There is a rule in technology that is worth knowing: if you are not paying for a product, you are probably the product.
It is not always true. But when it comes to travel apps — apps that know where you've been, when you were there, and where you're going next — it is worth asking the question seriously before you hand over your passport details.
How most travel apps make money
The travel industry runs on data. Airlines, hotels, visa agencies, insurance companies, and advertisers all want to know where people travel, how often, and what they spend. An app that collects detailed travel behaviour from millions of users has something valuable — and there are buyers.
The most common models:
Advertising — your travel data is used to target you with ads. Flew to Dubai last month? Here's a hotel offer. Visiting the UK regularly? Here's a visa service. This requires building a profile of your behaviour, which means collecting and storing far more than you probably realise.
Data licensing — aggregated, "anonymised" travel data sold to airlines, tourism boards, hedge funds, and research companies. The anonymisation is often weaker than advertised — travel patterns are surprisingly identifying when combined with other data points.
Lead generation — your expressed interest in a destination gets you added to a list that's sold to travel agents, visa services, or insurance companies. You didn't sign up for marketing. Your data did it for you.
None of these are necessarily illegal. Most are disclosed somewhere in a privacy policy that nobody reads. But they represent a fundamental misalignment of incentives — the app profits from your data, not from serving you well.
Why travel data is particularly sensitive
Location data is among the most sensitive categories of personal data. Your travel history reveals where you live, where your family is, your religious practices (regular visits to Saudi Arabia suggest Umrah or Hajj), your business relationships, your lifestyle, and your financial situation.
Passport data is a different level again. Your passport number, nationality, date of birth, and expiry date are the core credentials of your legal identity. An app that stores this data carelessly — or shares it with third parties — is creating risk that follows you long after you've deleted the app.
What to look for in a privacy policy
Most privacy policies are designed to be unread. But a few specific things are worth checking:
Who do they share data with? Look for a list of third parties. "Partners," "affiliates," and "service providers" can mean almost anything. If the list is long and vague, that's a signal.
Do they sell data? Some policies say explicitly "we do not sell your personal data." Many don't say this — they use the word "share" instead of "sell" and rely on the distinction to technically comply while still monetising your information.
What is their business model? If the app is free and doesn't have a clear subscription or transaction revenue, ask how they make money. The answer is usually data.
What happens if they're acquired? Many privacy policies include a clause allowing data to be transferred in a merger or acquisition. Your data could end up with a company you never agreed to share it with.
Can you delete everything? A trustworthy service makes deletion easy and complete. If the process is buried, complicated, or the policy says they retain data "for legitimate business purposes" after deletion — that's a red flag.
What PassportTrail does differently
PassportTrail is a subscription travel history tracker. You pay us directly. Our revenue comes from making PassportTrail useful enough that you keep subscribing — not from selling your data or showing you ads.
We encrypt passport numbers with AES-256 — you can read exactly how PassportTrail keeps your data safe in full detail. We use cookie-free analytics. We don't share your data with third parties beyond what's strictly necessary to operate the service. We give you a one-click data download and a one-click account deletion that actually deletes everything.
We publish this not because we're required to, but because we think you should know exactly what you're signing up for before you hand over your passport details to any service — including ours.
Read the privacy policy. Ask how they make money. If the answer isn't clear, trust your instincts.
Your travel data is worth protecting. Make sure the app holding it agrees.
