DayTriply ("we", "us", or "our"), a sole trader registered in the Dutch Chamber of Commerce (KVK) under number 42043424, is committed to protecting your privacy. This Privacy Policy explains what information we collect when you use the DayTriply mobile application ("App"), how we use it, and your choices regarding your data.
By using DayTriply, you agree to the collection and use of information in accordance with this policy.
When you create an account by signing in with Apple or Google, we collect (as permitted by that provider):
We automatically collect information about how you interact with the App:
The App may request access to your device's location to suggest nearby cities, improve location-based planning, and support routing features. When you grant permission, coordinates may be processed on your device and sent to our servers (including Supabase-backed services and secure server-side functions) to resolve the nearest city, enforce usage limits, and run plan generation. That information may also be transmitted to AI providers as described in Section 4. For signed-in users, parameters associated with a successful generation (which can include location-related fields) may be stored in your account history. You can deny or revoke location permission in your device settings; some location-dependent features may then be unavailable.
In-app purchases are processed by the store on your device: Apple (App Store) on iOS and Google (Google Play) on Android. We do not collect or store your payment card information. We receive anonymised purchase receipts and subscription status from the store via RevenueCat.
We use Amplitude (Amplitude, Inc.) to understand how users interact with DayTriply. Amplitude helps us improve the product experience by analysing aggregated usage patterns.
Data sent to Amplitude includes:
We use Amplitude Session Replay to record anonymised interaction sessions (touch gestures, scroll behaviour, and screen transitions) in order to diagnose usability issues and improve the App.
Session Replay is subject to the following safeguards:
Amplitude's privacy practices are described at amplitude.com/privacy. By default we use Amplitude's EU data region; if we configure the project for the US data region, data may instead be processed in the United States. The active region follows our deployment configuration.
We use Sentry (Functional Software, Inc.) to detect crashes and errors, monitor app stability, and measure performance. Some performance data is collected on a sampled basis, as configured in our SDK.
Data sent to Sentry may include:
We do not intentionally send your name, email address, or the content of your plans to Sentry. In rare cases, fragments of information could appear unintentionally inside an error message or stack trace if the App passes such data into an exception.
Where available for our Sentry project, we aim to use data residency in the European Union; otherwise processing follows Sentry's infrastructure for the region selected in our project settings. Sentry's privacy practices are described at sentry.io/privacy.
| Purpose | Legal basis (GDPR) |
|---|---|
| Provide and improve the App and its features | Legitimate interest / Contract performance |
| Generate personalised day plans based on your preferences | Contract performance |
| Process in-app purchases and manage subscriptions | Contract performance |
| Product analytics (Amplitude) to understand usage patterns | Legitimate interest |
| Session replay analysis (Amplitude) to diagnose UX issues | Legitimate interest |
| Crash and error diagnostics and performance monitoring (Sentry) to keep the App secure and reliable | Legitimate interest |
| Send operational communications related to your account when sent by our authentication infrastructure (for example security notices), where applicable | Contract performance / Legitimate interest |
| Comply with legal obligations | Legal obligation |
We do not sell your personal data to third parties. We do not use your data for targeted advertising.
