Privacy and Security

Privacy Policy

We take the privacy of visitors to www.tripuck.com very seriously. This privacy policy explains in detail the information we collect and how we use it.

Last updated: June 2, 2026
HomePrivacy Policy

Data Collection

As Tripuck, we collect certain information to improve your user experience and provide our services:

  • Internet Protocol (IP) addresses
  • Browser type and version
  • Internet Service Provider (ISP)
  • Date and time stamps
  • Referring/exit pages
  • Number of clicks and pages visited

This information is used to analyze trends, manage the site, and track user movements. IP addresses and other such information are not linked to any personally identifiable information.

Cookies

www.tripuck.com uses cookies to improve user experience. Cookies are used to remember your preferences, analyze site usage, and provide you with better service.

We use three categories of cookies: (1) Essential Cookies - necessary for the site to function, such as language preference, session information, and currency; (2) Analytics Cookies - site usage statistics through Google Analytics and Microsoft Clarity; (3) Marketing Cookies - advertising platforms and campaign measurement.

If you consent to analytics, an anonymous visitor ID is created to understand how you use our site, and your visit information (device type, page views, search habits) is recorded. This ID is not linked to your personal information.

You can change your cookie preferences at any time from the "Cookie Settings" link at the bottom of the page. You can also delete or disable cookies through your browser settings.

Child Protection

We believe it is important to provide additional protection for children online. We encourage parents and guardians to spend time with their children online observing and guiding their online activities.

www.tripuck.com does not knowingly collect any information from children under 13. If a parent or guardian believes that a child under 13 has personal information in our database, please contact us immediately. We will take all necessary steps to remove this information from our records.

Data Usage

We use the information we collect for the following purposes:

  • To provide and improve our services
  • To manage and secure our website
  • To personalize user experience (route suggestions based on your search history)
  • To analyze traffic and usage trends
  • To detect and resolve technical issues
  • To inform about campaigns and promotions
  • To provide price alert service and notify about price changes
  • To send web push notifications (with your separate consent)
  • User engagement scoring and segmentation (with your analytics consent)
  • To improve service quality with A/B testing (with your analytics consent)

International Data Transfer

Some of your data may be transferred to service providers located abroad in order to provide our services:

  • Google LLC - Analytics and advertising services (with your analytics/marketing consent)
  • Microsoft Corporation - Clarity analytics service (with your analytics consent)
  • Cloudinary Ltd. - Media file hosting
  • MailerLite - Email marketing services (with your consent)

These transfers are carried out under Article 9 of KVKK, to countries providing adequate protection or within the framework of standard contractual clauses.

AI Assistant Connector (ChatGPT / Claude / MCP)

Tripuck operates a Model Context Protocol (MCP) connector that lets AI assistants (the "AI host", e.g. ChatGPT, Claude, or any MCP-compatible client) call our public flight search, price calendar, popular routes, flight details, Meeting Point, hotel search, and prepaid eSIM data-plan services on your behalf when you ask a travel-related question. The connector is strictly read-only: no bookings, payments, account changes, or any other write operations are ever performed through it.

This MCP-specific section supplements the rest of this Privacy Policy. In case of conflict, the terms below control for data processed through the MCP server. Your natural-language message is first processed by the AI host under its own privacy policy. Only after the AI host extracts structured parameters do we receive a tool call. The numbered sections below describe exactly what data we receive, what we return, why we process it, who handles it, how long we keep it, how it is secured, the lawful basis, and how you can control or delete it.

