← pinilloslab.com

Trovelo Privacy Policy

Last updated: July 12, 2026

Summary

Trovelo is a travel-planning app built privacy-first. We operate no servers: the developer never receives, collects, stores, sells, or monetizes your personal data. Everything you create in Trovelo lives on your device and — if you use iCloud — in your own private iCloud account. A small number of features send limited, feature-specific data directly from your device to external services (described in full below), and one optional feature (connecting an AI assistant such as Claude, on Mac) lets you share your trip data with an AI assistant of your choosing. Nothing ever passes through infrastructure we control, because we have none.

This policy explains exactly what data the app handles, where it goes, the legal bases for any processing, and your rights — including your rights under the EU/EEA General Data Protection Regulation (GDPR) and the UK GDPR.

1. Who is responsible (Data Controller)

Trovelo is developed and published by:

Eduardo Pinillos (independent developer)
Contact: nocion.exento_8u@icloud.com

Because Trovelo has no servers, the developer does not hold or have access to any of your data. To the limited extent that the app causes personal data (such as your IP address or a place-name search) to be transmitted to the service providers listed in Section 5, the developer acts as the data controller for determining that such transmissions occur, and this policy serves as the transparency notice required by Articles 13–14 GDPR. Apple, Pexels, and other providers act as independent controllers of the data they receive, under their own privacy policies.

2. Our privacy model

3. Data stored on your device and in your iCloud

Everything you enter in Trovelo is stored locally on your device and, if you are signed in to iCloud, synced through Apple CloudKit inside your personal, private iCloud account. This may include:

iCloud sync is provided by Apple under Apple's Privacy Policy and your agreement with Apple. Trovelo cannot read, access, or recover data in your iCloud account. If you disable iCloud for Trovelo, data stays only on your device.

Trovelo's widget shows a snapshot of your trips stored in a shared container on your device only.

4. Data we do not collect

We do not collect your name, email address, contacts, identifiers, usage statistics, crash logs, advertising data, or any other personal information. We have no means of identifying you.

5. Features that contact external services

Some features need the internet. These requests go directly from your device to the provider — never through Trovelo servers. As with any internet request, the provider technically receives your IP address and standard request metadata, which it processes under its own privacy policy. Trovelo sends the minimum data each feature needs:

FeatureProviderData sent from your deviceProvider's policy
Cover photos for trips and cardsPexels (pexels.com)A place-name search term only (e.g. "Tokyo")Pexels Privacy Policy
Currency conversion for expensesOpen-source exchange-rate dataset served via jsDelivr CDN (with a Cloudflare Pages fallback)A currency code only (e.g. "eur"); never amounts or trip datajsDelivr, Cloudflare
Place search, maps, geocoding, and travel-time estimatesApple Maps (MapKit)The place names you search, and place coordinates for routing/geocodingApple Privacy Policy
Importing a shared map link (e.g. pasting a Google Maps link)Google (only when you import a Google Maps link)The link you chose to import, so it can be resolved to a placeGoogle Privacy Policy
iCloud sync and trip-share linksApple CloudKitYour trip data, within your private iCloud accountApple Privacy Policy
Trovelo Pro purchaseApple App StoreHandled entirely by Apple; Trovelo never sees payment details (Section 11)Apple Privacy Policy

Trovelo never sends your identity, your trip contents, your expenses, or your documents to any of these providers. Photo and currency requests contain no personal content beyond the technical metadata inherent to any web request.

Legal bases (GDPR). These transmissions are necessary to perform the features you actively use (Art. 6(1)(b) GDPR) and pursue our legitimate interest in providing app functionality without operating our own data-collecting servers (Art. 6(1)(f)). You can avoid them entirely by not using the relevant feature or by using the app offline.

6. AI assistant connections (optional, Mac only)

The Mac version of Trovelo Pro can expose your trips to an AI assistant of your choice — such as Anthropic's Claude, or any other assistant that supports the Model Context Protocol (MCP) — through a local connection that exists only on your Mac (a loopback server on 127.0.0.1, protected by a secret token). Trovelo itself never sends anything to any AI provider.

