Privacy Policy

Trovea (“Trovea”, “we”, “us”) provides an AI-powered travel planning service that researches flights, stays and experiences and remembers your tastes so future trips pick up where the last one left off. We are the data controller for the personal data described here. For privacy questions, email privacy@trovea.ai.

• Account data. When you sign in we receive your email address and basic profile details from your chosen sign-in method (e.g. Google), managed by our authentication provider, Supabase.
• Travel preferences (“your Trove”). Interests, styles, budgets, dietary needs, accessibility needs and other preferences you tell the concierge or save in settings.
• Travel companions. Names, relationships, notes and — if you provide it — the email of people you travel with, so plans can account for the whole group.
• Connections. If you connect with another Trovea user, we record that connection and which preferences each of you has chosen to share.
• Trips & chat history. Your conversations with the concierge, saved trips, saved properties and the research generated for them.
• Technical data. Device, browser, IP-derived region and basic usage/log data used to operate and secure the service.

• To provide the service: plan trips, research options and book-ready combinations.
• To personalise recommendations using your Trove and, with consent, your connections' shared preferences.
• To save and resume your trips and chat history across devices.
• To send service communications, such as connection invitations you initiate.
• To secure, debug, analyse and improve the service.
• To comply with legal obligations.

Where the UK GDPR or EU GDPR applies, we rely on: performance of a contract (to deliver the service you ask for); consent (e.g. sharing preferences between connected users, which you can withdraw at any time); legitimate interests (to secure and improve the service, balanced against your rights); and legal obligation where required.

Connecting with another traveller is mutual and consent-based. We only surface a connected person's interests and preferences to you — and yours to them — when both of you have accepted the connection and each has left sharing switched on. You can turn sharing off, or remove a connection entirely, at any time in settings. We never share your private notes, account credentials or full chat history with other users.

We share data with processors who help us run Trovea, under contracts that limit their use of it:

• Supabase — authentication and database hosting.
• Vercel — application hosting and delivery.
• AI model providers — to generate concierge responses. Conversation content is processed to produce answers and is not used by us to train third-party models.
• Research data sources (e.g. travel inventory and web-search providers) — to fetch live flights, stays, prices and local information.
• Email delivery — to send invitations and service messages.

We do not sell your personal data. Some providers may process data outside your country; where they do, we rely on appropriate safeguards such as standard contractual clauses.

We keep your account, Trove and trips for as long as your account is active. You can delete individual trips and saved items at any time. When you ask us to delete your account, we remove your personal data within a reasonable period, except where we must retain limited records to meet legal obligations.

Depending on where you live, you may have the right to access, correct, delete, port or restrict processing of your personal data, and to object to certain processing or withdraw consent. To exercise these rights, email privacy@trovea.ai. You also have the right to complain to your local data protection authority.

We use essential cookies and browser storage to keep you signed in and to temporarily preserve an in-progress conversation across sign-in. We do not use advertising cookies.

Trovea is not directed to children under 16, and we do not knowingly collect their personal data.

We may update this policy from time to time. We'll change the “last updated” date above and, for material changes, provide a more prominent notice.