We handle personal data — names, emails, phone numbers, trip details, sometimes uploaded confirmations. You deserve to know exactly how it's protected. Here's the full picture.
All payments are processed by Stripe, which is PCI Service Provider Level 1 compliant — the strictest tier banks require. Stripe is used by Amazon, Google, Shopify, OpenAI, and hundreds of thousands of others. When you click "Buy" or "Join," your browser sends your card details directly to Stripe's hosted checkout. We never see, store, or have access to your card number, CVV, or expiration date.
The most we ever store from a payment is a charge confirmation ID, the last 4 digits of your card (for your reference on receipts), and the total amount. That's it.
We don't use passwords. To sign in, we email you a six-digit code that expires in minutes. There's literally no password for an attacker to steal, brute-force, or trick you into giving away. Your session is managed by Supabase Auth, which uses signed JSON Web Tokens (JWTs) and rotates them automatically.
Your trip data, name, email, phone number, and any uploaded documents live in Supabase — a SOC 2 Type II compliant infrastructure provider built on AWS. Data is encrypted on disk using AES-256 and replicated for durability. Every request between your browser and our servers uses TLS 1.2 or higher, terminated through Cloudflare (HTTPS everywhere). We use Row-Level Security policies so the database itself enforces that you can only access data you're authorized to see.
Once you claim a Passport, it's permanently bound to the email address you used. Even if someone steals the original claim link, they can't claim it as themselves once you have. Your trip access can't be transferred to another account or sold to someone else — every Passport equals one person. Coordinators can see who's claimed which Passport, when, and from what email.
What we can see: the trip details you enter, your name and contact info, your packing list progress, your uploaded documents (only what you choose to upload). Your trip coordinator (the person who bought your Passport) can see the shared trip plan and that you've claimed your seat — they cannot see your personal events, your packing list, or your uploaded documents.
What we cannot see: your card number, your bank account, your password (we don't have one), your phone's location unless you explicitly turn on location sharing for a trip, or the contents of your messages with anyone outside the app.
You can request a copy of all data we hold about you, or request full deletion of your account and data, by emailing scott@sweeneysells.com. We respond within 30 days (usually within 24 hours). This is your right under GDPR (EU) and CCPA (California) and we honor it for everyone regardless of jurisdiction.
If you discover a vulnerability, please email scott@sweeneysells.com with the subject line "Security disclosure." We take every report seriously, respond within 48 hours, and credit researchers who report responsibly.