The Trip Binder

Legal

Privacy Policy

Effective date: April 27, 2026 · Last updated: April 27, 2026

Your data is protected — the short version

  • All data encrypted in transit with TLS 1.3
  • Passwords stored only as cryptographic hashes — never readable
  • Medical document links expire after 60 minutes
  • Access enforced at the database layer, not just the app
  • No advertising trackers, no data selling — ever
  • FERPA & COPPA compliant by design

1. Who we are

The Trip Binder ("we," "us," or "our") is operated by Wondernook Studios LLC. We provide a mobile and web application that helps school organizers, chaperones, and parents manage student field trips — including rosters, itineraries, attendance, bus and hotel assignments, and trip communications.

2. Scope and who this policy covers

This policy applies to all users of The Trip Binder, including:

  • Organizers — teachers and school staff who create and manage trips
  • Chaperones — adults assigned to supervise students on a specific trip
  • Guardians — parents and legal guardians who manage a child's profile
  • Travelers — students who join a trip directly using a join code

Students whose records are imported from a school roster do not create accounts and are not direct users of the service. Their data is managed on their behalf by organizers and guardians.

3. Information we collect

3a. Account information

When you create an account, we collect your first and last name, email address, and password (stored as a secure hash — we never store your password in plain text). If you sign in with Google, we receive your name and email from Google's authentication service. Travelers may also provide a date of birth for identity verification during the trip-join process.

3b. Student records

Organizers import student rosters containing, at minimum, each student's name and optionally: date of birth, emergency contact names and phone numbers, dietary restrictions, medical conditions, allergies, current medications, physician contact information, insurance information, and a student photo.

Student records are stored in a three-layer model: a master record (owned by the guardian once claimed), per-organization sharing settings that control which fields are visible to organizers, and trip-specific overrides.

3c. Sensitive health and medical information

The app is designed to store health-related information about minors. This information is used solely to support student safety during trips. Signed access URLs for medical documents expire after one hour, and access is strictly limited to the organizing school's authorized staff and the student's linked guardian.

3d. Trip and activity data

We collect trip details you create or join: trip name, destination, dates, itinerary events, chaperone group assignments, bus and hotel room assignments, attendance records, and inventory items. Chat messages and photo attachments sent within the app are stored on our servers.

3e. Device and notification data

If you grant permission, we collect a device push notification token to send you real-time alerts about trip activity. This token is removed when you sign out or delete your account.

3f. Automatically collected information

We do not run advertising trackers or sell usage analytics. Our infrastructure providers may collect standard server logs including IP addresses and browser/device type for security and reliability purposes.

4. How we use your information

We use the information we collect only to:

  • Operate the app and provide the services you request
  • Enable communication between organizers, chaperones, and guardians
  • Send push notifications and email alerts about trips you belong to
  • Verify identity during the guardian claim flow
  • Generate trip calendars, export rosters, and produce trip materials on your behalf
  • Maintain an immutable audit log of meaningful changes to student records for accountability and FERPA compliance
  • Diagnose technical issues and improve the service

We do not use your data or student data for advertising, marketing profiling, or any purpose unrelated to trip management.

5. Student educational records and FERPA

Student roster data imported by school-affiliated organizers may constitute "education records" under FERPA. The Trip Binder acts as a service provider processing these records on behalf of the school. We do not independently disclose education records to third parties and process them only as directed by the school.

6. Children's privacy (COPPA)

The Trip Binder is designed to comply with COPPA. Students do not create accounts or directly interact with the service as registered users. Student data is provided by school organizers and managed by linked guardians.

If you believe a child has submitted personal information to us without appropriate authorization, please contact us at [email protected] and we will delete it promptly.

7. Third-party services we use

We use the following infrastructure providers:

  • Supabase — database, authentication, file storage, and real-time messaging. Data is stored on servers hosted on Amazon Web Services (AWS).
  • Google Firebase — push notification delivery via Firebase Cloud Messaging.
  • Google Sign-In — optional authentication. We store only your name and email, not your Google account password.
  • Google Drive / Sheets — used only when an organizer explicitly imports a roster from Google Sheets.
  • Open-Meteo — weather forecasts. We send only the destination city name. No personal information is transmitted.

8. How we share information

We do not sell, rent, or trade your personal information or student data. Information is shared only:

  • Within the app by design — organizers see only authorized fields, chaperones see only assigned students, guardians see only their own children
  • With infrastructure providers listed in Section 7, under data processing agreements
  • When required by law, court order, or legal process
  • In connection with a merger, acquisition, or sale of assets, with prior notice

9. Data security

  • All data is transmitted over HTTPS/TLS encryption
  • Passwords are hashed using industry-standard algorithms; we never store plaintext passwords
  • Database access is governed by Row-Level Security (RLS) policies at the storage layer
  • File access uses time-limited signed URLs: medical documents expire in 1 hour, permission slips in 7 days, and trip photos in 30 days
  • Guardian claim tokens are stored only as SHA-256 hashes
  • File uploads are validated against their actual file type

10. Data retention

  • Account information: retained while your account is active; deleted within 30 days of account deletion.
  • Student records: retained while the owning guardian's account is active, or until the guardian deletes the record.
  • Trip data: retained for the life of the organizer's account. Organizers may delete a trip at any time.
  • Chat messages and attachments: retained for the life of the trip.
  • Audit logs: retained for as long as the associated student record exists.

11. Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal data, or to restrict how we process it. To exercise any of these rights, contact us at [email protected]. California residents have additional rights under CCPA/CPRA. EU/EEA residents have rights under GDPR.

12. Guardian rights over student data

Guardians who have claimed a student record have the right to view, edit, and control sharing of all information in their child's record, and to request deletion at any time.

13. Changes to this policy

We may update this policy to reflect changes in our practices or applicable law. We will notify you of material changes by posting a notice in the app and updating the effective date above.

14. Contact us

Wondernook Studios LLC
[email protected]