Privacy Policy

Last updated: May 22, 2026

Last updated: May 22, 2026

Information We Collect

We respect your privacy and are committed to protecting your personal information.

Information We Collect

Collected Information

When you use our travel planning service, we may collect the following information:

  • Account Information: Name, email address, profile information
  • Contact Information: Phone number, mailing address
  • Travel Information: Destinations, itinerary details, travel preferences, budget information
  • Usage Data: Pages visited, features used, search queries, interaction patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies & Tracking: Cookie data and similar tracking technologies

Third-Party Information

We may receive information about you from third parties, including:

  • Social media platforms when you connect your account
  • Google Analytics and similar analytics services
  • Email service providers (e.g., SendGrid, Mailgun) for transactional emails
  • Credential providers (e.g., Auth0, Firebase, Okta) for authentication

Automatically Collected Information

We may automatically collect information when you use our Service:

  • Your device's IP address and domain names
  • The type of browser or mobile device you use
  • The pages our customers visit within the App
  • Information about your visit including timing, duration, frequency, content viewed, links clicked, etc.

How We Use Your Information

We use the information we collect to provide, maintain, and improve our Service. Specifically, we use your information to:

  • Provide and Maintain Service: Process your account registration, create itineraries, store travel plans, send notifications
  • Personalize Experience: Tailor content, recommendations, and features to your preferences and behavior
  • Improve Service: Analyze usage patterns, fix bugs, enhance functionality, develop new features
  • Communicate With You: Send emails about your account, service updates, important notices, and requested information
  • Support: Respond to your inquiries, provide customer support, resolve issues
  • Compliance: Comply with legal obligations, enforce our Terms of Service, detect and prevent fraud
  • Analytics: Monitor service performance, understand user behavior, measure marketing effectiveness

Marketing Communications

We may send you marketing communications about new features, products, services, events, and promotions. You can opt out at any time by following the unsubscribe link in emails or updating your preferences in your account settings.

Information Sharing & Disclosure

We do not sell, trade, or rent your personal information to others. We may share information in the following circumstances:

  • Service Providers: Third parties who perform services on our behalf (payment processing, email delivery, analytics, cloud hosting)
  • Business Transfers: In connection with a merger, acquisition, or sale of all or part of our business
  • Legal Requirements: To comply with legal obligations, court orders, governmental requests, or applicable laws
  • Protection of Rights: To protect our rights, privacy, safety, or property, and prevent harm or fraud
  • User Consent: With your consent or at your direction

What We Do Not Share

We do not share personally identifiable information with third parties for their marketing purposes without your consent. All sharing is conducted in accordance with applicable privacy laws and regulations.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (SSL/TLS)
  • Encryption of sensitive data at rest
  • Access controls and authentication protocols
  • Regular security audits and vulnerability assessments
  • Security personnel training and awareness programs
  • Data backup and disaster recovery procedures

Despite these measures, no Internet or electronic transmission is ever completely secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security. You acknowledge and agree that our Terms of Service and Privacy Policy reflect this risk.

Your Responsibilities

We recommend that you keep your password confidential and log out when using shared or public computers. You are responsible for all activities under your account including any unauthorized access or use of your password. Use caution when entering shared devices and networks, especially when transmitting sensitive information.

Data Retention

We retain your information for as long as reasonably necessary to provide our services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Generally, we retain:

  • Active Accounts: As long as your account is active
  • Inactive Accounts: For a reasonable period after account closure to honor requests, resolve disputes, and comply with legal obligations
  • Travel Data: Until you delete it or as necessary for service provision
  • Analytics & Aggregate Data: As long as we operate
  • Accountant & Tax Records: Minimum 7 years for accounting and tax purposes

After your account is deleted, we will retain some information only as needed to comply with legal, regulatory, and tax obligations. We will also retain anonymous, aggregated data that cannot be used to re-identify you for research and development purposes.

Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@stippl.io and we will do our best to promptly delete such information.

Terms of Service

By accessing or using our service, you represent and warrant that you are at least 18 years of age (or the legal age for entering into binding contracts in your jurisdiction) and have the legal capacity to consent to the collection and use of your personal information.

Cookies & Tracking Technologies

We and our service providers use cookies, pixels, tags, beacons, and various technologies to collect information.

  • What are cookies? Cookies are small data files stored on your device when you visit our website or use our service. They help us remember you and provide features, remember preferences, and analyze site traffic.
  • How do we use cookies? To enable core functionality like login sessions, personalize content, track user behavior, measure analytics, deliver targeted ads, and perform A/B testing
  • Types of cookies we use Essential/Functional (required for service), Performance/Analytics (site optimization), Functionality/preferences (customization), Advertising/tracking (marketing effectiveness)

Third-Party Cookies & Services

We may use services from third-party vendors that set cookies on your device, including Google Analytics for web analytics, payment processors like Stripe or PayPal, authentication providers, and advertising platforms. These third parties have their own privacy policies.

Managing Cookies

Most web browsers are set to accept cookies by default. You can control and delete cookies through your browser settings. However, disabling cookies may impact your ability to use certain features of our Service.

