← Back to Home

Privacy Policy

Effective: April 27, 2026 · Last updated: April 27, 2026

This Privacy Policy explains how Oxygen Trips Inc. (“Oxygen,” “we,” “us”) handles personal data when you use the Oxygen app, our websites at oxygentrips.com and app.oxygentrips.com, and our iOS and Android applications (together, the “Service”).

Notice at Collection (California residents)

We collect the categories of personal information described in §2 for the purposes described in §3 and retain each category for the period described in §9. We do not sell or share your personal information, and we do not collect or use sensitive personal information in ways that would trigger the Right to Limit under CCPA / CPRA. See §10.1 for the rights you have and how to exercise them.

At a glance

What we collect: the data you give us to plan and share trips (account info, trip content, files, payments) plus standard technical data needed to run the Service.

Why: to operate the Service, secure your account, process payments, parse forwarded emails and PDFs into itineraries, and improve product reliability.

Who we share with: only the vendors we need to run Oxygen (listed in §6) and the people you choose to share trips with. We do not sell your personal data. We do not share it for cross-context behavioral advertising.

Your rights: you can access, export, correct, or delete your data at any time. EEA, UK, California, Colorado, Quebec, and other residents have additional rights described in §10.

Reach us: email privacy@oxygentrips.com or write to us at the address in §15.

1. Who we are

Oxygen Trips Inc. is a Colorado corporation headquartered at 4645 E Florida Ave, Denver, CO 80222, United States. For purposes of the EU and UK General Data Protection Regulations (GDPR / UK GDPR), we are the controller of the personal data we collect about you through the Service, except where we act as a processor on behalf of another organization (for example, when an admin invites you to a shared trip).

We have not appointed an EU or UK Article 27 representative at this time. Residents of the EEA and the UK who wish to exercise their rights can do so by contacting us directly using the details in §15; we respond to all verifiable requests in line with GDPR / UK GDPR timelines.

2. Data we collect

We collect personal data in the following categories. We collect only what we need to run the Service, and we tell you what each category is used for in §3.

2.1 Account information

When you create an account, our authentication provider Clerk collects your email address, first name, last name, profile image (if you upload one), and a unique Clerk user ID. We receive these fields from Clerk via secure webhook and store them in our user database. If you choose to sign in with Google or Microsoft, the chosen identity provider receives a sign-in request from Clerk on your behalf and returns your email address; we do not store OAuth refresh tokens.

2.2 Trip content you create

Anything you put into a trip in Oxygen — trip names, dates, descriptions, flight and accommodation details, activities, notes, comments, uploaded files, the people you add to the traveler list, and the permission level (read, edit, admin) you assign to each — is stored on our servers so we can display it back to you and the people you share with.

This includes booking references and confirmation numbers (flight, train, hotel, car-rental), which we treat as sensitive: they are visible only to you and to collaborators with edit or admin permission, and are redacted from public trip pages and share-link views.

When you have a shared trip open, other collaborators on that trip can see your real-time presence — your name, which view you are on, and which block you are editing — for as long as you have the trip open.

2.3 Forwarded emails and uploaded PDFs

If you forward a confirmation email to trips@oxygentrips.com, we receive that email through our inbox at Microsoft 365 (via Microsoft Graph), pass the body to Google’s Gemini API for AI parsing, and store the resulting structured itinerary in your trip. We similarly extract text from PDF attachments you upload or forward and send that text to Gemini for parsing into itinerary blocks. The original email body is retained only as long as needed for parsing and audit purposes (up to 30 days), and is then deleted from our systems.

Important. Forwarded emails and uploaded PDFs often contain other people’s personal data (fellow travelers, hotel staff, drivers). By forwarding or uploading, you confirm you have the right to share that information with Oxygen for itinerary parsing. See §7 of our Terms of Service.

2.4 Payment information

If you subscribe to a paid plan or redeem a one-time upgrade, payments are processed by Stripe. We never see or store your full card details. We retain your Stripe customer ID, subscription status, current period end, and cancellation date so we can grant the right level of access. Lifetime-access redemption codes (if applicable) are also stored against your account.

2.5 Technical and device data

When you use Oxygen, our servers and our error-tracking partner Sentry automatically receive technical information needed to operate the Service. Sentry, in particular, receives the URL path you were on (which includes trip identifiers), a breadcrumb trail of your recent navigation, browser metadata, and — when available — your Oxygen user ID alongside the error stack. We sample 10% of traces to keep volumes manageable.

2.6 Cookies and local storage

We use a small set of strictly necessary cookies and local-storage entries to keep you signed in (Clerk session tokens), remember your preferences, and cache the app shell so it loads quickly. We do not use third-party advertising cookies, marketing pixels, or cross-site trackers. See §12 for the full breakdown.

