This Privacy Policy explains what information Travel Heist(“we”, “us”, “our”) collects when you use our mobile applications, website at thetravelheist.com, and related services (together, the “Service”), how we use that information, with whom we share it, and the choices you have.
1. Information we collect
Below is the complete list of data Travel Heistcollects, where it’s collected and why it’s used. We only collect what the Service needs to work.
| Data | Where collected | Purpose |
|---|---|---|
| Name (first, last) | Signup / Profile | Display to other users |
| Signup, Google or Apple sign-in | Authentication, account recovery | |
| Phone number | Signup (optional) | OTP verification |
| Password | Signup | Authentication (stored hashed) |
| Profile photo | Profile edit | Display to other users |
| Cover photo | Profile edit | Profile personalization |
| Gender | Onboarding | Matching preferences (stay / travel) |
| City, State, Country | Onboarding | Show nearby content |
| GPS location | Nearby & Map features | Show nearby travelers, stays and trips |
| Travel identity | Onboarding | Profile (solo traveler, digital nomad, etc.) |
| Interests | Onboarding | Trip matching & recommendations |
| Bio | Onboarding | Profile display |
| Social links | Onboarding (optional) | Instagram / Facebook on profile |
| Preferred destinations | Onboarding | Trip recommendations |
| Messages / chats | In-app messaging | Communication between users |
| Posts & photos | User-created content | Social feed |
| Trips, events, hangouts | User-created content | Core feature |
| Stay listings | User-created content | CoStay (room-sharing) feature |
| Bucket lists | User-created content | Travel planning |
| Device token | Push notifications | Send notifications |
| Last active time | Automatic | Online status display |
| Profile views | Automatic | Analytics shown to the profile owner |
We also collect standard technical data to keep the Service running: device type, operating system, app version, language, IP address, crash logs and basic diagnostics. On our website we use a minimal set of cookies and local storage to keep you signed in.
2. How we use information
- Create and secure your account and authenticate you across sessions.
- Match you with relevant trips, events, hangouts, stays and travelers — including location-based discovery, “nearby” feeds and the map.
- Deliver in-app chat, group conversations and push notifications.
- Keep the Service safe: detect abuse, spam, impersonation, fraud and policy violations.
- Respond to you when you contact support.
- Measure product performance, fix bugs and improve features.
- Comply with legal obligations and enforce our Terms.
3. Third-party services that access data
We rely on trusted third parties to run the Service. Each is bound by its own privacy policy and — where applicable — by contract with us.
| Service | Data shared | Purpose |
|---|---|---|
| Firebase (Google) | Email, phone, device token | Authentication, push notifications |
| Google Sign-In | Email, name, profile picture | Social login |
| Apple Sign-In | Email, name | Social login |
| Geolocator (device location APIs) | GPS coordinates | Nearby features |
We do not sell your personal information and we do not share your contact information with advertisers.
4. Location data
Location is central to Travel Heist. We use it to rank nearby users, trips, events, hangouts and rooms; to power the map; and to surface city-specific community circles. You can:
- Turn off precise location in your device settings at any time.
- Switch to city-only mode where supported.
- Hide your location from other users in Settings → Privacy.
5. Sharing with other users
Certain information is public by design: your display name, profile photo, cover photo, bio, travel identity, interests, city, social links you’ve chosen to show, and any trips, events, hangouts, stays, posts or bucket lists you publish. Messages are visible only to participants in the conversation. Phone numbers, passwords and email addresses are never shown to other users.
6. Data retention
- Account data is retained for as long as your account is active.
- When you delete your account, we permanently remove your profile, posts and activities within 30 days, except where we must retain records to comply with law, resolve disputes, or prevent abuse.
- Crash and analytics logs are kept for up to 14 months in aggregated form.
- Backups may persist for up to 90 days before they are overwritten.
7. Your rights
Depending on where you live, you have some or all of the following rights:
- Access — request a copy of the information we hold about you.
- Correction — update inaccurate or incomplete information.
- Deletion — delete your account and associated data. See How to delete your account.
- Objection & restriction — object to, or restrict, certain processing.
- Portability — receive your data in a portable format.
- Withdraw consent — e.g. revoke location or notification permissions at any time.
To exercise these rights, email support@travelheist.in. We respond within 30 days.
8. Children
The Service is not intended for anyone under 18. We do not knowingly collect information from children under 18. If you believe a minor has given us personal information, contact us and we will delete it.
9. Security
We use industry-standard safeguards: encryption in transit (TLS), encryption at rest for credentials, hashed passwords, and least-privilege access controls. No system is perfectly secure; we urge you to use a strong, unique password.
10. International transfers
Your data may be processed in countries other than your own, including the United States and the European Union, where our cloud providers operate. We rely on appropriate safeguards such as standard contractual clauses where required.
11. Changes to this policy
We may update this policy from time to time. If the changes are material, we’ll notify you in-app or by email. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.
12. Contact
Questions, complaints or requests? Email support@travelheist.in.