We don't sell your data
Not to advertisers. Not to data brokers. Not to anyone. Ever.
What we collect
- Account information: Your email address, used for authentication and email forwarding
- Travel data: Itineraries, accommodation details, credentials, and documents you add or forward to the app
- Forwarded emails: Booking confirmations you forward to trips@stateless.zip, parsed into structured itinerary data
- Device information: Device name and sync metadata for multi-device support
What we don't collect
- We never access your inbox. Email ingestion is forward-only — you choose what to send
- We don't track your location
- We don't run analytics on the app
How we use it
- Parse forwarded booking emails into structured itinerary data
- Sync your data across your devices
- Authenticate your account via email verification
That's it. Your data exists to serve you, not us.
Storage and security
Your data is stored locally on your device and synced to our servers for multi-device access. Data in transit is encrypted via TLS. We use Cloudflare for hosting, database, and object storage.
Third parties
- Cloudflare: Hosting, edge compute, database (D1), and object storage (R2)
- Resend: Transactional email (verification codes)
- OpenAI: Email parsing (forwarded email content is sent for extraction)
These services process data only as needed to operate the app.
Your rights
- Request a copy of your data
- Request deletion of your account and all associated data
- Stop forwarding emails at any time — we only process what you send
Contact privacy@stateless.zip to exercise any of these.
Changes
If this policy changes, we'll update this page. Material changes will be noted here with an updated date.