When Big Media Aren’t the Biggest

After I posted my recent criticism of the travel service TripIt, their twitter account @mentioned me and asked me to contact the service desk. I did that, providing a link to the blog post and said I’d be happy to publish any response.

TripIt has since responded. The response is a mostly standard spiel about protection of data from unauthorised access by outsiders. Nonetheless, I am as good as my word, and the TripIt service desk response is below. To save reading time, the most relevant paragraph is the last, which reads:

We understand that the TripIt service (and our business) runs on a foundation of trust. As such, we work very hard to provide the most trustworthy experience on the Web. In that spirit we’re taking a hard look at the language of our User Agreement now to see how we can make it as clear as possible. In any event, I hope this message explains the intent behind our User Agreement and clarifies how TripIt approaches privacy and trust.

The whole response is below:

Sam, Dec-13 11:06 am (PST):

Hi Travis,

If you have not already had a chance to view our full privacy policy, please access if via this link: http://www.tripit.com/uhp/privacyPolicy (this link is also found at the very bottom of each page of our site).

Here are some highlights and some additional information.

We will never post your credit card information (nor receive it from the vendors you purchased from) for any itineraries you forward to us. If you choose to become a TripIt Pro account holder and you enter sensitive information such as a credit card number on our registration or order forms, we encrypt that information using secure socket layer technology (SSL).

If pricing such as hotel rates are included on the confirmation emails you forward to us that data may show up on your itinerary. Again, your cc information will not. No one can enter your account without your unique user id (email address) and password.

If you choose to share your itinerary with another we will not provide access to your confirmation number(s), frequent flyer number(s), or any costs associated with the trip (as long as you do not mark that person as a traveler and/or collaborator).

Here is what TripIt does NOT do:
>TripIt doesn’t sell anyone’s information;
>TripIt doesn’t reveal your information to anyone else unless you tell us to (via various sharing tools we offer). We are proud to have been certified by the TRUSTe Privacy program, which certifies that we abide by EU Safe Harbor Framework as outlined by the US Department of Commerce and the European Union. http://clicktoverify.truste.com/pvr.php?page=validate&url=www.tripit.com&sealid=102

By default, your account information and detailed travel plans are visible only to you. You can opt to make individual travel itineraries available to people you specify–or to the public–on a case-by-case basis. If you want to grant permission to a third party application to view or edit your TripIt data on your behalf (like My Travel on LinkedIn, FlightTrack Pro on iPhone, or your Facebook wall), you must authorize each application individually and can revoke permission at any time.

We understand that the TripIt service (and our business) runs on a foundation of trust. As such, we work very hard to provide the most trustworthy experience on the Web. In that spirit we’re taking a hard look at the language of our User Agreement now to see how we can make it as clear as possible. In any event, I hope this message explains the intent behind our User Agreement and clarifies how TripIt approaches privacy and trust.

Be sure to check out http://help.tripit.com/home for answers to common questions.