How we handle your data

Effective: April 24, 2026 · Last updated: April 24, 2026

Quick summary: We collect what we need to run Waypoint — your account info, the trip data you put in, and what you do in the app. We share data only with the vendors that power the service (listed below). We never sell your data. You can export everything or delete your account at any time.

1. Who we are

Waypoint is operated by Triggers Media LLC, based in Texas, USA. When this policy says "we," "us," or "Waypoint," it means Triggers Media LLC.

Contact: hello@waypointtravel.ai

2. What we collect

Account information

Email address (used to sign in via magic link or Google OAuth)
Full name (if you sign up via Google, or if you add it manually)
Profile preferences (home airport, default per diem, forwarding alias)

Trip content (the data you put in)

Conference names, dates, locations, registration fees, notes
Flight and hotel confirmation details
Conference agendas and personal commitments
Business contacts you add or scan
Expenses you log or scan
Trip recaps, ratings, and takeaways

This is your data. You own it. We process it on your behalf to provide the Waypoint service.

Forwarded emails

If you forward an email to your unique Waypoint address (e.g., wp_abc123@in.waypointtravel.ai), we receive that email through Cloudflare Email Routing, parse it with AI to extract trip details, and either file it to a matching trip or place it in your Inbox. We do not store the original email body long-term — only the structured fields the AI extracts (trip name, dates, flight numbers, etc.) and a short text preview for your reference.

Payment information

If you upgrade to a paid plan, payment is processed by Stripe. We do not store your card number, CVV, or full payment details on our servers. We store only the Stripe customer ID and subscription metadata needed to manage your plan (tier, billing interval, period end date).

Usage data

We log every AI-powered action (token counts, action type, model used) to track operational costs and enforce rate limits. This data is associated with your user ID but contains no personal content.

Marketing attribution

If you arrive at our signup page from a marketing link with UTM parameters (utm_source, utm_medium, utm_campaign), we store those values on your profile to understand which channels bring users to Waypoint.

3. How we use your data

Provide the service. Show your trips, parse your forwarded emails, run AI extraction, send notifications.
Bill you. If you're on a paid plan, manage subscriptions and process payments via Stripe.
Communicate. Send transactional emails (sign-in links, payment receipts, important account updates). We may also send onboarding emails to help you get started; you can unsubscribe at any time.
Improve the product. Analyze aggregate usage to understand what's working. We never read individual trip content for product analytics.
Prevent abuse. Detect suspicious activity, enforce rate limits.

4. Who we share data with (subprocessors)

To run Waypoint, we send portions of your data to a small set of trusted vendors. Each is contractually required to protect your data:

CloudflareHosting, DNS, email routing, edge compute. Receives all web traffic and API requests.

SupabasePostgres database + authentication. Stores your account, trips, contacts, expenses.

Anthropic (Claude)AI processing. Receives the text/image content you submit for extraction or concierge chat.

StripePayment processing. Receives your payment details directly — we never see them.

ResendTransactional email. Sends magic links, payment receipts, onboarding emails.

GoogleOAuth sign-in. Only if you choose to sign in with Google.

Open-MeteoWeather forecasts for your destination cities. We send only the city name.

OpenStreetMap (Nominatim)Address geocoding for one-tap rideshare. We send hotel and venue addresses.

We do not sell your data. We do not share your data with advertisers. We do not run ad networks or third-party tracking scripts.

5. Data retention

We keep your account and trip data for as long as you have an active Waypoint account. If you delete your account, we delete all your associated data within 30 days, except where retention is required by law (e.g., financial records for tax purposes).

Forwarded email contents (the original raw email body) are not retained — only the AI-extracted structured fields and a short preview.

6. Your rights

You have the right to:

Access your data — everything is visible in the app.
Export your data — email us at hello@waypointtravel.ai and we'll send you a JSON or CSV export.
Correct your data — edit or delete anything in the app at any time.
Delete your account — email us and we'll delete it within 30 days. Currently this is a manual request; in-app self-serve deletion is on our roadmap.
Withdraw consent for marketing emails — unsubscribe link in every marketing email.

If you're in the EU/UK, you have additional rights under GDPR (data portability, right to be forgotten, right to lodge a complaint with a supervisory authority). Same email contact for those requests.

7. Cookies and tracking

We use only essential cookies: an authentication cookie set by Supabase to keep you signed in, and brief sessionStorage entries for things like UTM parameters and referral codes. We do not use third-party analytics scripts (Google Analytics, Facebook Pixel, etc.).

8. Security

We take the security of your data seriously:

All traffic to and from Waypoint is encrypted with HTTPS (TLS 1.3).
Your data in our database is protected by Row-Level Security — you can only access your own rows.
Passwords are not stored at all — we use magic links and OAuth.
Payments are handled directly by Stripe; we never see card details.
API keys and secrets are stored in Cloudflare Workers' encrypted secret vault.

No system is 100% secure. If we ever experience a breach affecting your data, we will notify you within 72 hours of confirming it.

9. Children's data

Waypoint is built for working professionals and is not intended for anyone under 16. We do not knowingly collect data from children. If you believe a child has signed up, contact us and we'll delete the account.

10. International transfers

Waypoint operates from the United States. If you access Waypoint from outside the US, your data is transferred to and processed in the US. By using Waypoint, you consent to this transfer.

11. Changes to this policy

If we make material changes to this policy, we'll email all account holders at least 30 days before the changes take effect. Minor changes (typo fixes, clarifications) we'll publish without notice.

12. Contact us

Questions, corrections, or requests:

Email: hello@waypointtravel.ai
Mail: Triggers Media LLC, Texas, USA