forty-five (45) days, extendable once for an additional forty-five days where reasonably needed.

10.3Nevada

Nevada residents may opt out of the sale of certain personal information by emailing the address above. As noted, we do not sell personal information.

11Changes to This Policy

We may modify this Privacy Policy at any time by posting an updated version at this URL. Material changes will be reflected by an updated effective date. Your continued use of the Service after a change constitutes acceptance of the revised Policy.

12Contact

Questions, requests, or concerns about this Privacy Policy should be sent to:
TrovaTrip, Inc.
850 N.W. 13th Avenue, 2nd Floor
Portland, OR 97209
hi@trovatrip.com

See also the Booking Terms.

Privacy Policy — TrovaTrip Groups — TrovaTrip Private Groups