TripCircle

TripCircle Security Policy

December 29, 2025

Our Commitment

At TripCircle, we protect your information with industry-standard security practices. Your data, your groups, and your experience matter, and this policy explains how we safeguard them.

1. Data Protection

Encryption: All sensitive data is encrypted in transit and at rest. We use TLS for data in transit and AES-256 or stronger encryption for stored data.

Credential Security: Passwords are salted and hashed using modern, secure hashing algorithms. We never store plain-text passwords.

Access Controls: Only vetted TripCircle personnel with a legitimate business need can access user data. All internal access requires multi-factor authentication and strict logging.

Data Minimization: We only collect what is necessary for platform functionality and delete unnecessary data.

2. System Security

Logging and Monitoring: We track authentication events, suspicious behavior, and system anomalies. Our systems alert us to unusual access patterns.

API and Application Security: We use rate limiting, authentication tokens, and abuse monitoring to protect APIs. We run periodic internal security scans.

Third-Party Providers: We only use reputable infrastructure providers. Each provider must meet strict security and privacy expectations.

3. Software Development

We have adopted a software development lifecycle to maintain and improve the security of our platform.

Our developers use secure programming languages and techniques.

We employ human code reviews and automated analysis tools to identify security risks in our code.

4. Beta-Stage Notice

TripCircle is in Beta. Beta software may have bugs or incomplete features. We actively monitor for issues and improve security as we scale.

5. Service Providers

We may use third-party services for hosting, analytics, error monitoring, and communications. Each service provider's privacy and security practices are reviewed before integration.

6. Incident Response

If a potential security incident occurs, we will:

  • Immediately isolate affected systems.
  • Fully investigate and determine if and when a breach occurred, as well as its scope.
  • Notify affected users and/or regulatory entities, as appropriate, and if necessary.
  • Provide guidance on protective steps.
  • Promptly take remedial actions.

7. User Responsibilities

  • Use a strong password and keep it private.
  • Report suspicious activity immediately to support@tripcircle.us.

8. Data Retention

We retain data only as long as needed for platform functionality or legal requirements. Users can request deletion at any time.

9. Contact

support@tripcircle.us