Last updated · June 12, 2026
Privacy Policy
TripHelm is a calendar-first trip planning app. This policy explains what data we collect, how we use it, and the controls you have over it.
What we collect
Account data. When you sign in with Google or Apple, we receive your name and email address from the identity provider. We store these to identify your account and associate your trips with you.
Trip data. We store the trip data you create — trip titles, destinations, start and end dates, and the individual itinerary blocks (time, kind, title, notes, location) that make up each day.
Usage data. Like most web apps, we collect analytics about how the site is used: pages visited, features clicked, approximate location derived from IP address, browser and device type, and error reports. We also record anonymized session replays (mouse movement, clicks, scrolling) to find usability problems; text you type is masked in replays by default.
Feedback. If you submit feedback through the in-app feedback button, we store what you wrote and the page you sent it from.
We do not collect payment information, physical addresses, or any sensitive personal data beyond the above.
How we use it
Your account and trip data are used to provide the TripHelm service — displaying your trips in the calendar, allowing you to edit them, and making them available to AI clients (such as Claude or ChatGPT) that you explicitly authorize.
Usage data is used to understand how the product is used, fix bugs, and improve it. We also use an advertising tag (served via Google Tag Manager) so that Amazon can show TripHelm ads to people who have visited this site and measure whether those ads work. That tag uses cookies and device identifiers only — your trips, name, and email are never shared with advertisers.
We do not use the contents of your trips for advertising or profiling, and we never train AI models on your data.
AI assistants & your conversations
When you connect TripHelm to an AI assistant through the MCP connector, that assistant can read and write your trip data on your behalf. It can only do so while you maintain that authorization, and it only ever accesses your own trips.
TripHelm receives only the structured tool calls the assistant makes (for example “create a trip to Kyoto”) — we never receive or store your chat conversation. For reliability and abuse prevention we log each tool call: the tool name, your account ID, how long it took, and whether it succeeded.
Where it's stored
All trip and account data is stored in a Neon Postgres database hosted in the US East region. Authentication is handled by WorkOS, whose infrastructure is also US-based.
Data is encrypted in transit (TLS) and at rest by the database provider.
Third-party sharing
We share data with the following service providers, and no one else:
- WorkOSAuthentication and identity (Google/Apple SSO) — receives your name and email
- NeonDatabase hosting — stores your account and trip data
- VercelApplication hosting, edge delivery, performance analytics, and server logs
- PostHogProduct analytics — usage events, error reports, surveys, and feedback, tied to your account
- GoogleGoogle Analytics (site analytics) and Google Tag Manager (tag delivery)
- MicrosoftClarity session replays and heatmaps (anonymized; typed text masked by default)
- Amazon AdsRetargeting and ad-conversion measurement via cookies — never receives trip or account data
- MapTilerGeocoding and map tiles — receives the place names on your itinerary blocks and your IP address, never your identity
We do not sell, rent, or trade your personal information, and no advertiser ever receives your trips, name, or email.
Retention
- Account and trip data — retained for as long as your account exists. Deleting a trip permanently removes its data from our database immediately. Account deletion requests are completed within 30 days and remove all trip data, account records, and analytics data tied to your account.
- Server and connector logs (including AI tool-call logs) — automatically deleted within 30 days.
- Product analytics events — deleted with your account on request; Google Analytics user-level data expires automatically after 14 months.
- Session replays — retained by Microsoft Clarity for up to 30 days (aggregated heatmap data up to 13 months).
To request account deletion, email hello@codeandcapital.co.
Your controls
- Delete any trip at any time from the dashboard — data is removed immediately.
- Revoke AI client access at any time through your AI assistant's settings (e.g. Claude.ai Connected Apps or ChatGPT connected apps). This immediately terminates the connector's ability to read or write your trips.
- Request a copy of your data or full account deletion by contacting support.
- Control analytics and advertising cookies through your browser settings; ad personalization can also be managed in your Amazon advertising preferences.
Contact
Questions about this policy or your data? Email us at hello@codeandcapital.co. We'll respond within a few business days.
ISSUE N° 01 · 2026