Privacy Policy

Trove ("we", "us") is a personal travel-credit organizer that helps you track and apply airline flight credits, vouchers, and travel perks. This Privacy Policy explains what we collect, why we collect it, who we share it with, and the rights you have over your data.

1. Data we collect

Account data: your email address, name, and a hashed password. If you sign up via Google, we receive your email, name, and Google profile picture.
Credit data: the airline, dollar value, expiration date, credit code, ticket number, passenger name, and terms of every flight credit you add — manually, by forwarding an email, or by uploading a screenshot.
Forwarded emails: the raw text and headers of any email you forward to your unique inbound address. These are encrypted at rest and retained for 12 months before automated deletion.
Trip search history: origins, destinations, dates, and recommendations generated when you plan a trip.
Audit log: a record of significant actions (credit added, edited, deleted; recommendation generated) tied to your account. Used for security, debugging, and compliance.
Operational data: IP addresses, user-agent strings, and timestamps of webhook and API requests, captured by our hosting providers (Vercel, Supabase) for security and abuse prevention.

2. How we use your data

To parse forwarded credit emails into structured data.
To generate flight recommendations that maximize the value of your credits.
To send expiration reminders so credits don't go to waste.
To send service announcements (security incidents, major changes).
To investigate security incidents and abuse.
To comply with legal obligations.

We do not use your credit data, email contents, or trip history to train AI models. The third-party AI provider (Google Gemini) is contractually prohibited from doing so under their Generative AI terms.

3. Third parties (subprocessors)

We share data only with the following service providers, each of whom processes data on our behalf under their respective data processing agreements:

Supabase — hosts our database and authentication. Stores all account data, credit data, and forwarded emails (encrypted).
Vercel — hosts our application code. All HTTP requests pass through Vercel infrastructure.
Google Gemini— receives forwarded email contents and trip-search parameters for AI-assisted parsing and recommendations. Subject to Google's Generative AI Prohibited Use Policy and their commitment not to use this data for model training.
SerpApi (Google Flights) — receives origin, destination, and travel dates when you plan a trip. Returns live flight offers and booking links.
Postmark — handles inbound email forwarding. Receives the contents of any email you forward to your Trove address.
Resend — sends outbound notification emails (expiry reminders, deletion confirmations).
Sentry — captures redacted error reports for debugging. Credit codes, OAuth tokens, and other sensitive values are stripped before transmission.
Cloudflare — DNS and email routing for our domain.

We do not sell your personal information to anyone, and we do not share data for cross-context behavioral advertising.

4. Data retention

Account data: retained for the life of your account, deleted within 7 days of you requesting account deletion.
Credit data: retained until you delete the individual credit or your account.
Forwarded email contents: retained for 12 months, then automatically and irreversibly deleted by a daily cron job.
Audit log: retained for 24 months, then automatically deleted.
Deletion-proof log: we permanently retain a cryptographic hash of deleted user IDs and a deletion timestamp, with no other identifying information, for compliance evidence.

5. Your rights

Under California Consumer Privacy Act (CCPA), you have the right to:

Know what personal information we have collected about you and how we use it (covered by this policy).
Access a copy of your personal information. Settings → Export My Data downloads everything as a JSON file.
Delete your personal information. Settings → Delete My Account starts the deletion process.
Opt out of the sale or sharingof personal information for cross-context behavioral advertising. We don't do either, but you can confirm via the "Do Not Sell My Personal Information" link in our footer.
Non-discrimination — we will not deny you service, charge a different price, or provide a different quality of service because you exercised any of these rights.

To exercise these rights, use the in-app controls or email security@try-trove.com. We respond within 45 days as required by CCPA.

6. Security

We protect your data with:

Encryption at rest for sensitive columns (credit codes, ticket numbers, OAuth tokens, forwarded email contents) using AES-256-GCM.
Encryption in transit (TLS 1.2+) for all network traffic.
Row-level security in our database — your data is technically inaccessible to other users.
Redaction of sensitive values from logs and error reports before they leave our servers.
HTTP security headers including HSTS, CSP, X-Frame-Options DENY, and a strict Permissions-Policy.
A documented incident-response playbook (see /docs/incident-response.md in our source repository).

No system is perfectly secure. In the event of a confirmed breach affecting your account, we will notify you by email within 72 hours of confirmation.

7. Children

Trove is intended for users 18 years of age or older. We do not knowingly collect data from anyone under 18. If we learn that a minor has signed up, we delete the account immediately.

8. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email at least 14 days before they take effect. The version number and effective date at the top of this page track each revision.

9. Contact

Privacy questions, access requests, deletion requests, and security reports: security@try-trove.com

DRAFT — this document has not been reviewed by an attorney. The founder is responsible for engaging counsel before relying on it for any commercial launch.