2.7 Communications

If you email us, fill in a contact form, or interact with our support team, we keep the message and any attachments so we can respond and improve our help. We deliver transactional and product email through Resend.

2.8 Sensitive personal information we do not collect

We do not collect “sensitive personal information” as defined by CPRA §1798.140(ae) — government-issued identifiers, account-login credentials in combination with passwords, precise geolocation, racial or ethnic origin, religious beliefs, genetic data, biometric data, health information, or contents of mail or texts not directed to us. We also do not collect special categories of personal data under GDPR Article 9. Please do not upload any of these to Oxygen.

3. How we use your data

We use the data described in §2 for the following purposes:

  • Provide the Service: create your account, store your trips, share trips with collaborators, deliver real-time updates and notifications.
  • Process payments: create and manage your subscription with Stripe and grant the access tier you paid for.
  • Parse forwarded emails and uploaded PDFs: convert confirmations into structured itinerary blocks using Google Gemini.
  • Show maps and trip imagery: render maps via Google Maps and suggest cover photos via Unsplash.
  • Show flight and travel-data context: query AeroDataBox, Airlabs, and FlightAware to enrich your itinerary with airline, aircraft, and route information.
  • Communicate with you: send confirmation emails, security alerts, important account notices, product updates, and (if you have not opted out) occasional marketing emails about new features.
  • Keep the Service secure and reliable: detect and respond to abuse, debug crashes via Sentry, and meet our legal and regulatory obligations.
  • Improve the Service: aggregated, de-identified analytics so we can prioritize what to build next.

5. AI and automated processing

Oxygen uses Google’s Gemini API (currently the Gemini 2.0 Flash Lite model) to extract structured itinerary data from emails you forward to trips@oxygentrips.com and from PDF attachments you upload or forward. The content is sent to Google’s servers in the United States solely for the purpose of generating a structured response that we save to your trip.

For transparency under GDPR Article 13(2)(f): Gemini parses email and PDF content into structured fields (dates, locations, confirmation numbers) using a large-language model; the outputs are saved to your trip without further automated decisions about you. Per Google’s API terms, content sent through the paid Gemini API is not used to train Google’s generative-AI models.

Oxygen does not make decisions about you based exclusively on automated processing that would produce legal or similarly significant effects, so the processing described here does not constitute automated decision-making under GDPR Article 22 or under Quebec Law 25 s. 12.1. If that ever changes for Quebec residents, we will notify you at the time of the decision and offer the opportunity to submit observations to a human reviewer, as required by Law 25 s. 12.1.

6. Sub-processors and vendors

We rely on the third parties listed below to deliver the Service. Each is bound by confidentiality and data-protection terms appropriate to the data they handle. Where required, we have signed Data Processing Agreements and rely on the transfer mechanism shown in the table.

VendorPurposeData handledRegionTransfer mechanismPrivacy policy
ClerkAuthentication & identityEmail, name, profile image, Clerk user IDUnited StatesEU-US DPF + SCCsLink
Google (identity provider)Optional social sign-in via ClerkSign-in event, email addressUS / globalEU-US DPFLink
Microsoft (identity provider)Optional social sign-in via ClerkSign-in event, email addressUS / globalEU-US DPFLink
Microsoft Entra IDOxygen staff authentication for the internal admin dashboardOxygen-employee identity tokens (no end-user data)United StatesEU-US DPFLink
StripePayments & subscription billingEmail, billing details (entered into Stripe)US / globalEU-US DPF + SCCsLink
Google (Gemini API)AI itinerary parsing of forwarded emails and uploaded PDFsEmail body / PDF text contentUnited StatesEU-US DPFLink
Google Maps PlatformMap rendering & geocodingPlace searches, approximate locationUS / globalEU-US DPFLink
Microsoft 365 / GraphForwarded-email ingestionForwarded email contentUnited StatesEU-US DPFLink
ResendTransactional & product emailRecipient email, message bodyUnited StatesSCCsLink
Cloudflare R2File & mobile-update storageFiles you upload to tripsUS / global edgeSCCsLink
SentryError tracking & crash reportingURL, breadcrumbs, browser metadata, user ID (10% sampled)United StatesSCCsLink
AeroDataBox, Airlabs, FlightAwareFlight schedule & status dataFlight numbers, dates queriedUS / globalSCCsLink
UnsplashTrip cover-photo suggestions (in app); image hotlinks (marketing site)Search keywords (in app); visitor IP / user-agent (marketing site)United StatesSCCsLink
jsDelivrStatic font CDN loaded by the appIP, user-agent on every authenticated sessionGlobal edgeSCCsLink
unpkgPDF.js worker CDN (loaded when viewing PDF attachments)IP, user-agentGlobal edgeSCCsLink
Microsoft AzureHosting, key management, deploymentAll categories above (in transit / at rest)United StatesEU-US DPF + SCCsLink

We may add or change sub-processors as the Service evolves. We will update this list before a new sub-processor begins handling your data and, where required, will notify you in advance.