  • 1. INDEPENDENCE & NO AI/ML TRAINING:
  • Tripuck Tourism Limited Company is an independent third-party MCP server provider. We are not affiliated with, endorsed by, or operated by OpenAI, Anthropic, or any other AI host. The AI host you use has its own privacy policy that governs how it collects and processes your conversation.
  • We do NOT use your queries, tool inputs, tool results, or any data passed through our MCP server to train artificial intelligence or machine learning models, and we do NOT provide this data to any third party for AI/ML training purposes.
  • 2. INPUTS — Data we receive per tool call:
  • search_flights: origin / destination IATA codes, departure date (optional return date), cabin class, passenger counts (adults, children, infants), locale, currency.
  • cheapest_dates: origin / destination IATA codes, target month (YYYY-MM), locale, currency.
  • popular_routes: optional origin IATA code, locale, currency.
  • flight_details: flightId and searchKey (returned by a prior search_flights call), locale, currency.
  • find_meeting_point: list of traveler origins (IATA codes), travel date range, locale, currency.
  • We do NOT receive your name, email, phone number, payment method, precise location, account identity, prior conversation history, device fingerprint, cookies, or any other personal context from the AI host.
  • 3. OUTPUTS — Data we return to the AI chat:
  • Public flight prices, schedules, carrier names and IATA codes, durations, layovers, and deep links to tripuck.com.
  • A short, human-readable text summary in the requested locale (Turkish, English, Arabic, German, etc.).
  • A widget HTML payload for inline rendering inside the AI chat.
  • No personal data is ever returned. All output comes from Tripuck's public data feeds and aggregated travel partner inventory.
  • Once we return data to the AI host, that data becomes part of your AI conversation and from that point on is handled under the AI host's privacy policy, not ours. Please consult your AI host's privacy policy for details of its retention and processing.
  • 4. AI HOST METADATA — Limited transport context received:
  • Country code (e.g. via CF-IPCountry / X-GeoIP-Country-Code header) — used solely to display prices in the appropriate local currency.
  • Locale (Accept-Language header or in-band parameter) — used solely to localize the text summary and city/airline names.
  • Platform hint (User-Agent string) — used solely to choose desktop vs mobile widget layout.
  • An opaque AI host identifier (e.g. "openai", "anthropic") — used solely to monitor service health per surface.
  • No AI host session ID, no user identifier, and no conversation content are received beyond the structured tool arguments above.
  • 5. PURPOSES — Why we process this data:
  • Real-time tool execution (flight lookup, price calendar generation, route ranking, multi-origin meeting point computation).
  • Abuse prevention and rate limiting: 30 requests per minute and 2000 per day per client fingerprint.
  • Measuring connector traffic and improving the service: aggregated request volumes per tool, error rates, latency percentiles, and which routes/dates are queried, so we can tune performance and reliability.
  • We DO NOT use connector traffic to build personal user profiles, for advertising, for model training, or for selling to third parties.
  • 6. RECIPIENTS / SUB-PROCESSORS — Who handles the data:
  • Tripuck Tourism Limited Company — data controller, Antalya, Türkiye. Receives all tool inputs to fetch flight availability and pricing.
  • Cloudflare, Inc. — DDoS protection, WAF, and CDN. Receives network transit only; tool payload contents are not inspected.
  • Third-party flight inventory & search-data providers — receive only flight search parameters (IATA codes, dates, cabin, passenger counts) to query carrier availability and pricing. No personal data is sent.
  • Logging / monitoring providers — receive server access logs without PII (timestamp, IP, User-Agent, request ID, tool name, response status).
  • The AI host (OpenAI, Anthropic, etc.) is the recipient on your side under its own privacy policy. They process your natural-language message and forward structured arguments to us; we do not send data back to them beyond the tool response.
  • 7. RETENTION — How long we keep the data:
  • The search_flights tool records each search request (origin/destination, dates, passenger counts, cabin class) together with technical metadata (timestamp, IP address, User-Agent, Cloudflare country/ray) in a server-side request log. This log exists ONLY to measure connector traffic, prevent abuse, and improve the service — it is never used to build a profile of you, to identify you, or for marketing.
  • The other tools (cheapest_dates, popular_routes, flight_details, find_meeting_point) process their parameters in memory to produce a result and do not write a request log.
  • We do not currently apply a fixed deletion schedule to these logs. In line with data-minimization principles we keep them only as long as they remain operationally useful for the purposes above and purge them periodically as volume grows. You can request deletion of any log entries tied to your IP at any time (see User Controls below).
  • We never sell, rent, or share connector logs with advertisers or marketing partners.
  • 8. SECURITY & COOKIES:
  • All transit uses HTTPS / TLS 1.2+ encryption.
  • Server logs at rest are encrypted on the cloud provider.
  • Access to logs follows the principle of least privilege and is restricted to authorized engineering personnel.
  • Vendors and sub-processors undergo regular security review.
  • The MCP server itself does NOT set cookies or local storage on your device, and does NOT use third-party tracking pixels.
  • 9. LAWFUL BASIS FOR PROCESSING:
  • KVKK (Türkiye, Law No. 6698): Article 5(2)(c) — necessary for the performance of the service you requested; Article 5(2)(f) — legitimate interest for abuse prevention and short-lived logs.
  • GDPR (EU/EEA users): Article 6(1)(b) — performance of a service requested by you, for tool inputs; Article 6(1)(f) — legitimate interest for anonymized analytics and short-lived server logs. You may object to processing based on legitimate interest at any time.
  • Other applicable data protection laws (UK GDPR, PDPL, etc.) are honored where they apply.
  • 10. USER CONTROLS, RIGHTS & COMPLAINT:
  • Disable the connector in your AI host's settings (ChatGPT "Connectors", Claude "Connectors", etc.) or simply close the chat — no further tool calls will be made and no further data will be processed.
  • Email [email protected] or [email protected] with the subject "AI connector data request" to ask for (a) confirmation of any logged metadata for your IP / fingerprint, (b) deletion of that metadata, (c) an export of what we hold, or (d) restriction or objection to processing. We respond within 30 days as required by KVKK / GDPR.
  • Your full data subject rights apply to any logged metadata: access, rectification, erasure, restriction, portability, objection, and (where consent is the basis) consent withdrawal. See the "Your Rights" section below.
  • Right to complaint: if you are not satisfied with how we handle your data, you may lodge a complaint with the Turkish KVKK Kurumu (kvkk.gov.tr) or, for EU/EEA users, your local Data Protection Authority.
  • When you click a deep link from the AI chat to tripuck.com and continue a booking on our website, that booking is then governed by the regular Tripuck Terms of Service and the rest of this Privacy Policy.
  • 11. HOTEL & eSIM TOOLS — additional read-only search:
  • search_hotels — INPUTS: destination city name, check-in / check-out dates, guest counts (adults, children), optional minimum star rating and guest-review score, sort order, locale, currency. OUTPUTS: public hotel names, star ratings, guest-review scores, nightly prices, thumbnail images, and deep links to tripuck.com. No personal data is received or returned.
  • search_esim — INPUTS: destination country (ISO code), optional minimum data (GB) and validity-day filters, sort order, locale, currency. OUTPUTS: public prepaid eSIM package data amount, validity, coverage and price, with deep links to tripuck.com. No personal data is received or returned.
  • Like all our connector tools, search_hotels and search_esim are strictly read-only: no booking or purchase is ever performed through the connector — you complete any reservation or purchase on tripuck.com.
  • RETENTION: search_hotels and search_esim record the search parameters above together with technical metadata in a server-side request log used ONLY to measure connector traffic, prevent abuse, and improve the service — never to build a profile of you, to identify you, or for marketing. The same data-minimization retention and deletion-on-request terms described in section 7 apply (contact [email protected]).

