Privacy Policy

Who we are

This Privacy Policy describes how Observation Assistant LLC, doing business as Tour Planner Pro ("Company," "we," or "us") collects, uses, discloses, and protects information when you use the Tour Planner Pro public website and marketing pages, the Tour Planner Pro web application, the family portal, and any official Tour Planner Pro mobile application we make available in app stores (together, the "Service").

What this policy covers

By using the Service, you acknowledge this Privacy Policy. If you use the Service on behalf of an organization, you represent that you have authority to bind that organization, and you agree that the organization is responsible for the way its staff and end users use the Service and the information they enter.

The Service is operated from the United States. If you access the Service from other countries, you understand that your information may be processed in the U.S. and in other countries where we or our vendors operate, as described below.

Information we collect

We collect the categories of information that reasonably relate to running group-travel and school-trip operations, protecting accounts, and meeting legal and operational requirements. These include:

• Account and profile information, such as name, email address, role, and organization or workspace details you or your organization provide when signing up, inviting users, or maintaining profiles.
• Trip, roster, and operational data, such as participant names, dates of travel, accommodations, activities, chaperone assignments, documents and files you upload, internal notes, and other content you or your organization chooses to store in the Service.
• Family portal and payer information, such as sign-in data for individuals your organization authorizes, traveler linkage, and payment and balance information surfaced in the product.
• Transaction and payment-related data. Card payments are processed by Stripe, Inc. and its affiliates. We receive limited payment metadata (for example, amounts, last four digits when shown in the product, and transaction status) as needed to operate trip balances, receipts, refunds, and dispute workflows—not full card numbers, which are handled by the payment processor’s systems.
• Support and communications, such as messages you send to us through help channels, in-product support, or email, and the contact details you use when doing so.
• Technical and device information collected automatically, such as IP address, request timestamps, device or browser type, operating system, app version when you use a mobile app, and diagnostic identifiers needed for security, fraud prevention, reliability, and to improve the Service. On mobile, we may also collect mobile operating system and device model where needed for compatibility and support.

How we use information

We use information for the following purposes, as applicable:

• To provide, operate, maintain, and support the Service, including organization workspaces, trip planning, rostering, family portal access, and payment-related features enabled for your account.
• To authenticate you, protect sessions, enforce access controls, monitor for abuse, and secure our systems and users.
• To communicate with you about the Service, such as service notices, security alerts, and responses to your requests. Where permitted by law, we may also send information about new features; you can opt out of non-essential marketing communications where those controls exist or by contacting us.
• To comply with applicable law, respond to lawful requests, and exercise or defend legal rights.
• To analyze and improve the Service, including through aggregated or de-identified use information where we do not identify you as an individual.

How we do not use data for sale and targeted advertising

We do not sell your personal information for money as that term is commonly defined in U.S. state consumer privacy laws. We do not use the Service’s personal data to run cross-context behavioral advertising across unrelated third-party sites in the way many “ad tech” networks operate. We may use our hosting and security vendors in support of the Service, as described under Sharing and service providers below.

Student, minor, and school-related information

The Service is a business and educational-operations tool. Tour Planner Pro is not intended to be used by persons under 13 years of age. It is not directed at children to register for their own accounts, and we do not knowingly allow children under 13 to create their own end-user accounts outside of a school or organization context that authorizes the relationship.

When a school, district, or other organization uses the Service, that organization (for example, as a “school” under the U.S. Family Educational Rights and Privacy Act (FERPA), where applicable) is generally responsible for deciding what student or minor-related information to enter, for providing required notices, and for obtaining any required consents from parents or guardians under student-privacy and child-protection laws. For that information, the organization is typically the data controller and we process it on the organization’s instructions as a service provider or processor (in GDPR terms, where that law applies), in accordance with the organization’s use of the product, our agreement with the organization, this Privacy Policy, and applicable law. If a signed data processing addendum or other contract with the organization says something different and the law allows it to control, that writing governs the processing it covers.

If you are a parent or guardian and need access, correction, or deletion of a student or minor’s information, please contact the organization that uses Tour Planner Pro; we can assist the organization in responding where appropriate.

Sharing and service providers

We do not share personal information with third parties for their independent marketing beyond what is described in this policy. We share information in these situations:

• With service providers and subprocessors that perform services on our behalf, such as cloud hosting and infrastructure, database storage, email and notification delivery, payment processing (Stripe), and security or reliability tools. We enter into written terms that require them to use information only to provide those services and to protect it appropriately.
• With the organization and users you or your organization authorize—such as other staff, trip leaders, and family portal users with permissions your organization gives—so they can use the product as intended.
• When we believe disclosure is required by law, regulation, legal process, or a governmental request; to enforce our terms or protect the rights, safety, or property of you, us, or others; or in connection with a corporate transaction such as a merger, acquisition, or sale of assets, in which case we will take reasonable steps to govern continued use of information and notify you if required by law.

