TripTrek Operations App

Introduction

Welcome to TripTrek Operations. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the TripTrek Operations mobile application (the "Ops App") as an authorized employee, contractor, or staff member of ferry operators, vessel owners, or our company.

The TripTrek Operations App is a business tool designed for maritime transportation operations management. It is intended for use by authorized personnel only, including System Administrators, Operations Administrators, Captains, and Handlers.

Bundle ID: com.inverse.triptrekops
Developer: TripTrek
Contact: opsapp@triptrek.travel

Scope and Application

Business Application

The TripTrek Operations App is a business-to-business (B2B) application designed for:

• Ferry operators and vessel owners
• Maritime transportation staff
• Authorized administrative personnel
• Operations management teams

User Categories

This app is used by four categories of authorized personnel:

• SYSADMIN (System Administrator): Platform administrators with full platform access
• OPSADMIN (Operations Administrator): Ferry operators and vessel owners with access to own vessels
• CAPTAIN (Vessel Commander): Vessel captains with access to assigned vessel operations
• HANDLER (Crew Member): Deck handlers and boarding staff with access to assigned trip operations

Not for General Public Use

This app is NOT intended for:

• General consumers or passengers
• Unauthorized personnel
• Personal or non-business use
• Individuals under 18 years of age

Information We Collect

Employee/Staff Account Information

• Full name, work email, work phone number
• Employee ID or staff number
• Password (encrypted)
• Assigned role and permission levels
• Assigned vessel(s) and trip(s)
• Operator/company affiliation
• Job title and employment status

Operational Activity Data

• Trip Management: Trip creation, status changes, passenger manifest access, capacity monitoring
• Boarding Operations: QR code scans, check-in timestamps, boarding validation attempts
• Payment Processing: Receipt views, approval/rejection decisions, processing timestamps
• Manual Ticketing: Ticket generation records, walk-in passenger information
• Vessel Management: Vessel access, crew assignments, status updates

Device and Usage Information

• Device type, model, and operating system
• App version and unique device identifiers
• Usage analytics (features used, screens viewed, session duration)
• Location data (for QR scanning verification)
• Camera access (for QR code scanning only)

How We Use Your Information

Operational Management

• Authenticate identity and verify role permissions
• Enforce role-based access control (RBAC)
• Enable trip management and passenger boarding functions
• Facilitate payment processing workflows
• Track trip status and monitor capacity

Performance Monitoring

Compliance and Audit

• Maintain audit logs of all operations
• Track data access and modifications
• Record payment decisions and boarding activities
• Support regulatory compliance and inspections

Data Processing on Behalf of Operators

Your Role as Data Processor

When you access passenger information through the Ops App, you are processing data on behalf of your employer (ferry operator or vessel owner). You must:

• Maintain Confidentiality: Keep passenger information confidential and not disclose to unauthorized parties
• Use Secure Practices: Use strong passwords, never share credentials, report security incidents
• Appropriate Use Only: Access only data necessary for your duties
• Report Breaches: Report suspected breaches immediately

Consequences of Misuse

Misuse of passenger data may result in: employment termination, legal action, regulatory penalties, and criminal charges (in serious cases).

Data Storage and Security

• Storage: Firebase Firestore (Singapore region)
• Encryption: TLS 1.3 in transit, AES-256 at rest
• Access Controls: Role-based with permission validation
• Monitoring: 24/7 security monitoring and anomaly detection
• Incident Response: Immediate account revocation upon termination

Employee Monitoring and Workplace Privacy

Data Retention

• Active Employment: All operational data retained
• Post-Employment: Access revoked immediately, credentials deleted within 30 days
• Operational Records: 7 years (financial and regulatory compliance)
• Audit Trails: 7 years (legal requirements)
• Safety Records: Indefinitely

Your Privacy Rights

Due to the business nature of this app, some privacy rights are limited:

• Access: Request copies of your personal information
• Correction: Update personal information
• Deletion: Request deletion (subject to legal retention requirements)
• Cannot Delete: Operational audit logs, historical activity records

To exercise rights: Contact your supervisor/HR or email opsapp-privacy@triptrek.travel

Third-Party Services

• Firebase: Database, authentication, storage
• OneSignal: Push notifications
• Mobile Scanner: QR code scanning (local processing)
• Lottie: UI animations (no data collection)

Contact Us

• Privacy Questions: opsapp-privacy@triptrek.travel
• Data Protection Officer: dpo@triptrek.travel
• Security Incidents: security@triptrek.travel (24/7)