We share your data only with the following categories of service providers, solely to operate the App:
| Provider | Purpose | Data transferred |
|---|---|---|
| Supabase | Database, authentication, serverless functions | Account data, saved plans, usage limits |
| Amplitude | Product analytics and session replay | Anonymised usage events, interaction recordings |
| Sentry | Crash reporting, error diagnostics, and performance monitoring | Technical diagnostics (e.g. stack traces, device/OS, release ID); may include pseudonymous session or device-related identifiers under GDPR |
| RevenueCat | In-app purchase management | Anonymised purchase receipts |
| Apple (App Store) | App distribution and in-app purchase processing on iOS | Governed by Apple's Privacy Policy |
| Google (Google Play) | App distribution and in-app purchase processing on Android | Governed by Google's Privacy Policy |
| Google (Maps, Places, and related services) | Map display (notably on Android), geocoding, place details, and place imagery as used in the App | Map usage, place names or queries, and coordinates as needed to show maps and resolve locations; subject to Google's applicable policies |
| Pexels | Stock photography used when resolving some place images on our servers | Search-related metadata sent from our infrastructure to match images |
| Google Cloud — Vertex AI (Gemini) | Plan generation and personalization inference | Your plan inputs (city, date, preferences, transport, dietary) and, for registered users with personalization enabled, an aggregated semantic summary of your prior likes/saves/feedback. No raw account identifiers; data is not used to train Google's foundation models (Vertex AI customer data terms apply). |
To turn your inputs into a structured day plan, DayTriply sends them to Google Cloud Vertex AI (Gemini) for inference. We send only the data we need to produce a plan — your selected city, date, time window, preferences, transport, dietary restrictions, and (for registered users with Personalization enabled) an aggregated semantic summary of your prior in-app activity. We do not send your raw account identifiers, contact information, or device identifiers to the AI provider, and Google's standard customer-data terms for Vertex AI prevent your inputs from being used to train its foundation models.
We also use two adjacent Google services with the same protections: Google Search grounding (via Vertex) — used to fact-check AI-generated content against the open web; only the AI's own draft text is forwarded, never your personal identifiers — and Google Maps Platform — for geocoding venue names and travel time estimates.
If you are signed in and Personalization is enabled, we periodically distil your in-app activity into a short text "taste profile" (3–8 sentences) and reuse it on future plan generations to tailor suggestions to your style. The signals that contribute to this profile are:
The taste profile is stored on your account, never shared with other users, and never used to train Google's or anyone else's foundation models.
All controls live in Profile → Privacy:
Anonymous users are never personalized. If you use DayTriply without an account, we do not build or send a personalization profile for you to the AI provider, regardless of toggle state.
You give explicit consent to the AI processing described above when you first launch DayTriply (the AI consent screen). A record of your consent and personalization choice is kept in our database for audit purposes. Changes to the personalization scope take effect when this Privacy Policy is updated (see §14 below).
You can use DayTriply without creating an account. In this case, we assign you a persistent anonymous identifier stored locally on your device. This identifier is used solely to track your free plan quota and is not linked to any personal information.
If you later create an account, your anonymous usage history may be migrated to your account at our discretion to preserve your plan quota.
DayTriply is operated from the European Union (Netherlands). Some of our service providers process data outside the European Economic Area (EEA) or United Kingdom, including in the United States. Where personal data is transferred outside the EEA/UK, we rely on lawful transfer mechanisms, including:
The active processing region for some providers (notably Amplitude and Sentry) follows our project configuration and is described in Section 2. Vertex AI processing (Section 5) may take place in regions selected by Google Cloud, with customer-data terms in place to limit use of your inputs.
You may request a copy of the relevant safeguards by contacting us at Hello.daytriply@gmail.com.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights:
If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (as amended by the CPRA):
You may exercise these rights using the contact details below. We may need to verify your identity before fulfilling certain requests. You may also designate an authorized agent to act on your behalf.
If you are resident in another jurisdiction with applicable data protection legislation — including, without limitation, Brazil (LGPD), Canada (PIPEDA and Quebec Law 25), Australia (Privacy Act 1988), Japan (APPI), South Korea (PIPA), and South Africa (POPIA) — you may have equivalent or analogous rights. We will honour requests to the extent required by the law applicable to you.
To exercise any of the rights above, contact us at Hello.daytriply@gmail.com. We will respond within the timeframe required by the applicable law (typically 30 days under the GDPR; 45 days under the CCPA, extendable by a further 45 days where reasonably necessary).
You can also request account and data deletion directly from within the App via Profile → Privacy → Delete account.
