Triplium Privacy Policy
Version: 1.0.0 Effective date: 2026-07-07 Last updated: 2026-07-07
1. Who we are
Triplium is a travel journal that captures your trips as they happen — photos, places, routes and words — and helps you turn them into stories worth keeping. That means you trust us with personal things, so this policy explains, in plain language, what we collect, why, and the control you have over it.
All personal data is collected, processed and secured in compliance with the General Data Protection Regulation (GDPR). We, CodeAppGo Oy (Business ID 3200602-8, registered in Finland), are the controller of the personal data processed in relation to the Triplium app and website. For anything privacy-related, write to info@triplium.com — a real human reads it.
2. What we collect
Your account. Your email address, your display name if you set one, and the sign-in method you use. Triplium signs you in with one-time email codes or your Google account — there are no passwords, so we never store one. Before you create an account, the app runs under a temporary anonymous identifier so it can talk to our servers; it becomes your account when you sign up.
Your journal. The trips and moments you create: titles, dates, descriptions, places, and the photos, videos and voice recordings you add — including their embedded metadata, such as when and where a photo was taken and what camera took it. We read that metadata to place your moments on the map and timeline. If you'd rather keep a photo's location out of Triplium, remove the location data before adding the photo (your phone's share sheet can do this) — we don't strip it for you.
Your conversations with the AI. The messages you exchange with the Triplium assistant, voice messages and their transcriptions, and the choices you make in the interactive cards it shows you. Your chat history is stored as part of your account data.
Location. Beyond the places in your photos and the ones you pick yourself, Triplium can record your route while you travel: when you turn trip recording on, the app periodically saves your position, speed and direction so your route can be drawn on the map. Recording is always something you start and stop yourself.
Profile and settings. Optional details such as your home country, how often you travel and your journaling-style preferences, plus your notification settings and the device tokens needed to deliver any push notifications you've enabled.
Usage and diagnostics. Anonymous app analytics (which screens and features are used) and crash reports (device model, OS version, app version and what went wrong technically). These are not tied to your account or your journal — we see counts and technical details, not who you are. Our infrastructure also keeps short-lived technical server logs (including IP addresses), as virtually every online service does, for security and operations.
Subscription. Your plan, its status, and the purchase receipts needed to validate it. We never see your card number — payment happens at Apple, Google or Stripe.
Feedback and support. Bug reports, feature requests and other feedback you send from the app — with screenshots and device diagnostics only if you choose to include them — and email conversations with our support.
Backups. When you request an export of your data, we prepare a backup file and hold it for you to download.
3. How we use your information
We use your data to:
- Run Triplium — sign you in, store your journal, sync it across your devices, draw your maps, and send essential service emails such as sign-in codes and export links. This is the service you signed up for.
- Power the AI features — chat, transcription, photo understanding, suggestions and summaries (section 4). Equally part of the service itself.
- Let you share — create the share links you control, and honour it when you revoke them.
- Improve the app — anonymous, aggregate analytics tell us which features earn their place and where people get stuck. This is our legitimate interest, and you can object at any time (section 10).
- Fix crashes — crash reports let us reproduce and repair bugs. Likewise a legitimate interest.
- Keep the service safe — protecting accounts, shares and service quotas from abuse. Likewise a legitimate interest.
- Meet legal obligations — bookkeeping and tax rules, and lawful requests from authorities.
- Tell you what matters — material changes to this policy, your subscription, and security notices.
We do not sell your data. We show no ads, and nothing about you is shared with advertisers. We don't make automated decisions that have legal or similarly significant effects on you.
4. AI in Triplium
AI is at the heart of Triplium — it's what turns quick captures into a written journal. To make that possible, we send the relevant content to our AI providers for processing: your chat messages, and the photos, videos and voice recordings you add to your journal, so they can be understood, transcribed and summarised for you.
What you should know:
- It's private. Your content is processed only to produce results for you. It's never shared with other users and never used for advertising.
- No training. Neither we nor our AI providers use your content to train AI models. We use paid, business-grade AI services whose terms rule this out.
- Brief provider retention. Providers may hold submitted content for a short period for abuse monitoring, then delete it.
- Interactive cards are chat. When the assistant shows you a card — a date picker, a list of places — what you pick in it is part of the conversation and is processed like a message.
5. Who we share your data with
Nobody gets your data for their own purposes. A small set of service providers process it on our instructions to run Triplium, each receiving only what its role requires:
- Hosting and storage providers (EU and US) — run our databases, file storage and backend.
- AI providers (US) — process content for the AI features described in section 4.
- An email delivery provider — sends sign-in codes and service emails.
- An analytics and crash-reporting provider — receives the usage and crash data described in section 2, not linked to your account.