7. How and when we share data

We share personal data only in these specific circumstances:

  • With sub-processors listed in §6, under contract, only to deliver the Service.
  • With other Oxygen users you choose — when you invite collaborators or share a trip via link, those people see the trip content (and, depending on the permission level you set, can edit it).
  • In a corporate transaction — if Oxygen is acquired, merged, or sells substantially all of its assets, your data may transfer to the acquirer, who will be bound by terms at least as protective as this policy.
  • Where required by law — to comply with valid legal process, protect our rights, prevent fraud, or address security or technical issues.

We do not sell your personal data. We do not share it with advertisers, data brokers, or for cross-context behavioral advertising.

8. International data transfers

Oxygen is operated from the United States and most of our sub-processors store data in the United States. If you are located in the EEA, the UK, Switzerland, Canada, or another country with data-export rules, your personal data will be transferred to the United States to deliver the Service.

Where the recipient is certified under the EU-US Data Privacy Framework (DPF) and its UK and Swiss extensions, we rely on that certification as the primary transfer mechanism. For non-DPF-certified vendors, we rely on the European Commission’s Standard Contractual Clauses (SCCs), the UK’s International Data Transfer Addendum (IDTA) for UK-origin transfers, and equivalent mechanisms. Before relying on these mechanisms, we conduct a Transfer Impact Assessment (TIA) considering the destination country’s laws and any supplementary measures needed.

Quebec residents: before transferring personal information outside Quebec, we conduct a privacy impact assessment as required by s. 17 of Quebec Law 25, considering the sensitivity of the data, the purpose of the transfer, and the protections in place at the destination.

You can request a summary of these safeguards by emailing privacy@oxygentrips.com.

9. Data retention and deletion

We retain each category of personal data only as long as needed for the purposes described in §3, or as required by law. The table below summarizes our retention periods by category.

CategoryRetention period
Account info (email, name, profile image, Clerk user ID)While your account is open; deleted within 30 days of account closure
Trip content (trips, blocks, files, notes, comments, traveler relationships)While your account is open; cascade-deleted on account closure
Forwarded email body (raw content sent to trips@oxygentrips.com)Up to 30 days post-parsing, then deleted
Uploaded files (Cloudflare R2)While the trip exists; deleted when the trip or account is deleted
Billing records (Stripe customer ID, subscription history)Up to 7 years after last transaction, as required by US tax and accounting law
Sentry diagnostics (sampled error context)Up to 90 days
Account-deletion audit log (counts and timestamps only, no personal data)Indefinitely, for compliance and abuse-prevention purposes
Support communications (emails to and from us)Up to 3 years

When you delete your account from inside the app, we cascade-delete the associated trip, file, note, comment, traveler, and Clerk-authentication data across our services. We keep an immutable audit-log entry recording that a deletion occurred and how many records were removed in each service; the entry contains no personal data — only counts and timestamps.

If a trip is shared and you delete your account, your authored content (such as comments) may be replaced with a tombstone reference to preserve the integrity of the shared trip for your collaborators, without identifying you.

10. Your rights

You have rights over your personal data. The exact list depends on where you live. To exercise any of them, email privacy@oxygentrips.com. We respond to verifiable requests within the timeframes required by applicable law (typically 30 days, extendable in complex cases). We will not discriminate against you for exercising any of these rights.

10.1 United States residents

If you live in California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, Washington, or another US state with a comprehensive privacy law, you have, to the extent applicable in your state of residence, the right to:

  • know what categories of personal data we have collected about you and obtain a copy;
  • delete personal data we hold about you;
  • correct inaccurate personal data;
  • obtain a portable copy of personal data you provided;
  • opt out of any “sale” or “sharing” of personal data and any “targeted advertising” (we do not engage in any of these — see §7);
  • opt out of profiling that produces legal or similarly significant effects (we do not engage in this either);
  • appeal a denial of a request — required in Colorado, Connecticut, Montana, Oregon, Texas, and Virginia. If we deny your request, we will provide instructions for appeal in the response;
  • not be discriminated or retaliated against for exercising any of these rights.

Washington residents have additional rights under the My Health My Data Act, although we do not collect health-related data as defined by that law.

