Legal
Privacy Policy
Last updated: March 9, 2026
Introduction
Welcome to toto ("we", "our", or "us"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our website at tototrip.com and related services (the "Service").
By using toto, you agree to the collection and use of information in accordance with this policy.
Information We Collect
We collect minimal information to provide you with the best travel planning experience:
- Conversation Data — When you chat with our AI assistant, your messages and the AI's responses are processed to generate travel advice. If you are signed in, conversations are stored securely in our database so you can access them later.
- Local Storage — We use your browser's localStorage to save your preferences (theme, language, recent searches). This data never leaves your device.
- Account Information — If you choose to create an account (via Google or email), we store your name, email address, and profile picture to personalize your experience.
- Usage Analytics — We may collect anonymous, aggregated usage data (page views, feature usage) to improve the Service. No personally identifiable information is included.
Cookies
toto does not use tracking cookies. We use localStorage for preference storage and session-based authentication tokens. No third-party advertising or tracking cookies are placed on your device.
Third-Party Services
To provide AI-powered travel advice, we send your conversation messages to Google Gemini AI for processing. Google processes your data in accordance with their own privacy policies.
We also use the following third-party services:
- Authentication providers (Google OAuth) — for account sign-in
- Supabase — for secure data storage and authentication
- Vercel — for hosting infrastructure
Data Retention
Conversation data for signed-in users is retained until you delete it or delete your account. Local storage data persists in your browser until you clear it manually. Anonymous usage data is retained in aggregate form indefinitely.
Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. All data in transit is encrypted using TLS/SSL.
Your Rights
You have the right to:
- Access — Request a copy of the personal data we hold about you
- Delete — Request deletion of your account and associated data
- Portability — Export your conversation history
- Correction — Update or correct your personal information
Children's Privacy
Our Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the 'Last updated' date.
Contact Us
If you have any questions about this Privacy Policy or your personal data, please contact us at hello@tototrip.com.