- Billing — Apple (App Store), Google (Google Play) or Stripe process your payment, and a subscription-management service keeps your plan status in sync across your devices.
- Google — handles authentication if you choose Sign in with Google.
- Video rendering infrastructure (US) — renders the trip videos you generate.
Every provider is bound by a data-processing agreement. Where a provider operates outside the European Economic Area (mainly the United States), the transfer relies on the EU–US Data Privacy Framework or the European Commission's Standard Contractual Clauses, as EU law requires. We maintain an internal register of every provider, what it receives and where it runs.
We disclose personal data to authorities only where the law requires it.
6. Other people in your photos
Travel photos usually have other people in them. When you add a photo of an identifiable person, make sure you're comfortable — and entitled — to do so, especially before sharing it. For children who are not your own, that means a parent's or guardian's consent. If you appear in someone else's Triplium journal and want a photo removed, email info@triplium.com and we'll assess the request in good faith.
7. Sharing your content
Everything in your journal is private to you until you decide otherwise.
When you share with another Triplium user, they see the shared content at the access level you grant — and nothing about your account beyond your display name. When you create a public link, anyone holding that link can view what it points to, no account needed.
You can revoke any share at any time, which immediately blocks further access. One honest caveat: content someone already viewed may stay cached on their device for a while, and anything already downloaded — a video, a backup — is a copy beyond our reach. That's how the web works, and we'd rather say it than pretend otherwise.
Deleting your account revokes every share you've created.
8. How long we keep your data
- While you use Triplium, your journal stays. That's the point of a journal. If your subscription ends you keep read access to everything you've created — nothing is deleted just because you stopped paying.
- Inactive accounts are deleted after 12 months. If you don't use Triplium at all for 12 months, we delete the account and its data — including accounts that were never signed up. We email registered users a warning first.
- Deleting your account is immediate. Your content and account records are erased within 30 days, and backup copies rotate out within 90 days. One deliberate exception: a data export you requested stays downloadable for its remaining validity, so you can still save your journal after deleting the account.
- Exports are available for 30 days, then deleted.
- A few things we must or choose to keep: purchase records for 7 years (Finnish bookkeeping law), support conversations for up to 3 years, and feedback you've sent us — kept after account deletion, but detached from your account.
9. Security
We protect your data with measures matched to how personal it is: encryption in transit and at rest, strict access controls on production systems, and infrastructure providers with recognised independent security certifications. On your device, your journal lives in the operating system's protected app storage — do lock your phone.
No system is perfectly secure. If a breach ever affects your personal data, we'll notify the Finnish Data Protection Ombudsman within 72 hours where required, and tell you without undue delay.
Found a security issue? Email info@triplium.com. We won't pursue good-faith researchers who give us reasonable time to fix things and don't harm other users' data or privacy.
10. Your rights
Your data is yours. You can always:
- See and take it with you — "Download a backup" in the app gives you your journal in portable formats, or email us for a copy of everything we hold about you.
- Correct it — edit anything in the app, or ask us to fix what you can't.
- Delete it — "Delete account" in the app settings, or email us.
- Restrict or object — ask us to pause certain processing, or object to anything we do based on legitimate interest, such as analytics.
- Withdraw consent — where we rely on it (say, optional diagnostics in feedback, or analytics cookies on our website), you can change your mind at any time.
- Complain — to the Finnish Data Protection Ombudsman (tietosuoja.fi) or the data-protection authority in your own country.
Email info@triplium.com to exercise any of these. We respond within 30 days; genuinely complex requests can take up to two months longer, and we'll tell you if so.
One honest limitation: AI processing is integral to Triplium — there is no version of the app without it. If that's not acceptable to you, contact us and we'll help you export your journal and close your account.
11. Cookies and local storage
Our website sets no advertising or tracking cookies. Analytics cookies are used only if you accept them in the cookie banner — decline, and none are set.
The app keeps your journal on your device (and in your browser, for the web app) so it works offline. That's the service working as intended, not tracking, and it needs no separate consent.
12. Children
Triplium is for people aged 16 and over. We don't knowingly collect personal data from anyone younger. If you believe a child under 16 has a Triplium account, email info@triplium.com and we'll delete it.
13. Changes to this policy
As Triplium evolves, this policy will too. Each new version is posted at triplium.com/privacy with an updated date, and prior versions stay available for reference. For material changes we'll email you and show a notice in the app at least 30 days before the change takes effect; using Triplium after that date means you accept the updated policy.
14. Contact
Anything about your privacy: info@triplium.com.
If you're not happy with our answer, you can lodge a complaint with the Finnish Data Protection Ombudsman (Tietosuojavaltuutetun toimisto, tietosuoja.fi/en) or with the supervisory authority in your EU country of residence.
The version rendered at triplium.com/privacy is the authoritative version of this policy.