Travelora Privacy Policy
The short version: everything stays on your iPhone.
Effective: 2026-05-19
App: Travelora (com.travelora.app)
Publisher: QnSub Tech
Contact: support-travelora@qnsub.com
This is a plain-English explanation of what Travelora does with your data. The short version: everything stays on your iPhone. QnSub Tech does not run a server, does not have an account system, and does not ship analytics or advertising SDKs.
What Travelora stores
All of the following is stored locally on your device using Apple's SwiftData framework:
- Trips — name, destination, country, dates, local currency, and notes.
- Photos and videos — items added to a trip, including the capture date, optional location, captions, favorites, and any in-app edits. Each item references a photo in your device library; originals are not re-uploaded anywhere.
- Expenses — title, amount, currency, category, payment method, date, and an optional photo of the receipt.
- Travel documents — passports, visas, tickets, bookings, and similar files. The file contents are encrypted before being stored (see "Encryption" below).
- Itinerary, checklists, flights, and accommodation — the plans, to-do and packing items, and travel logistics you add to a trip.
- Albums — the photo collections you create within a trip.
- App preferences — small flags such as your name, home country, and home currency, stored in iOS UserDefaults, plus a cache of exchange rates.
Photo library
With your permission, Travelora reads your photo library to find pictures and videos taken during a trip's dates and add them to that trip, and to let you pick more manually.
- Travelora only imports the items that match your trip dates or that you explicitly pick.
- Photo originals stay on your device. Travelora keeps a reference to the library asset along with a working copy used inside the app.
- Permission can be changed at any time in iOS Settings → Privacy & Security → Photos → Travelora.
Camera
Travelora uses the camera to scan travel documents and receipts and to read QR codes when receiving a shared trip. The camera stream is processed on-device; nothing is uploaded.
Face ID / Touch ID
The Documents section is locked behind Face ID or Touch ID (with a device-passcode fallback). Biometric authentication is handled entirely by iOS — Travelora never sees your biometric data, only whether the unlock succeeded.
Encryption
Travel-document files are encrypted at rest using AES-GCM, a standard algorithm provided by Apple's CryptoKit. The encryption key is generated on your device and stored in the iOS Keychain. Document file bytes are never written to disk in the clear and never leave your device.
Local network
Travelora can hand a copy of a trip to another nearby device. With your permission, it uses the local network (Bonjour) to discover and connect to that device directly. The trip is transferred device-to-device — it does not pass through any QnSub server.
Network requests
Travelora is offline-first. It makes only two kinds of outbound request, and neither carries an account or an identifier we control:
- Currency exchange rates — Travelora downloads and caches foreign-exchange rates from a public rates provider so currency conversion works offline. The request is a standard HTTPS call and contains no personal data.
- Google Photos import (optional) — if you choose to import photos from Google Photos, you sign in with Google and pick the photos yourself. Only the items you select are imported. That sign-in and selection are handled by Google, and Google's privacy policy applies to it.
What we do not do
- We do not track you across apps or websites.
- We do not use analytics SDKs (no Google Analytics, no Mixpanel, no Firebase, no Amplitude, etc.).
- We do not use advertising SDKs or any third-party SDK that collects data.
- We do not sell or share your data with anyone.
- We do not have a server collecting your data.
- We do not require you to create an account.
Sharing your data, on purpose
The only time data leaves your device is when you initiate it:
- Sharing a trip — you can send a copy of a trip to a nearby device. The receiving device gets its own independent copy.
- Backup & restore — you can export all of your trips as a single backup file and save it wherever you choose (iCloud Drive, Google Drive, Files). Whatever service you save it to is governed by that service's privacy policy.
Deleting your data
Because everything is local, uninstalling Travelora deletes everything. iOS removes the app's data container along with the app. There is nothing on a server to delete.
You can also delete things individually inside the app — remove a photo, an expense, a document, a plan, or an entire trip at any time.
Children
Travelora is not directed to children under 13.
Changes to this policy
If the privacy practices change, we'll update this page and the in-app About screen with the new effective date. Material changes (e.g., adding a backend) will be highlighted at the top.
Contact
Questions or requests: support-travelora@qnsub.com