TripSkip — Privacy Policy (California Notice at Collection)

Last Updated: October 28, 2025

This Privacy Policy describes how North Bay Digital Holdings LLC dba TripSkip ("TripSkip," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our websites, apps, and services (the "Services"). We operate in and are subject to California law, including the CCPA/CPRA.

Notice at Collection (Summary)

Categories: identifiers & device data; commercial/transactional data; internet/usage data; integration data; aggregated market telemetry; communications/support.

Purposes: provide secure Services; billing; analytics; market insights (de‑identified); communications; compliance.

Retention: operational PII ~24 months after inactivity; event logs ~36 months; de‑identified market data—indefinite.

We do not sell personal information; we may “share” identifiers with analytics/ads partners—opt‑out at “Do Not Sell or Share My Personal Information” and via Global Privacy Control (GPC), which we honor.

1. Scope

This Policy applies to information we process about website visitors, account holders (hosts and guests), and business contacts. It does not apply to third‑party services you connect (e.g., PMS) or to sites we do not operate.

2. What We Collect (Categories)

  • Identifiers & device data: pseudonymous user/account IDs, session/request IDs, device/OS/browser, IP‑derived city/ZIP, language, time zone, UTM parameters.
  • Commercial & transactional data: subscription tier, invoices, proration/upgrade charges, refunds, booking events (pseudonymous booking/listing IDs; no card numbers).
  • Internet/usage data: pages viewed, searches, clicks, map interactions, performance telemetry, API status/latency, error diagnostics.
  • Integration data: PMS connection status/metadata (Hostaway/Guesty/OwnerRez/Lodgify), listing counts, calendar sync status.
  • Aggregated market telemetry (non‑PII): per‑city search demand, price percentiles, occupancy/cancellation benchmarks, PMS share estimates.
  • Communications & support: support requests, admin actions, consent preferences and GPC.

We do not intentionally collect sensitive categories or children’s data.

3. Sources

Directly from you (account creation, settings), your devices (cookies/SDKs), integrated PMS systems you connect, payment processors (Stripe metadata), and service providers (fraud/ID vendors, analytics).

4. How We Use Information

  • Provide and secure the Services; onboarding; PMS imports; bookings; fraud prevention.
  • Billing and account management; proration; tax calculation.
  • Analytics and product improvement (journey analysis, performance telemetry).
  • Create and use De‑identified Data for aggregate market insights (k≥20, hashing/bucketing, no re‑identification).
  • Service communications (announcements, onboarding, compliance).
  • Legal compliance and enforcement.

5. Our Role vs. Your PMS (Controller vs. Service Provider)

When you direct us to import data from your PMS, we act as your service provider/processor and process that data only to provide the Services and at your direction. For our platform analytics, security, and billing data, we act as an independent business/controller.

6. Sharing & Disclosure

We share with service providers/processors (hosting, analytics, payments, fraud/ID, support) under contracts limiting use to our instructions; with integration partners at your direction; with business transferees (e.g., merger/acquisition); and with legal authorities as required by law.

Sale/Share. We do not sell personal information. We may engage in “sharing” (as defined by CPRA) for cross‑context behavioral advertising limited to analytics; you may opt‑out via our Do Not Sell or Share My Personal Information link and through GPC signals, which we honor.

7. Cookies & Similar Technologies

We use necessary cookies and analytics SDKs. In certain regions (e.g., EU/UK), we obtain consent before setting non‑essential cookies. Manage preferences in the Privacy Center.

8. Retention

Operational PII is generally retained for ~24 months after account inactivity; event/analytics logs ~36 months, then aggregated or deleted. Aggregated market data may be retained indefinitely in de‑identified form.

9. Your Choices & Rights

California and other regions may grant rights to access/know, correct, delete, opt‑out of sale/share, limit use of sensitive information (not collected), and non‑discrimination. We honor Global Privacy Control (GPC) signals as an opt‑out of sale/share.

How to exercise: use in‑product tools or email privacy@tripskip.com. Authorized agents may submit requests with valid authorization. We respond within statutory timelines. If we deny your request, you may appeal by emailing privacy@tripskip.com with subject “Appeal.”

10. SMS/Email Communications

We send service emails related to your account. We send marketing emails/SMS only with your opt‑in. Text STOP to opt out; HELP for help. Message and data rates may apply.

11. Security

We employ reasonable and appropriate safeguards, including encryption in transit and at rest, role‑based access, audits, and vendor due diligence. No method is 100% secure.

12. Children

The Services are not directed to children under 13, and we do not knowingly collect information from them. If you believe a child has provided information, contact us to remove it.

13. International Transfers

We process information in the United States and other countries as needed to provide the Services, applying safeguards consistent with this Policy.

14. Changes

We may update this Policy. Material changes will be posted with an updated “Last Updated” date and, where required, additional notice.

15. Contact

Privacy Requests: privacy@tripskip.com
DMCA/IP: legal@tripskip.com
Address: North Bay Digital Holdings LLC dba TripSkip, 1401 21ST ST STE R, Sacramento, CA 95811