Privacy Policy and Personal Data Processing

Last updated: 21 June 2026

1. General

This Privacy Policy describes how LetsTripTo LLC (“we”, “us”) processes personal data when you use LetsTripTo at https://letstrip.to and related services (the “Service”).

The Service is available internationally. This Policy is designed to meet common requirements under the EU General Data Protection Regulation (GDPR) and, where applicable, Russian Federal Law No. 152-FZ on personal data.

Effective date: 21 June 2026.

2. Data controller

Data controller: LetsTripTo LLC, Minsk, BY.

For privacy requests contact privacy@letstrip.to.

3. Data we collect

Depending on how you use the Service, we may process:

  • Account data: email address and password (stored by our backend in hashed form).
  • OAuth sign-in: when you use Google, we receive an ID token from Google to authenticate you. See Google Privacy Policy.
  • Profile data: first name, last name, Instagram and Telegram handles, interface language, and map layer preferences.
  • Routes and trips: track names, descriptions, coordinates, imported GPX/KML files, trip dates, and visibility settings (private, link-only, or public).
  • Trip participants: name and optional phone, Telegram, or Viber contact details you or organizers provide; registered participants’ email may be visible to trip organizers.
  • Guest identification: for unauthenticated trip participation we use a browser-generated visitor identifier (FingerprintJS). See FingerprintJS privacy policy.
  • Technical data: IP address, browser type, session cookies, language cookie (NEXT_LOCALE), and an approximate map-center cookie derived from IP or browser locale (letstripto.coarseGeo.v1).
  • Local browser storage: saved map view and basemap shortcuts (stored only on your device until cleared).
  • Precise location: only when you explicitly request “My location” in the map; used locally to center the map and not sent to our servers automatically.

4. Purposes of processing

We process personal data to:

  • Create and manage your account and authenticate you.
  • Store, display, share, and export your routes and trips.
  • Enable trip organization and participant management.
  • Provide map, routing, and geocoding features.
  • Remember your language and approximate map default location.
  • Maintain security, prevent abuse, and comply with legal obligations.

6. Cookies and local storage

We use the following cookies and similar technologies:

  • NEXT_LOCALE — stores your language choice (1 year).
  • Session cookie — issued by our backend to keep you signed in (session or as configured on the server).
  • letstripto.coarseGeo.v1 — stores approximate latitude/longitude for default map center (1 year).
  • localStorage keys (letstripto.lastMapView.v1, letstripto.basemapShortcuts.v1) — store map state on your device until you clear site data.

7. Third-party services

We use service providers that may process data on our behalf or receive data from your browser:

  • Our backend API — primary storage and processing of account, route, and trip data.
  • Google — OAuth sign-in (Google Privacy Policy).
  • FingerprintJS — guest visitor identifier for public trip flows (FingerprintJS privacy policy).
  • OpenStreetMap and other map tile providers — your browser requests map tiles; see OpenStreetMap privacy policy where applicable.
  • BRouter — routing requests include route coordinates.
  • Nominatim (OpenStreetMap) — geocoding search queries are forwarded through our server (Nominatim usage policy).

8. Sharing and disclosure

We do not sell your personal data. We may share data: with trip organizers and participants as you configure trip visibility; with anyone who has a link when you set a track to link-only or public access; with service providers listed above; and when required by law or to protect rights and safety.

9. International transfers

Your data may be processed in countries other than your own, including where our servers or providers are located. Where required, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms.

10. Retention

We keep personal data while your account is active and for a reasonable period afterward, unless a longer retention is required by law. You may delete routes and trips in the dashboard; account deletion requests should be sent to privacy@letstrip.to.

11. Your rights

Depending on your location, you may have the right to access, rectify, erase, restrict, or port your data, object to certain processing, and withdraw consent where processing is consent-based.

EU/UK users may lodge a complaint with their local supervisory authority.

Users in Russia may request clarification, blocking, or destruction of data, and may appeal to Roskomnadzor.

To exercise your rights, email privacy@letstrip.to. You can update profile fields in Account settings.

12. Security

We use HTTPS, session-based authentication, and CSRF protection for mutating requests. No method of transmission or storage is completely secure; we apply measures appropriate to the risk.

13. Children

The Service is not directed at persons under 16. We do not knowingly collect their personal data.

14. Changes

We may update this Policy by publishing a new version on this page with an updated effective date. Continued use after changes means you accept the updated Policy.

15. Contact

LetsTripTo LLC, Minsk, BY.

Privacy inquiries: privacy@letstrip.to. Learn more about the project on the About page.