Privacy Policy

Effective date: June 28, 2026

TripBoard ("the app") is developed by Nils Fragel. This policy explains how the app handles your data.

Data Storage and Sync

All data you create in TripBoard (trips, activities, expenses, and receipts) is stored on your device and synced to your personal iCloud account using Apple's CloudKit. This sync is handled entirely by Apple's infrastructure. We do not operate servers that store this data, apart from the optional mail-forwarding service described below.

Collaboration

When you share a trip with others, data is shared through iCloud using Apple's CloudKit sharing. Participant names and identifiers are managed by Apple. We do not collect or store this information separately.

Location

The app may request access to your location to help you find nearby places when adding activities or expenses. Your location is used on-device only and is not transmitted to any server. You can deny or revoke location access at any time in Settings.

No Tracking

TripBoard does not:

App Store Analytics

TripBoard contains no analytics SDK of its own. However, Apple provides us with standard App Analytics through App Store Connect — aggregated, anonymised statistics such as downloads, app sessions, active devices, and crash reports. This data is collected and aggregated by Apple, cannot be used to identify you individually, and is only shared with us for users who have agreed to share analytics with app developers. You control this in Settings → Privacy & Security → Analytics & Improvements on your device, and it is governed by Apple's Privacy Policy.

Data on Your Device

The app stores your preferences (such as preferred currency and appearance mode) locally using UserDefaults. Receipt images are stored in the app's sandboxed file storage on your device and synced via iCloud.

Mail Forwarding Service

TripBoard offers an optional feature that lets you forward confirmation emails (for example flight or hotel bookings) into a trip. You enable it by registering and confirming your email address in the app. Registering is entirely voluntary; if you never enable it, none of the processing below takes place.

What we process

Processor and where data is stored

The forwarding service runs on Cloudflare, which acts as our processor (Auftragsverarbeiter) under a data-processing agreement. The service is configured for data residency in the European Union.

How long we keep it

Legal basis

We process this data on the basis of your consent (Art. 6(1)(a) GDPR), which you give by registering your email address. You can withdraw it at any time by deleting your registration, with effect for the future.

Contact Form

Our website offers a contact form. If you use it, the name you optionally provide, your email address and your message are transmitted to us by email and used solely to handle your enquiry. We do not store these submissions in a database; the message lives in our mailbox like any other email, and your email address is set as the reply address so we can respond.

Spam protection (Cloudflare Turnstile)

To protect the form against automated abuse, it uses Cloudflare Turnstile. When you submit the form, Turnstile runs a verification challenge in your browser and may process technical information — including your IP address, browser characteristics and interaction signals — to distinguish humans from bots. Turnstile is designed to be privacy-friendly and, according to Cloudflare, is not used for cross-site advertising or tracking. This processing is carried out by Cloudflare as our processor; see Cloudflare's Privacy Policy. The legal basis is our legitimate interest in preventing spam and abuse (Art. 6(1)(f) GDPR).

To limit how many submissions come from a single source per day, we keep a short-lived counter keyed by a one-way hash of your IP address (not the IP itself). These counters are automatically deleted within a few days.

Where data is processed

The contact form and Turnstile verification run on Cloudflare's infrastructure. Cloudflare may process data outside the EU; appropriate safeguards (such as the EU Standard Contractual Clauses) apply.

Children's Privacy

The app does not knowingly collect personal information from children under 13.

Changes to This Policy

If this policy changes, the updated version will be posted at this URL with a new effective date.

Contact

If you have questions about this policy, contact privacy@tripboard.cloud.