TripLog

Privacy

Your miles are yours.

A trip journal is a location history — where you slept, who you traveled with, what you said at the viewpoint. That is among the most personal data there is, and TripLog treats it that way: stored securely, kept private to your organization, never sold, and yours to export or delete whenever you want.

Last updated June 11, 2026.

The short version: TripLog is a hosted service you sign up for and use in your browser or on your phone — nothing to install. Your trails, journals, and photos are stored securely, your organization's data is isolated from every other org, and there are no ads, no third-party analytics, and no trackers. We never sell your data, and everything exports to open formats whenever you ask.

What TripLog stores

Only what you put into it, all of it in service of the journal:

  • Account basics — your email address, display name, role, and a salted hash of your password. Plain-text passwords are never stored.
  • Track points — coordinates, altitude, speed, heading, and timestamps recorded while you have tracking turned on. Tracking is opt-in, per device, and stops the moment you switch it off.
  • Journal entries and places — the text you type or dictate, with the time, mood, and location you attach.
  • Media — the photos, video, and audio you upload, along with EXIF location and capture time read from image files so they land in the right place on your map.

TripLog records nothing behind your back: no usage analytics, no behavioral profiles, no advertising identifiers, and no contact-list or photo-library scanning. The mobile app touches your camera roll and microphone only when you explicitly use them.

Where your data lives

Your trails, journals, and media are stored securely on the TripLog service. Each organization's data is isolated from every other org, so your team's travel history is never mingled with anyone else's. There are no ads, no third-party analytics, and no trackers in the data path, and your data is never sold. Your complete history is yours to export to open formats at any time, and you can delete your content whenever you choose.

Who can see your trips

Only people in your org, and only as far as their role allows. Members see the org's shared trips but can change only their own records; viewers are read-only; owners and admins manage the org. Every request is checked against these permissions.

Orgs are isolated by construction: every record belongs to exactly one org, every query is scoped to the org you signed in with, and cross-org access is not a setting that exists. No org can ever see another org's data.

Dictation and speech-to-text

Honesty matters here: TripLog itself never sends your voice anywhere. The dictate button uses the speech recognition built into your browser or phone, and on some platforms the operating-system vendor processes that audio (for example, browser-based recognition in Chrome). If that trade-off isn't right for you, skip the button — typed entries are identical in every other way, and TripLog only ever stores the finished text.

Photos and EXIF

When you upload an image, TripLog reads its EXIF metadata to place it at the right coordinates and moment automatically. That data stays private to your org like everything else. Anything you enter by hand — a caption, a corrected location, a time — always overrides what the file claimed.

Passwords, sessions, and transport

Passwords are stored only as salted PBKDF2 hashes. Signing in issues a signed token that expires after seven days, and every API request — including fetching photos and video — requires it. Media files are never served to anonymous visitors.

The service is served over HTTPS, so your trails and tokens are encrypted in transit between your browser or phone and TripLog. You never have to configure any of this — it is part of the hosted service.

Export and deletion

Nothing is held hostage. Any trip exports at any time as GPX 1.1, GeoJSON, or a complete JSON dump — open formats your other tools already read. Records you delete disappear from the app immediately for everyone in the org. You are never locked in: take your complete history with you in open formats whenever you like, and your org's owners and admins can permanently purge the org's content when they choose.

Why registration is restricted

While TripLog is in early access, registration is limited to approved accounts rather than open to the public. This is deliberate access control: it means everyone who can sign in was meant to be there, rather than the service accumulating strangers' accounts. Joining an existing org additionally requires its invite code.

Changes to this page

If TripLog's data practices ever change, this page changes with them, with the date above updated. The core promise — private and portable: your data isolated per org, no ads or third-party analytics, never sold, and always exportable in open formats — is the product's foundation, not a policy that can quietly drift.

On your terms

Private and portable, by design.

Start a trip knowing your data stays private to your org and is yours to take anytime.

Open the app Read the FAQ