Summary: Tripuck is an independent MCP provider; we do NOT train AI/ML models on your data and do NOT build user profiles. The flight, hotel and eSIM search tools log the search request plus technical metadata solely to measure traffic, prevent abuse, and improve the service; we apply data minimization, keep logs only as long as operationally useful, and you can request deletion at any time via [email protected]. HTTPS/TLS in transit and encryption at rest.

Data Security

The security of your personal information is extremely important to us. We use industry-standard security measures to protect your information. However, no data transmission over the internet or electronic storage can be guaranteed to be 100% secure.

Your Rights

Under KVKK (Personal Data Protection Law), you have the following rights:

  • To learn whether your personal data is being processed
  • To request information if it has been processed
  • To learn the purpose of processing and whether it is used in accordance with its purpose
  • To know the third parties to whom personal data is transferred domestically or abroad
  • To request correction if data has been processed incompletely or incorrectly
  • To request deletion or destruction of data
  • To object to a result that arises against you due to the analysis of processed data exclusively through automated systems

International

Our website is accessible worldwide. If you are accessing from different countries, please note that your information may be transferred to and processed in Turkey.

Cookie Management

If you wish to disable cookies, you can do so through your browser settings. Detailed information about cookie management can be found on your browser's website.

ChromeFirefoxSafariEdge

Legal Notice

This privacy policy applies only to our online activities and is valid for visitors to our website. This policy does not apply to information collected offline or through channels other than this website.

By using our website, you consent to our privacy policy and agree to its terms.

TRIPUCK TOURISM LIMITED COMPANY

Updates:If our privacy policy needs to be updated, modified, or changed, these changes will be posted on this page.

Have questions?

If you need more information about our privacy policy or have questions, please contact us.

Travel with Confidence

Your privacy is our priority. We offer a secure and transparent platform.