Privacy Policy

Account and profile information. When you register for TripNov, we collect your name, email address, company or agency name, job title, and password. If you sign up via Google OAuth, we receive the profile data authorized by your Google account. This information is used to create and manage your workspace.

Client and travel data. As a travel consultant, you will input data about your clients — including names, contact details, travel preferences, passport information (if provided), trip itineraries, proposals, and booking records. You own this data. TripNov processes it on your behalf to provide the platform's core functionality.

Usage and activity data. We automatically collect information about how you interact with TripNov — pages visited, features used, proposal templates viewed, actions taken, and session durations. This telemetry helps us understand how to improve the product.

Device and technical information. We collect browser type, operating system, IP address, referring URL, and device identifiers when you access TripNov. This information is used for security monitoring, fraud prevention, and diagnostic purposes.

Communication data. If you contact our support team or respond to emails we send, we retain those communications to resolve issues and improve our service. Automated emails sent via TripNov's outreach tools (welcome emails, proposal notifications, follow-up sequences) may be tracked for open and click rates.

Service delivery. We use your information to operate TripNov — authenticating your identity, rendering your workspace, processing travel proposals, managing client records, generating AI-assisted content, running your traveller chatbot, and publishing your TripNov-hosted website.

Communications. We use your email address to send transactional messages (account verification, password resets, invitation notifications, subscription receipts) and product-related updates. You may opt out of non-transactional communications at any time.

Analytics and product improvement. Aggregated, anonymized usage data helps us understand which features are most valuable, identify friction points, and prioritize our roadmap. We do not sell individual usage data to third parties.

Security and fraud prevention. We analyse access patterns, IP addresses, and session behaviour to detect and prevent unauthorized access, abuse of the platform, and violations of our Terms of Service.

We do not sell your personal data. TripNov does not sell, rent, or trade your personal information or your clients' data to third parties for marketing or advertising purposes.

Service providers. We share data with trusted third-party providers who help us operate TripNov — including cloud infrastructure providers (hosting, databases, object storage), email delivery services, payment processors, analytics tools, and AI model providers. These providers access only the data necessary to perform their specific functions and are contractually bound to protect it.

Legal requirements. We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of TripNov, our users, or the public.

Business transfers. If TripNov is acquired, merged, or undergoes a change of ownership, your data may be transferred as part of that transaction. We will notify you before your personal data becomes subject to a materially different privacy policy.

We retain your account data for as long as your TripNov subscription is active. If you cancel your subscription, your workspace and associated data (client records, proposals, trip itineraries, website content) are retained for 30 days after cancellation, allowing you to export or reactivate. After the 30-day window, data is permanently deleted from our production systems.

Anonymized aggregated usage statistics may be retained indefinitely for product analytics. Backups are stored for up to 90 days on a rolling schedule and are then destroyed. Financial transaction records (billing history, invoices) are retained for seven years to comply with accounting and tax regulations.

If you request account deletion before subscription expiry, we will initiate deletion within 7 business days. Certain data may be retained longer if required by law or where we have a legitimate legal interest.

Essential cookies. TripNov uses httpOnly session cookies to maintain your authenticated session across the platform and its subdomains (app.tripnov.com, your-agency.tripnov.com). These cookies are strictly necessary for the service to function and cannot be opted out of while using TripNov.

Analytics cookies. We use privacy-respecting analytics tools to understand aggregate traffic patterns on our marketing website (tripnov.com). These tools may use cookies or fingerprinting techniques. Where required by law, we obtain consent before setting non-essential cookies.

Third-party tracking. Our marketing pages may load third-party scripts (e.g., Google Analytics). These services operate under their own privacy policies. You can use browser extensions or your browser's privacy settings to block third-party trackers.

Opting out. You can configure your browser to refuse cookies or alert you when cookies are being sent. Disabling cookies may affect the functionality of the TripNov application.

Encryption. All data transmitted to and from TripNov is encrypted in transit using TLS 1.2 or higher. Data stored in our databases is encrypted at rest. Authentication tokens are hashed using SHA-256 before storage and are never stored in plain text.

Access controls. TripNov implements role-based access control within workspaces. Platform administrators, tenant owners, and team members have differentiated access levels. We follow the principle of least privilege — employees only access customer data when necessary to resolve support issues, and all access is logged.

Incident response. In the event of a data breach that poses risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the incident, as required by applicable data protection laws. Notifications will describe the nature of the breach, categories of data affected, and steps taken to mitigate the impact.

Your responsibilities. You are responsible for maintaining the security of your account credentials. Use a strong, unique password, enable two-factor authentication if available, and notify us immediately at privacy@tripnov.com if you suspect unauthorized access to your account.

TripNov is operated from Portugal (European Union) and our primary data infrastructure is located within the EU. Certain third-party service providers we use may process data in the United States or other countries outside the European Economic Area (EEA).

Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequacy decision. By using TripNov, you acknowledge that your data may be processed in countries where data protection laws differ from those in your home country.

EU and UK users have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR. Please see “Your Rights and Choices” below for details.

TripNov is a business platform designed for travel professionals. It is not directed at individuals under the age of 16, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that data promptly.

If you believe we have inadvertently collected data from a child under 16, please contact us at privacy@tripnov.com and we will investigate and take appropriate action.

Depending on your location, you may have the following rights with respect to your personal data:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request that we correct inaccurate or incomplete data.
• Deletion — Request that we delete your personal data, subject to certain legal exceptions.
• Portability — Request your data in a structured, machine-readable format.
• Restriction — Request that we restrict processing of your data in certain circumstances.
• Objection — Object to processing based on legitimate interests or for direct marketing.
• Opt-out of marketing — Unsubscribe from marketing emails at any time via the link in each email.

To exercise any of these rights, email us at privacy@tripnov.com with the subject “Data Rights Request.” We will respond within 30 days. For EU/UK users, you also have the right to lodge a complaint with your local data protection authority.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or product functionality. When we make material changes, we will notify you by email (to the address associated with your account) and by displaying a prominent notice within the TripNov application at least 14 days before the changes take effect.

Your continued use of TripNov after the effective date of the updated policy constitutes your acceptance of the revised terms. The “Last updated” date at the top of this page indicates when the policy was last revised.

If you have any questions, concerns, or requests regarding this Privacy Policy or the way TripNov handles your personal data, please contact our privacy team:

We take all privacy-related communications seriously and will respond within 30 days of receiving your request.