Skip to content
+SwissTrip
Iniciar sesión

Privacy Policy

Last updated: March 2026

1. Data Controller

SwissTrip is operated by F. Weinhappl, Switzerland.

SwissTrip ("we", "us", or "our") operates the travel planning application available at swisstrip.app. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the Swiss Federal Act on Data Protection (FADP/DSG) and, where applicable, the EU General Data Protection Regulation (GDPR).

2. Data We Collect

We collect the following categories of personal data:

Account Information

  • Name and email address (required for registration)
  • Profile photo (if provided via Google or Apple OAuth)
  • Password hash (for email/password accounts — stored securely by Supabase)

Trip & Planning Data

  • Trip itineraries, destinations, dates, and travel preferences you create
  • Saved favorites (destinations, restaurants, activities)
  • Budget preferences and travel group information you provide
  • Chat messages sent to the AI trip planning assistant

Usage Data

  • Pages visited, features used, and session duration
  • Device type, browser, and operating system
  • IP address (anonymized where possible)

Payment Data

  • Subscription status and plan type
  • Payment processing is handled entirely by Stripe — we do not store full card numbers

3. Third-Party Services

We use the following third-party services to operate SwissTrip. Each service processes data according to its own privacy policy:

  • Supabase — Database and authentication infrastructure. Data is stored in the EU region (Frankfurt). Privacy policy: supabase.com/privacy
  • Stripe — Payment processing for subscriptions (CHF currency). Stripe is PCI-DSS certified. Privacy policy: stripe.com/privacy
  • Cloudinary — Image hosting and delivery for destination photos. Privacy policy: cloudinary.com/privacy
  • Google OAuth — Optional sign-in with Google. Only your name and email are requested. Privacy policy: policies.google.com/privacy
  • Apple OAuth — Optional sign-in with Apple. Apple may provide a private relay email address. Privacy policy: apple.com/legal/privacy
  • Anthropic Claude AI — Powers the AI trip planning assistant. Messages you send to the assistant may be processed by Anthropic's API. Privacy policy: anthropic.com/privacy

4. Cookies

We use a minimal number of cookies, limited to those strictly necessary for the service to function:

  • Authentication cookies — Set by Supabase to keep you logged in securely. These are session cookies and expire when you log out or after a defined period of inactivity.
  • Locale preference — A small cookie to remember your language preference.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. No cookie consent banner is required beyond this disclosure.

5. Data Retention

  • Account and trip data is retained for as long as your account is active.
  • If you delete your account, your personal data and trip itineraries are permanently deleted within 30 days.
  • Anonymised usage statistics may be retained for up to 24 months for service improvement purposes.
  • Payment records are retained as required by applicable tax law (typically 10 years in Switzerland).

6. Legal Basis for Processing

Under Swiss data protection law (FADP) and, for EU users, the GDPR:

  • Contract performance — Processing necessary to provide the SwissTrip service you signed up for.
  • Legitimate interests — Improving service quality and preventing fraud.
  • Legal obligation — Retaining payment records as required by Swiss tax law.

7. Your Rights

Under the Swiss FADP and, for EU users, the GDPR, you have the following rights:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Request correction of inaccurate or incomplete data.
  • Erasure — Request deletion of your data ("right to be forgotten").
  • Portability — Request your trip data in a machine-readable format (JSON).
  • Restriction — Request that we limit how we process your data.
  • Objection — Object to processing based on legitimate interests.
  • Withdraw consent — Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us via swisstrip.app. We will respond within 30 days.

You also have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch.

8. International Data Transfers

Your data is primarily stored within the EU (Supabase EU region). Some third-party providers (Cloudinary, Anthropic) may process data outside Switzerland and the EU. In such cases, transfers are made under appropriate safeguards in accordance with Swiss and EU data protection requirements.

9. Contact

For any privacy-related questions, requests, or concerns, please contact:

F. Weinhappl
SwissTrip
swisstrip.app

Privacy Policy — SwissTrip