1. Data Protection

We implement multiple layers of security to protect your personal and financial information:

• Encryption in Transit: All data sent between your device and our servers is encrypted using HTTPS/TLS
• Encryption at Rest: Your data is encrypted when stored in our secure databases
• Secure Infrastructure: Our application runs on secure, regularly updated servers
• Access Controls: Strict access controls ensure only authorized personnel can access systems

2. Authentication Security

We use magic link authentication to keep your account secure:

• No Password Storage: We don't store passwords, eliminating password-related security risks
• Secure Login Links: Login links are time-limited and single-use for maximum security
• Email Verification: Access is only granted through verified email addresses
• Session Management: Secure session tokens with automatic expiration

3. Data Minimization

We follow the principle of data minimization:

• We only collect information necessary for the service to function
• Financial data stays within your trip groups - we don't share it with third parties
• No credit card or banking information is stored or processed
• Trip data is only accessible to invited collaborators

4. Regular Security Measures

We maintain security through ongoing practices:

• Regular Updates: We keep all systems and dependencies up to date
• Security Monitoring: Continuous monitoring for suspicious activities
• Code Reviews: All code changes undergo security-focused reviews
• Backup Systems: Regular encrypted backups ensure data recovery capabilities

5. Your Security Best Practices

Help us keep your account secure by following these recommendations:

• Keep your email account secure with a strong password and two-factor authentication
• Don't share magic login links with others
• Log out from shared or public computers
• Only invite trusted collaborators to your trips
• Report any suspicious activity immediately

6. Incident Response

In the unlikely event of a security incident:

• We will investigate and contain the issue immediately
• Affected users will be notified within 24 hours
• We will provide clear information about what happened and what we're doing
• Any necessary remediation steps will be communicated clearly

7. Third-Party Services

We carefully select and monitor third-party services:

• All third-party services undergo security assessment
• Data sharing is limited to what's necessary for functionality
• We maintain data processing agreements with service providers
• Regular reviews ensure continued compliance and security

8. Data Retention and Deletion

We respect your right to control your data:

• You can delete your account and all associated data at any time
• Trip data is permanently deleted when all collaborators leave
• We don't retain data longer than necessary
• Secure deletion procedures ensure data cannot be recovered

9. Compliance

We are committed to meeting relevant security and privacy standards:

• GDPR compliance for European users
• Industry-standard security practices
• Regular security assessments and improvements
• Transparent reporting of our security measures

10. Report Security Issues

If you discover a security vulnerability or have concerns:

11. Questions?

If you have questions about our security practices or need assistance:

Email: support@split-the-trip.com
We're here to help ensure your data stays safe and secure.