Local Information Storage

We may use local storage technologies (localStorage, cookies) to store certain information on your device. This helps the Service remember your preferences and settings. All local data is stored securely and only used for the purposes described in this Policy.

International Data Transfers

Our servers, third-party service providers, and data processes may be located in different regions, countries, or jurisdictions. Personal information collected from Vietnam may be transferred to and processed in the United States and other countries for our global services.

Transfer Safeguards

When transferring data internationally, we implement appropriate safeguards including:

  • Binding Corporate Rules approved by the EU Commission
  • EU-US and Swiss-US Privacy Shield Frameworks (as applicable)
  • Adequacy assessments demonstrating equivalent protection
  • Standard Contractual Clauses for cross-border data transfers
  • Contractual undertakings to protect data rights under the EU-U.S. and Swiss-U.S. Privacy Shield Framework

Your Consent

Your use of our Service constitutes consent to the transfer, processing, and maintenance of your information outside Vietnam. You understand that such transfers may mean the data is subject to laws different from those that apply in Vietnam. If you do not agree with international transfers, please do not use our Service.

European Union GDPR Compliance

GDPR Information for EU Residents

If you are located in the European Union (EU), this section provides information about your GDPR rights and how we comply with applicable data protection regulations.

Your Right to Access

You have the right to access your personal data and confirm whether we process it. Upon request, we will provide a copy of the personal data we hold about you in accordance with GDPR Article 15. Contact us at info@stippl.io to exercise this right.

Right to Rectification

You have the right to have inaccurate or incomplete personal data corrected without delay. Contact us through your account settings or email at info@stippl.io to request corrections.

Right to Erasure (The Right to be Forgotten)

You may request deletion of your personal data under certain circumstances. Contact us at info@stippl.io to initiate such a request. Some data may be retained legally required periods.

Right to Object

You may object to the processing of your personal data. Specifically, you can opt out of direct marketing communications at any time through email links or in your account settings.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format. Contact us at info@stippl.io to request data portability.

Right to Withdraw Consent

If we process your data based on consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing before withdrawal.

Data Protection Officer

While we do not have a formally appointed DPO, your requests for GDPR-related matters can be directed to our data privacy email at info@stippl.io.

Automated Individual Decision-Making / Profiling

We do not engage in automated individual decision-making or profiling that creates legal consequences or significantly affects you. Personalization features use your data to recommend content but do not create binding decisions.

Exercise Your Data Protection Rights

You may exercise the rights provided above by contacting us at info@stippl.io. We will respond to valid requests within 30 days and provide information free of charge.

Request Information About Processing

You may request information about the logic involved in automated processing and your statutory rights. Contact us at info@stippl.io for details about our data processing activities.

Complaint Authority

If you have any complaints about our processing of your personal data, please contact us first. You also have the right to lodge a complaint with your local supervisory authority. The applicable supervisory authority is:

Vietnam Communications Registry
Email: www.mttc.gov.vn

Opt-Out Link

You can opt out of personalized ads or tracking by using the provided links in our email communications or account privacy settings.

DPO Contact

"Do Not Track"

Some browsers include a "Do Not Track" feature that sends a signal to websites indicating you do not want your online activities tracked. Our Service does not currently respond to "Do Not Track" browser settings due to current legal uncertainty and because we use cookies for essential service functionality (session management, preferences) alongside legitimate analytics.

Our Policy

We do not sell or rent your information to third parties, and we use cookies primarily for analytics, security, performance, and service delivery purposes. You may control cookie usage through browser settings.

Data Privacy & Protection Act Compliance

We comply with applicable data privacy regulations including the Vietnam Law on Cyber Security.

Regulatory Oversight

As a provider under the Vietnam Law on Cyber Security, we are accountable to:

  • Vietnam Communications Registry for cybersecurity and privacy compliance
  • National Cyber Security Agency regarding data protection standards

Privacy Complaints

Contact: info@stippl.io with privacy complaints or DPA concerns.

Supervisory Authority for Privacy Complaints

Contact the Vietnam Communications Registry: www.mttc.gov.vn

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll notify you via email or through a prominent notice on our Service prior to the change becoming effective. Continued use of the Service after any changes constitutes consent to amend and/or modify those terms.

Last Review

This Privacy Policy was last reviewed on May 22, 2026. The next review is scheduled within the next year.

Notification of Changes

We will notify users of changes by sending a notice to the primary email address registered with you and/or displaying a prominent notice on the Service. Updated Privacy Policy effective dates are noted at the top of each revision.

Contact Us

If you have any questions or suggestions about this Privacy Policy, please contact us at:

Email

info@stippl.io

Company

Stippl.io

Data Protection Officer

info@stippl.io

Supervisory Authority

Vietnam Communications Registry

www.mttc.gov.vn

Response Time

We will respond to your messages as soon as possible but take no less than 24 hours and no more than 30 days.

Security Notice

We take your privacy seriously. When sending an email about concerns, personal data, or sensitive matters, please include the word "Privacy" in your subject line.

Back to home