International data transfers

If you are located outside the United States, we and our providers may process and store your information in the U.S. and in other countries that may not provide the same level of data protection as your home country. Where required, we use appropriate safeguards such as standard contractual clauses or other measures recognized by applicable law. You may request more detail about these safeguards by contacting us below.

Cookies, local storage, and performance measurement

The Tour Planner Pro web application and family portal use cookies or similar storage that are needed to keep you signed in, maintain secure sessions, and protect against abuse. These are typically “strictly necessary” for the Service to work.

The public marketing site may load Vercel Speed Insights to measure performance and Core Web Vitals. That service may set cookies or use similar storage as described in Vercel’s public documentation. We do not use third-party advertising, social advertising pixels, or other advertising or marketing trackers on the marketing site or in the product, and we have no plans to do so.

Data retention

We keep information for as long as we have an ongoing legitimate need to do so, including to provide the Service, meet legal, tax, and accounting obligations, resolve disputes, and enforce our agreements. Actual retention can vary by data type, your organization’s configuration, and applicable law.

Where the product, your role, and the law allow, you or your organization can delete or request deletion of information that is not required to be retained for legal, regulatory, tax, accounting, audit, or similar compliance reasons. We may need to keep certain records for a legally required period even if you also ask us to delete or restrict processing; in those cases we will explain the limitation where we can. Export, correction, and deletion are otherwise in line with the product and your agreement with us, subject to legal holds and what is technically and operationally feasible.

If you use features that involve payments, card charges are processed by Stripe, Inc. and its affiliates. When you close or delete your account, we end your sign-in and delete or limit use of your personal data where we can, but we and our payment partners may be required to retain certain transaction, tax, fraud-prevention, and accounting records (including data Stripe holds under its own agreements and network rules) for a period of time. That is typical for services that process payments, and it means account deletion may not remove every data element in every system immediately, even though your access to the Service ends when the account is closed unless we agree otherwise in writing or as required by law.

Security

We use administrative, technical, and organizational measures designed to protect information against loss, misuse, and unauthorized access or disclosure. Data is transmitted over encrypted connections (for example, HTTPS/TLS) between your browser or app and our services.

For information stored in our application database, we encrypt at the application layer (using industry-standard encryption) every field the Service uses to store data that may be personally identifying or otherwise sensitive—such as traveler, guardian, and staff contact and profile fields. Operational or non-identifying data (for example, internal identifiers or configuration) may be stored unencrypted in access-controlled systems. No online service is completely secure; you are responsible for safeguarding your account credentials. Please contact us if you become aware of unauthorized use of your account or a security issue related to the Service.

Your rights and choices

We do not and will not sell your customer or personal data. Our business is the Service itself, not monetizing your information.

Where applicable law gives you rights, you may request access, correction, deletion, portability, or restriction of certain processing, and you may be able to object to certain processing. You can exercise many of these through your account settings, your organization’s administrator, or the Help center. You may also email us or write using the contact information at the end of this policy. We will verify and respond in line with applicable law, which may require us to work with the organization you are associated with when the organization’s account is the data controller of certain records.

U.S. state residents (including California and Virginia-style rights)

If you are a U.S. resident, state law may provide additional rights, such as the right to know categories of information collected, the right to delete certain information, and the right to opt out of “sale” or “sharing” for cross-context behavioral advertising, where those concepts apply. As noted above, we do not sell personal information for money in the common sense, and we do not operate a cross-site targeted advertising business off the application data. If you wish to exercise rights under a specific state’s law, use the contact below and identify your state so we can respond appropriately.

EEA, UK, and Switzerland users

If you are in the European Economic Area, United Kingdom, or Switzerland, our legal bases for processing may include: performance of a contract with you or your organization, legitimate interests in operating, securing, and improving the Service (balanced against your rights), compliance with legal obligations, and, where we ask for it, consent for specific uses that require consent under local law. You have the right, in some circumstances, to lodge a complaint with your local data protection authority.

Changes to this policy

We may update this Privacy Policy to reflect changes to our practices, the Service, or the law. When we post a new version, we will revise the “Last updated” date at the top of this page. If we make a material change, we will provide additional notice as appropriate (for example, a notice in the app or by email) where the law requires.

Contact us

For privacy questions, requests, or to reach our data protection contact, email privacy@tourplannerpro.com, or use the Help center from our website and from within the product (tourplannerpro.com; sign-in links are provided on the public site). Please include “Privacy” in the subject line or form so we can route your request promptly.