How HoloHolo protects your data and respects your privacy.
We store only what’s needed for trip planning. Trip data, itineraries, budgets, and documents are stored in Supabase with row-level security (RLS) policies. Only trip members can access trip data.
Powered by Supabase Auth with support for email/password and Google OAuth. Passwords are hashed and never stored in plain text. Sessions are managed via secure HTTP-only cookies.
We use Anthropic's Claude for itinerary generation, destination briefs, receipt scanning, and chat. Your data is sent to Anthropic's API for processing only — it is not used for model training. See Anthropic's data policy.
Receipt images are processed in-memory and not stored on our servers. Budget data is stored in your trip’s private database. We do not process payments or store credit card information.
Forwarded booking emails are parsed by AI to extract trip details, then the email content is discarded. We do not store raw email content.
Shared trip links provide read-only access to trip itineraries. Join links require authentication before granting trip membership.
Hosted on Netlify with automatic HTTPS. Database hosted on Supabase (AWS). All data transmitted over TLS 1.2+. Security headers include X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Content-Security-Policy.
This application's code is available for review.
For security concerns, contact admin@thepracticecenter.org.
Last updated: March 2026