Privacy Policy

When you create an account we collect:

• Account information: your full name, email address, phone number, employee ID, and home base
• Delta credentials: your Delta employee ID and portal password, encrypted before storage (see Section 3)
• Rotation preferences: the criteria you configure for monitoring
• Alert history: records of rotations we found that matched your preferences
• Billing information: subscription status managed by Stripe — we never see or store your full card number

We use your information solely to provide the Trip Fetch service:

• Your Delta credentials are used only to log into Delta scheduling portals to check for rotation availability on your behalf
• Your phone number is used only to send SMS rotation alerts when you have SMS notifications enabled
• Your email address is used to send rotation alerts, billing receipts, and important account notices
• We do not use your information for advertising or sell it to third parties

We take the security of your Delta credentials seriously. Before your credentials are stored in our database they are encrypted using AES-256-CBC encryption. The encryption key is stored separately from the database and is never logged or transmitted.

Credentials are decrypted only in memory at the time they are needed for portal monitoring, and are immediately discarded after use. We do not store plaintext credentials anywhere.

We share data with the following third parties only as necessary to operate the service:

• Supabase — database and authentication provider. Stores your account data and preferences.
• Stripe — payment processor. Handles subscription billing. Receives your email for customer records.
• Twilio — SMS delivery. Receives your phone number and alert message content to deliver text notifications.
• Resend — email delivery. Receives your email address and alert content to deliver email notifications.

We do not share your data with any other third parties.

Your data is retained for as long as your account is active. If you delete your account, your personal information and credentials are permanently deleted within 30 days. Alert history may be retained in anonymized form for service improvement purposes.

You may at any time:

• Access or export your data by contacting support
• Remove your Delta credentials from the Connect Delta Account page in your dashboard
• Cancel your subscription from the Billing page
• Request deletion of your account and all associated data by contacting support

Trip Fetch uses only essential cookies required for authentication (session tokens). We do not use tracking cookies or third-party analytics.

We may update this Privacy Policy from time to time. We will notify you of material changes by email. Continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

Questions about this Privacy Policy or your data? Contact us at support@tripfetch.app.