Privacy Policy

Last updated: 16 February 2026

Introduction

GiTrip is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what data we collect, why we collect it, and your rights regarding that data.

Data We Collect

When you create a GiTrip account, we collect only the data necessary to provide the service:

  • Email address — used for authentication and account identification
  • Name (optional) — displayed on your profile and to collaborators
  • Password — stored as a salted cryptographic hash; we never store your plaintext password

By using the service, we also store:

  • Profile image URL — a link you provide to a publicly accessible image
  • Trip data — repositories, branches, commits, itineraries, and plans you create
  • Collaboration data — records of which users collaborate on which trips
  • Stars — records of trips you have starred

Cookies

GiTrip uses a small number of strictly necessary cookies to operate the service:

  • Session cookie (gitrip_sid) — keeps you signed in. This cookie is HTTP-only, expires after 24 hours, and cannot be read by JavaScript.
  • CSRF cookie (gitrip_csrf) — protects against cross-site request forgery attacks.

We do not use any analytics, advertising, or third-party tracking cookies.

How We Use Your Data

Your personal data is used solely to:

  • Authenticate you and maintain your session
  • Display your name and profile to collaborators on shared trips
  • Enable trip planning, collaboration, and version control features

We do not sell, share, or transfer your personal data to third parties for marketing or any other purpose.

Third-Party Services

GiTrip uses the following external services to provide functionality:

  • OpenStreetMap / Nominatim — for place search and geocoding
  • OpenRouteService — for route calculation and travel time estimates

When you search for places or compute routes, your search queries and coordinates are sent to these services. No personally identifiable information is included in these requests.

Data Retention

Your data is retained for as long as your account is active. If you wish to delete your account and all associated data, you may do so by contacting us (see below).

Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data
  • Portability — request your data in a machine-readable format

To exercise any of these rights, free of charge, please email tatsunori.ono@warwick.ac.uk.

Contact

If you have any questions about this privacy policy, please contact us at tatsunori.ono@warwick.ac.uk.