Under California’s Shine the Light law, California residents may request a list of third parties with whom we share personal data for direct-marketing purposes. We have not shared personal data for those purposes in the preceding twelve months and do not intend to.

You can submit any of these requests yourself, or you can authorize an agent to do so on your behalf. We will need to verify the request by confirming basic account details before we act on it.

10.2 EEA, UK, and Swiss residents

Under the GDPR and UK GDPR, you have the right to:

  • access your personal data and receive a copy;
  • request rectification of inaccurate or incomplete data;
  • request erasure (the “right to be forgotten”);
  • restrict our processing in certain circumstances;
  • object to processing based on our legitimate interests;
  • receive your data in a portable, machine-readable format;
  • withdraw consent at any time where we relied on consent;
  • lodge a complaint with your local supervisory authority. EEA residents may file a complaint with the supervisory authority of their member state of habitual residence (a directory is maintained by the European Data Protection Board at edpb.europa.eu); UK residents may contact the Information Commissioner’s Office at ico.org.uk.

10.3 Canadian and Quebec residents

If you are in Canada, you have rights under the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy law. These include the right to access, correct, and withdraw consent for use of your personal information, and the right to file a complaint with the Office of the Privacy Commissioner of Canada.

If you are a Quebec resident, you have additional rights under An Act respecting the protection of personal information in the private sector (Quebec Law 25), including the right to data portability and the right to request that we stop disseminating personal information that infringes your rights. As described in §5, Oxygen does not make decisions about you based exclusively on automated processing; if that ever changes, we will notify Quebec residents at the time of the decision and offer the opportunity to submit observations to a human reviewer, as required by Law 25 s. 12.1.

Our Privacy Officer (responsible for the protection of personal information for Quebec purposes) is reachable at privacy@oxygentrips.com or by mail at the address in §15.

11. Children

Oxygen is not directed to children. We do not knowingly collect personal data from children under 13 in the United States or under 16 in the EEA, the UK, or Switzerland. Parents or guardians who believe a child under 13 has provided personal data may contact us at privacy@oxygentrips.com to review the data, refuse further collection, or have it deleted, in line with the Children’s Online Privacy Protection Act (16 C.F.R. §312).

12. Cookies and local storage

We use the following categories on the Service:

  • Strictly necessary — session cookies and tokens set by Clerk so you can stay signed in; a small number of cookies and local-storage entries that store your in-app preferences and the progressive-web-app cache.
  • Diagnostic — entries used by Sentry to associate a crash with the right session for debugging.

We do not use third-party advertising or marketing trackers, pixels, fingerprinting, or cross-site trackers. Diagnostic entries set by Sentry are loaded only after you have authenticated and have an active Service contract with us. If we ever ship a public, pre-login product surface that triggers ePrivacy obligations in the EEA or UK, we will add a cookie-consent layer for visitors from those regions before doing so.

You can clear cookies and storage at any time in your browser settings; doing so will sign you out and may affect performance until the cache is rebuilt.

13. Security and staff access

We protect your data with industry-standard measures: TLS encryption in transit, encryption at rest for our databases and file storage, hardened authentication via Clerk (with optional multi-factor authentication on your account), a managed secrets store via Microsoft Azure Key Vault, and least-privilege access controls for our team. We do not store full payment-card numbers; Stripe handles that on PCI-compliant infrastructure. Trip share-protection passwords are stored hashed and are not recoverable.

Authorized Oxygen personnel can access user account data (email, name, subscription status, list of trips, and billing metadata) through an internal admin dashboard secured by Microsoft Entra ID. Access is logged and limited to staff with a documented business need (support, billing, abuse investigation).

No system is perfectly secure. If we ever experience a personal-data breach, we will notify affected users and regulators in line with applicable law — including, where required, GDPR Articles 33 and 34 within 72 hours; the Office of the Privacy Commissioner of Canada and affected individuals as required by PIPEDA’s Breach of Security Safeguards Regulations; and the breach notification laws of US states (including, where applicable, Cal. Civ. Code §1798.82, NY GBL §899-aa, and the comparable laws of other states).

14. Changes to this policy

We may update this Privacy Policy as the Service evolves or as the law requires. When we make material changes, we will post the new version on this page, update the “Last updated” date, and notify active users by email at least 30 days before the changes take effect. Your continued use of the Service after the effective date means you accept the updated policy.

15. How to contact us

For privacy questions, requests, or complaints, reach us at:

Oxygen Trips Inc.

Attn: Privacy Officer

4645 E Florida Ave

Denver, CO 80222, USA

Email: privacy@oxygentrips.com