DayTriply is not directed at children. We do not knowingly collect personal information from children under the age of 13 (or, where a higher minimum age applies under your local law, that higher age — for example, 16 in much of the EU, with variations between Member States).
In the United States, we comply with the Children’s Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children under 13. In the EEA, the United Kingdom, and other jurisdictions where the GDPR or comparable laws set a higher age threshold for children’s digital consent, we apply that local age threshold.
If you believe a child has provided us with personal information without the required parental or guardian consent, please contact us at Hello.daytriply@gmail.com and we will delete it promptly.
We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and at rest. However, no method of transmission over the internet is 100% secure.
DayTriply lets you create a public share link for a plan. Anyone who has the link can open the plan in a web browser. Shared plans are anonymous — they are not labelled with your name or account, and the link contains a long random identifier so a plan cannot be found by guessing.
Search-engine indexing. A shared plan may be indexed by search engines (for example, appear in Google results) only if both of the following are true:
Any plan that includes your own added places or notes, or whose date is today or in the future, is marked noindex and remains accessible only to the people you give the link to. You can stop sharing a plan, or delete it, at any time; once removed, the link stops working and the plan is no longer served, so search engines drop it over time.
This section applies to the DayTriply website (daytriply.com), including shared-plan pages. The mobile App does not use browser cookies; the analytics and crash reporting described in Section 2 are handled in-app, not via cookies.
When you first visit the website, a cookie consent banner appears in the corner of the page. Non-essential cookies and scripts stay switched off until you accept them — nothing in the Analytics or Marketing categories runs beforehand. You can review or change your choice at any time by clicking the cookie icon in the bottom-left corner of any page, which reopens the preferences panel. Your choice applies across the site.
The banner is provided by the Silktide Consent Manager. We group cookies into three categories:
| Category | What it does | Default |
|---|---|---|
| Essential | Remembers your consent choice so the banner works correctly on future visits. Cannot be switched off. | Always on |
| Analytics (opt-in) | Reserved for product analytics (Amplitude) to understand how the website is used. Currently inactive — see below. | Off until you accept |
| Marketing (opt-in) | Loads a Travelpayouts affiliate cookie on plan pages to measure bookings that start from partner links. See below. | Off until you accept |
Your cookie preferences are stored in your browser's local storage on your device. This is what allows the site to remember your choice between visits, and it is required for the consent banner itself to function. It is not used to track you and is not transmitted to our servers for analytics or marketing.
This category is reserved for Amplitude product analytics (described in Section 2). It is off by default and currently inert: at present, accepting Analytics does not load any analytics cookies or scripts on the website. It will only become active once we enable web analytics, at which point your opt-in choice will apply. Until then, no website analytics are collected regardless of this setting.
On shared plan pages, accepting Marketing loads an affiliate script from our travel-partner network, Travelpayouts (the affiliate programme behind Aviasales; the script is served from the domain emrldtp.cc). It sets a cookie that lets Travelpayouts attribute bookings that begin from partner links on the page, so we may earn a commission that helps keep this content free. This cookie is not used by us to build an advertising profile of you, and we do not receive any advertising identifiers.
If you decline Marketing — or accept and later revoke it — the affiliate script is not loaded, and the page reloads to remove it. No affiliate or marketing cookies are loaded on the landing page or these legal pages; the Travelpayouts script is present only on shared plan pages, and only after you accept.
For data it collects through this cookie, Travelpayouts / Aviasales acts as an independent data controller. Its privacy practices are described in the Travelpayouts Privacy Policy.
You can withdraw consent at any time using the cookie icon. Withdrawal does not affect any processing that took place while your consent was active.
We may update this Privacy Policy from time to time to reflect changes to our service, the way we process data, or applicable law. Updates take effect when posted on this page; the "Last updated" date at the top reflects the most recent revision. We encourage you to review this policy periodically. Continued use of DayTriply after an update constitutes acceptance of the revised policy.
If you have any questions about this Privacy Policy or how we handle your data, please contact us: