Tripa
Get started
Go back

Trust & Safety

Built so you can book with confidence.

Six guarantees that keep every stay, event and trip on Tripa safe — for guests and hosts alike.

  • Hosts verified (KYC)

    Every host submits a government ID and a selfie before they can publish. Applications are reviewed and only verified hosts can take bookings.

    Become a verified host

  • Unique & secure QR tickets

    Each booking gets a 128-bit cryptographically random QR token generated by our database. Tokens are unique, unguessable and tied to a single booking.

  • No fake wallet system

    Payments are processed by Stripe. Saved cards live in Stripe's vault — we never store card numbers. There is no internal balance you can be locked out of.

  • Clear refund rules

    Every listing shows its cancellation policy (Flexible, Moderate or Strict) with the exact day-based refund percentages before you pay. If the host cancels the event itself, every guest gets a full automatic Stripe refund — regardless of policy.

  • Active fraud & chargeback monitoring

    We rate-limit suspicious booking activity, attach booking metadata to Stripe for Radar risk scoring, and monitor every chargeback. Disputed tickets are frozen at check-in until resolved.

  • Real-time, single-use ticket validation

    Hosts scan tickets from the Tripa app. The server verifies ownership, payment status and double-scan attempts in real time. Tickets are non-transferable and any replay is blocked and logged.

  • Public ticket verification

    Buying off-platform? Paste any Tripa QR token at /verify to check if it's genuine, already used, or cancelled — before you pay a reseller. Every scan is rate-limited and audit-logged.

  • Transparent fees & split payouts

    Your total at checkout always shows the ticket price and service fee separately — no surprises. Service fees and host commissions are taken at the moment of payment via Stripe and routed to the platform automatically; hosts only ever receive their net amount in their own connected Stripe account.

  • Data & system security

    All traffic uses TLS 1.2+. Server APIs require JWT auth on every call. Stripe webhooks are signature-verified and idempotent (replays are rejected). Every ticket action — checkout, payment, check-in, QR scan, regeneration, cancellation, refund, chargeback — is written to an immutable audit log. Data at rest is encrypted by our database provider; we never store raw card numbers.

    Manage your data
See something off? Email safety@mytripa.com or use the contact form. Our team reviews every report.