Your data,
your control.

When you sign up via Clerk, we receive your name, email address, and profile photo. We store these in our own database to associate you with your trips and activities inside Tabi.

Everything you create inside Tabi trips, itineraries, activities, expenses, checklists, reservations, comments is stored in our MongoDB database and linked to your account.

Files you upload (flight tickets, hotel confirmations, etc.) are stored on Cloudinary. We store the resulting URL and metadata in our database.

Standard server logs IP address, browser type, pages visited, timestamps. We use this to keep the service running and to debug issues. We do not build ad profiles from this.

Your data powers your experience showing your trips, syncing with collaborators in real time, calculating budget splits, storing your files. That's the primary use.

We use your email to send you notifications (invite accepted, new comment, etc.).

Aggregate, anonymized usage patterns help us understand which features people actually use. We never analyse individual behaviour to serve you ads.

When you invite someone to a trip, they can see your name, photo, and activity within that trip. You control who you invite.

We use Clerk (auth), MongoDB Atlas (database), Cloudinary (file storage), and Hostinger (hosting). These are processors, not data buyers they operate under their own privacy policies and only process what's necessary.

We'll share data if required by law, a court order, or to protect the safety of our users. We'll tell you if we can.

We don't sell your data. We don't share it with advertisers. We don't broker it. Full stop.

Clerk uses cookies to keep you logged in. These are strictly necessary and disappear when you log out or your session expires.

We don't run Google Analytics, Meta Pixel, or any third-party tracking script. If that changes, we'll update this page and let you know.

You can view all the data tied to your account inside Tabi at any time.

You can send an email to atharvdange.dev@proton.me and we'll remove your personal data from our systems within 30 days. Trip data you created may remain in anonymized form if other members have a legitimate need for it.

Want your data? Reach out and we'll put together an export. We're a small team so give us a few days.

Your name and photo come from your social accounts update them there and the change propagates to Tabi automatically.

Authentication is handled entirely by Clerk, which uses industry-standard JWT sessions with automatic rotation. We never store passwords.

All traffic between your browser and our servers runs over HTTPS. Data at rest is encrypted by MongoDB Atlas and Cloudinary.

Every API route on our backend requires a valid Clerk session token. Trip data is gated by role if you're not a member of a trip, you can't access it.