Last updated: July 12, 2026
Trovelo is a travel-planning app built privacy-first. We operate no servers: the developer never receives, collects, stores, sells, or monetizes your personal data. Everything you create in Trovelo lives on your device and — if you use iCloud — in your own private iCloud account. A small number of features send limited, feature-specific data directly from your device to external services (described in full below), and one optional feature (connecting an AI assistant such as Claude, on Mac) lets you share your trip data with an AI assistant of your choosing. Nothing ever passes through infrastructure we control, because we have none.
This policy explains exactly what data the app handles, where it goes, the legal bases for any processing, and your rights — including your rights under the EU/EEA General Data Protection Regulation (GDPR) and the UK GDPR.
Trovelo is developed and published by:
Eduardo Pinillos (independent developer)
Contact: nocion.exento_8u@icloud.com
Because Trovelo has no servers, the developer does not hold or have access to any of your data. To the limited extent that the app causes personal data (such as your IP address or a place-name search) to be transmitted to the service providers listed in Section 5, the developer acts as the data controller for determining that such transmissions occur, and this policy serves as the transparency notice required by Articles 13–14 GDPR. Apple, Pexels, and other providers act as independent controllers of the data they receive, under their own privacy policies.
Everything you enter in Trovelo is stored locally on your device and, if you are signed in to iCloud, synced through Apple CloudKit inside your personal, private iCloud account. This may include:
iCloud sync is provided by Apple under Apple's Privacy Policy and your agreement with Apple. Trovelo cannot read, access, or recover data in your iCloud account. If you disable iCloud for Trovelo, data stays only on your device.
Trovelo's widget shows a snapshot of your trips stored in a shared container on your device only.
We do not collect your name, email address, contacts, identifiers, usage statistics, crash logs, advertising data, or any other personal information. We have no means of identifying you.
Some features need the internet. These requests go directly from your device to the provider — never through Trovelo servers. As with any internet request, the provider technically receives your IP address and standard request metadata, which it processes under its own privacy policy. Trovelo sends the minimum data each feature needs:
| Feature | Provider | Data sent from your device | Provider's policy |
|---|---|---|---|
| Cover photos for trips and cards | Pexels (pexels.com) | A place-name search term only (e.g. "Tokyo") | Pexels Privacy Policy |
| Currency conversion for expenses | Open-source exchange-rate dataset served via jsDelivr CDN (with a Cloudflare Pages fallback) | A currency code only (e.g. "eur"); never amounts or trip data | jsDelivr, Cloudflare |
| Place search, maps, geocoding, and travel-time estimates | Apple Maps (MapKit) | The place names you search, and place coordinates for routing/geocoding | Apple Privacy Policy |
| Importing a shared map link (e.g. pasting a Google Maps link) | Google (only when you import a Google Maps link) | The link you chose to import, so it can be resolved to a place | Google Privacy Policy |
| iCloud sync and trip-share links | Apple CloudKit | Your trip data, within your private iCloud account | Apple Privacy Policy |
| Trovelo Pro purchase | Apple App Store | Handled entirely by Apple; Trovelo never sees payment details (Section 11) | Apple Privacy Policy |
Trovelo never sends your identity, your trip contents, your expenses, or your documents to any of these providers. Photo and currency requests contain no personal content beyond the technical metadata inherent to any web request.
Legal bases (GDPR). These transmissions are necessary to perform the features you actively use (Art. 6(1)(b) GDPR) and pursue our legitimate interest in providing app functionality without operating our own data-collecting servers (Art. 6(1)(f)). You can avoid them entirely by not using the relevant feature or by using the app offline.
The Mac version of Trovelo Pro can expose your trips to an AI assistant of your choice — such as Anthropic's Claude, or any other assistant that supports the Model Context Protocol (MCP) — through a local connection that exists only on your Mac (a loopback server on 127.0.0.1, protected by a secret token). Trovelo itself never sends anything to any AI provider.
You should understand clearly:
Legal basis (GDPR): your consent (Art. 6(1)(a)), given when you enable the feature; withdrawable at any time by turning it off.
If you use Share Trip, Trovelo creates a read-only link through your iCloud account. Anyone who has that link can view the shared trip's full contents (itinerary, places, notes, prices). Share links only with people you trust, and avoid sharing trips containing sensitive attachments. You can stop sharing at any time, which revokes the link. Sharing is performed by Apple CloudKit through your iCloud account; Trovelo servers are not involved (none exist).
You can also export trips as files or videos. Once you export or share something outside the app, its further distribution is under your control, not Trovelo's.
If you grant location permission, your position is used only on-device to show you on the map and improve nearby place suggestions. It is used while you view the map, never in the background, never stored, and never transmitted to the developer or third parties (standard Apple Maps requests aside, per Section 5). Location permission is optional; the app works without it.
The optional "scan my photos" feature reads only the GPS location tags of your photos, entirely on-device, to suggest countries and cities you have visited. Your photos' image content is never read, uploaded, or analyzed. Location clusters are converted to place names using Apple's geocoding service (coordinates are sent to Apple for this, per Section 5). You choose whether to grant photo access, and you can revoke it in system Settings at any time.
You may attach documents to trips — for example boarding passes, insurance PDFs, passport scans, or vaccination records. These attachments:
Trovelo Pro is a one-time purchase processed entirely by Apple through the App Store using StoreKit. Trovelo never receives or stores your payment details, billing address, or Apple ID. Purchase entitlement is verified on-device.
Trovelo does not use any crash-reporting or analytics service. The app can locally record Apple's standard, anonymous performance metrics (launch time, memory, hang rate) on your device only, auto-deleted after 14 days. This data never leaves your device unless you personally choose to export and send it to us for troubleshooting.
We retain nothing, so there is nothing for us to delete. You are in full control:
Under the GDPR / UK GDPR you have rights of access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent at any time. Because your data is stored only on your own device and in your own iCloud account:
For data held by Apple, Anthropic, Pexels, or other providers listed above, please direct requests to them as independent controllers; we have no access to that data. You are not subject to any automated decision-making or profiling by Trovelo.
Providing personal data to Trovelo is never a statutory or contractual requirement — every field in the app is optional.
The developer transfers no data internationally, because the developer receives no data. Requests your device makes to providers in Section 5 may reach servers outside your country (for example, Pexels in the United States); those providers are responsible for their own transfer safeguards (such as the EU–US Data Privacy Framework or Standard Contractual Clauses) as described in their privacy policies. iCloud data residency is managed by Apple per your Apple ID region.
The same privacy model applies to every user worldwide. In particular:
Trovelo does not knowingly collect data from anyone, including children. Since no data ever reaches the developer, no children's data can be collected. The app requires no account and shows no ads.
Your data is protected by the built-in encryption of iOS and macOS (data protection at rest) and by Apple's encryption of iCloud data in transit and at rest. The optional AI connection is restricted to your own machine (localhost) and protected by a randomly generated secret token that you can rotate. No security measure is absolute; we recommend using a device passcode and two-factor authentication on your Apple ID.
If we change this policy, we will update the "Last updated" date above and, for material changes (such as any new external service), describe the change in the app's release notes. Continued use after an update constitutes acceptance of the revised policy. We will never retroactively weaken the core commitment of this policy — no collection of your data on Trovelo servers — without your explicit consent.
Questions or privacy requests: nocion.exento_8u@icloud.com. We answer data-protection inquiries within 30 days.