Learn about security.

While keeping your shoes on.

Here's how we keep your data protected while you get where you need to be. No fluff, just facts.

Suspicious activity? Contact us.

Physical Security

All customer data stored in TripIt is located in a secure SAS70 Type II certified data center that uses multiple physical entry controls to ensure only those authorized and/or with data center responsibility are able to enter the facility.

No customer data is stored in any of our offices, or on any company or employee workstation.

Service Security

We employ several features at the service level to keep TripIt secure and to ensure its availability. Some of these features include:

  • Automatic logging of important events to closely monitor the health, performance and availability of the service, providing a better level of service to you.
  • Alerts triggered by significant log events sent to appropriate personnel who respond accordingly.
  • Log data does not contain sensitive personal information, and is protected from access by unauthorized personnel.

Mobile Security

We understand that mobile devices are often lost and stolen. That’s why security protections have been built into our mobile apps including:

  • Your sensitive personal information is encrypted on your mobile device.
  • Access to your sensitive personal information is restricted by passcode.

Software Security

We employ a structured software development life cycle (SDLC) when building and making changes and improvements to TripIt. Some of these security-related activities include:

  • All changes are analyzed to ensure that security requirements are met.
  • Software development personnel conduct code reviews to ensure that changes do not introduce security risks.
  • We train our software developers on the techniques for writing secure code.

We also maintain a team of dedicated software security engineers who test the TripIt application to look for security vulnerabilities before changes or improvements are released to production.

Need to report suspicious activity?

To report a security finding please use our open bug bounty program here. For other security related issues, please send the details to security@tripit.com using Concur’s PGP key, which you can download here.