You should understand clearly:

Legal basis (GDPR): your consent (Art. 6(1)(a)), given when you enable the feature; withdrawable at any time by turning it off.

7. Sharing trips with others

If you use Share Trip, Trovelo creates a read-only link through your iCloud account. Anyone who has that link can view the shared trip's full contents (itinerary, places, notes, prices). Share links only with people you trust, and avoid sharing trips containing sensitive attachments. You can stop sharing at any time, which revokes the link. Sharing is performed by Apple CloudKit through your iCloud account; Trovelo servers are not involved (none exist).

You can also export trips as files or videos. Once you export or share something outside the app, its further distribution is under your control, not Trovelo's.

8. Location data

If you grant location permission, your position is used only on-device to show you on the map and improve nearby place suggestions. It is used while you view the map, never in the background, never stored, and never transmitted to the developer or third parties (standard Apple Maps requests aside, per Section 5). Location permission is optional; the app works without it.

9. Photo library scanning (visited places)

The optional "scan my photos" feature reads only the GPS location tags of your photos, entirely on-device, to suggest countries and cities you have visited. Your photos' image content is never read, uploaded, or analyzed. Location clusters are converted to place names using Apple's geocoding service (coordinates are sent to Apple for this, per Section 5). You choose whether to grant photo access, and you can revoke it in system Settings at any time.

10. Documents and sensitive data

You may attach documents to trips — for example boarding passes, insurance PDFs, passport scans, or vaccination records. These attachments:

11. Purchases

Trovelo Pro is a one-time purchase processed entirely by Apple through the App Store using StoreKit. Trovelo never receives or stores your payment details, billing address, or Apple ID. Purchase entitlement is verified on-device.

12. Diagnostics

Trovelo does not use any crash-reporting or analytics service. The app can locally record Apple's standard, anonymous performance metrics (launch time, memory, hang rate) on your device only, auto-deleted after 14 days. This data never leaves your device unless you personally choose to export and send it to us for troubleshooting.

13. Data retention and deletion

We retain nothing, so there is nothing for us to delete. You are in full control:

14. Your rights (EEA, UK, and Switzerland)

Under the GDPR / UK GDPR you have rights of access, rectification, erasure, restriction, portability, and objection, and the right to withdraw consent at any time. Because your data is stored only on your own device and in your own iCloud account:

For data held by Apple, Anthropic, Pexels, or other providers listed above, please direct requests to them as independent controllers; we have no access to that data. You are not subject to any automated decision-making or profiling by Trovelo.

Providing personal data to Trovelo is never a statutory or contractual requirement — every field in the app is optional.

15. International data transfers

The developer transfers no data internationally, because the developer receives no data. Requests your device makes to providers in Section 5 may reach servers outside your country (for example, Pexels in the United States); those providers are responsible for their own transfer safeguards (such as the EU–US Data Privacy Framework or Standard Contractual Clauses) as described in their privacy policies. iCloud data residency is managed by Apple per your Apple ID region.

16. Users outside the EU

The same privacy model applies to every user worldwide. In particular:

17. Children's privacy

Trovelo does not knowingly collect data from anyone, including children. Since no data ever reaches the developer, no children's data can be collected. The app requires no account and shows no ads.

18. Security

Your data is protected by the built-in encryption of iOS and macOS (data protection at rest) and by Apple's encryption of iCloud data in transit and at rest. The optional AI connection is restricted to your own machine (localhost) and protected by a randomly generated secret token that you can rotate. No security measure is absolute; we recommend using a device passcode and two-factor authentication on your Apple ID.

19. Changes to this policy

If we change this policy, we will update the "Last updated" date above and, for material changes (such as any new external service), describe the change in the app's release notes. Continued use after an update constitutes acceptance of the revised policy. We will never retroactively weaken the core commitment of this policy — no collection of your data on Trovelo servers — without your explicit consent.

20. Contact

Questions or privacy requests: nocion.exento_8u@icloud.com. We answer data-protection inquiries within 30 days.