Get started
Privacy

Privacy Policy

Plain-English, no dark patterns. What we collect, why, who sees it, and how to get it deleted.

Last updated: June 15, 2026

1. Who we are

Vrolu is operated by Vrolu LLC ("Vrolu", "we", "us"). Vrolu is a live shared dashboard for group trips. This policy explains how we handle personal information across our website and service. Questions? Email us at privacy@vrolu.com.

2. What we collect

  • Account information — your email address, and a name if you provide one. Accounts can be created with email, Google, or Apple sign-in.
  • Trip content you enter — trip names, traveler names, flight numbers, airports and dates, and itinerary events (titles, times, locations, addresses, notes, links).
  • Traveler & notification data — the email addresses of people you invite to a trip, and the notification preferences of anyone who opts in to flight or event alerts.
  • Payment data — when you publish a trip, payment is processed by Stripe. We receive a confirmation and limited transaction details; we never see or store your full card number.
  • Technical data — standard server logs and diagnostics (IP address, browser type, timestamps, error traces) used to operate, secure, and debug the service.

3. How we use it

  • To run the product — build trips, track flights, send the reminders and alerts you ask for.
  • To deliver the shared dashboard to the travelers you invite.
  • To process the one-time publish fee and handle refunds.
  • To keep the service secure, prevent abuse, and fix problems.
  • To send transactional email (invites, flight changes, receipts). We don't send marketing email without your opt-in.

4. The shared trip link & access

Trips are invite-only. A published trip's link (/t/{slug}) does not expose data to anyone who simply has the URL — viewers sign in, and we only show the trip to the organizer and to people whose email matches a traveler invited to that trip. Public trip pages are marked noindex so search engines don't list them. This is deliberate: travel details (who's flying where, and when) can be sensitive, and a forwarded screenshot or leaked link shouldn't reveal them.

5. Who we share it with

We do not sell your personal information, and we don't run advertising trackers on travelers. We share data only with the service providers ("subprocessors") that make the product work:

  • Microsoft Azure — hosting, database, application monitoring, and transactional email (Azure Communication Services).
  • Stripe — payment processing for the publish fee.
  • FlightAware — live flight status data for the flights you add.
  • Google Maps Platform — address lookup/autocomplete when you add a location to an event.
  • Cloudflare — bot/abuse protection on sign-up and sign-in forms.

Each provider handles data under its own terms and only as needed to provide its function. We may also disclose information if required by law or to protect the safety and rights of our users.

6. Retention

We keep your data while your account is active and for as long as needed to operate the service and meet legal, accounting, and security obligations. When you delete your account, we delete or anonymize your personal data, except where we're required to retain certain records (for example, payment records for tax purposes).

7. Your choices & rights

  • Access & deletion. You can download or delete your personal data anytime from your account settings, or by emailing privacy@vrolu.com.
  • Notifications. Every alert email has a one-tap unsubscribe.
  • Regional rights. Depending on where you live (e.g. the EEA/UK under GDPR, or California under CCPA/CPRA), you may have additional rights to access, correct, port, or delete your data, and to object to certain processing. Email us to exercise them.

8. Cookies

We use cookies that are necessary to run the service — chiefly to keep you signed in and to protect forms against abuse. We don't use third-party advertising or cross-site tracking cookies.

9. Children

Vrolu isn't directed to children under 13 (or the equivalent minimum age in your country), and we don't knowingly collect their personal information. If you believe a child has provided us data, email privacy@vrolu.com and we'll remove it.

10. Changes

We may update this policy as the product evolves. When we make material changes we'll revise the "last updated" date above, and notify you where appropriate.

11. Contact

Privacy questions or requests: privacy@vrolu.com.

Something went sideways. Reload ×

Rejoining the server...

Rejoin failed... trying again in seconds.

Failed to rejoin.
Please retry or reload the page.

The session has been paused by the server.

Failed to resume the session.
Please retry or reload the page.