Effective Date: April 3, 2026
This Privacy Policy describes how Travelese ("we", "us", "our") collects, uses, shares, and protects your personal information when you use our AI-powered travel planning platform at travelese.ai and chat.travelese.ai. We are committed to transparency about our data practices and to protecting your privacy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address — used for authentication, account recovery, and communications.
- Name — used to personalize your experience and populate traveler profiles.
- Authentication data — managed through Supabase, including session tokens and login method (email, social provider).
1.2 Traveler Profile Data
To facilitate travel bookings, we collect:
- Full legal name — as it appears on your travel documents, required for booking.
- Date of birth — required by airlines and accommodation providers.
- Passport information — including passport number, issuing country, and expiration date, when you choose to store this for booking convenience.
- Nationality and gender — as required by travel providers for booking purposes.
- Loyalty program numbers — airline and hotel loyalty memberships you choose to store.
- Contact phone number — required by travel providers for booking notifications.
1.3 Payment Information
- Subscription payments are processed by Stripe. Stripe collects and stores your payment card details. We receive only a tokenized reference, the last four digits of your card, card brand, and billing address. We do not store full card numbers on our servers.
- Travel booking payments are processed through Duffel's payment infrastructure. Similar to Stripe, we do not directly handle or store your full payment card information for bookings.
1.4 AI Interaction Data
- Chat messages — all text messages you send to and receive from the AI assistant, including travel queries, planning requests, and general conversation.
- Voice input — when you use voice features, your speech is processed and converted to text. We do not permanently store raw audio recordings.
- AI responses — generated responses, recommendations, and travel suggestions provided by the AI.
- Tool usage data — records of AI tool invocations (flight searches, stay searches, weather lookups, place searches) and their results.
1.5 Travel and Booking Data
- Search history — flight and accommodation searches you perform through the AI.
- Booking records — details of confirmed travel bookings, including itineraries, confirmation numbers, and booking status.
- Trip information — trips you create, including destinations, dates, and associated notes.
1.6 Usage and Technical Data
- Device information — browser type, operating system, and device identifiers.
- IP address — used for geolocation (country, timezone), security, and fraud prevention.
- Usage patterns — pages visited, features used, session duration, and interaction data.
- Cookies and similar technologies — as described in our Cookie Policy.
1.7 Anonymous User Data
If you use Travelese in demo mode without creating an account, we collect limited data including your IP address, device information, and the content of your chat messages (up to five messages). This data is associated with a temporary session identifier, not a persistent account.
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 Providing Our Services
- Authenticating your identity and managing your account.
- Processing travel searches, bookings, and payments.
- Delivering AI-powered travel planning assistance and recommendations.
- Providing voice interaction and text-to-speech features.
- Storing your traveler profiles for faster future bookings.
- Maintaining your chat history for conversation continuity.
2.2 Improving Our Services
- Analyzing usage patterns to improve platform features, AI quality, and user experience.
- Identifying and fixing technical issues and bugs.
- Developing new features based on how travelers use the platform.
2.3 Communications
- Sending transactional emails related to your account, bookings, and subscriptions.
- Notifying you of material changes to our Terms of Service or Privacy Policy.
- Sending service announcements and booking-related alerts.
2.4 Security and Fraud Prevention
- Detecting and preventing unauthorized access, fraud, and abuse.
- Enforcing our Terms of Service and usage limits.
- Monitoring for suspicious activity on accounts.
2.5 Legal Compliance
- Complying with applicable laws, regulations, and legal processes.
- Responding to lawful requests from government authorities.
- Maintaining records as required for tax, financial, and travel industry regulations.
3. How We Share Your Information
We do not sell your personal information to third parties. We share your information only as described below:
3.1 Service Providers
We share data with the following third-party service providers who process data on our behalf:
| Provider | Data Shared | Purpose |
|---|---|---|
| Supabase | Account data, authentication tokens, all stored application data | Database hosting, authentication, and data storage |
| Stripe | Email, name, billing address, payment method tokens | Subscription billing and payment processing |
| Duffel | Traveler names, passport data, dates of birth, contact details, loyalty numbers | Flight and accommodation booking and fulfillment |
| xAI | Chat message content, voice input (as text) | AI language model processing and voice synthesis |
| Vercel | IP address, request metadata | Platform hosting and performance analytics |
Each provider processes data under their own privacy policies and in accordance with data processing agreements we maintain with them.
3.2 Travel Providers
When you make a booking, your traveler information (name, passport details, date of birth, contact information, loyalty numbers) is shared with the relevant airline or accommodation provider through Duffel. These travel providers are independent data controllers and process your data under their own privacy policies.
3.3 Analytics Providers
We use analytics services (as detailed in our Cookie Policy) to understand how our platform is used. Analytics data is aggregated and does not directly identify individual users.
3.4 Legal Requirements
We may disclose your information if required to do so by law, court order, or government regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a lawful government request.
3.5 Business Transfers
In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your data.
4. Data Retention
We retain your data for the following periods:
| Data Type | Retention Period |
|---|---|
| Account information | Duration of account plus 30 days after deletion request |
| Traveler profiles | Duration of account plus 30 days after deletion request |
| Chat messages and AI interactions | Duration of account plus 30 days after deletion request |
| Booking records | 7 years after booking date (tax and legal compliance) |
| Payment transaction records | 7 years after transaction (financial regulations) |
| Usage and analytics data | 26 months from collection |
| Anonymous session data | 30 days from session |
When retention periods expire, data is permanently deleted or irreversibly anonymized.
5. Data Security
We implement technical and organizational measures to protect your personal information:
- All data in transit is encrypted using TLS 1.2 or higher.
- Data at rest is encrypted in our database infrastructure (Supabase/PostgreSQL).
- Authentication sessions use secure, HTTP-only cookies.
- Row-level security policies restrict database access to authorized users.
- Payment data is handled by PCI DSS-compliant processors (Stripe and Duffel).
- We conduct regular security reviews of our platform and dependencies.
While we take reasonable measures to protect your data, no system is completely secure. We cannot guarantee absolute security of your information.
6. Your Rights
6.1 Rights for All Users
Regardless of your location, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Correction — request correction of inaccurate or incomplete personal data.
- Deletion — request deletion of your personal data, subject to our legal retention obligations.
- Data portability — request your data in a structured, machine-readable format.
6.2 European Economic Area (GDPR)
If you are located in the EEA, UK, or Switzerland, you additionally have the right to:
- Restrict processing — request that we limit how we use your data in certain circumstances.
- Object to processing — object to processing based on legitimate interests, including profiling.
- Withdraw consent — withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
- Lodge a complaint — file a complaint with your local data protection authority.
Legal bases for processing: We process your data based on (a) contractual necessity (to provide our services and fulfill bookings), (b) legitimate interests (to improve our services and ensure security), (c) consent (for optional features like voice input and analytics cookies), and (d) legal obligations (tax records, financial reporting).
6.3 California Residents (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know — request disclosure of the categories and specific pieces of personal information we have collected about you.
- Delete — request deletion of your personal information.
- Opt out of sale — we do not sell your personal information, so this right does not apply.
- Non-discrimination — we will not discriminate against you for exercising your privacy rights.
Categories of personal information collected: Identifiers (name, email, IP address), commercial information (booking and payment records), internet activity (usage data, chat history), sensitive personal information (passport data, precise geolocation). We collect this data directly from you and through your use of our services.
6.4 Exercising Your Rights
To exercise any of these rights, contact us at privacy@travelese.ai. We will respond to requests within thirty (30) days, or within the timeframe required by applicable law. We may need to verify your identity before processing your request.
7. Cookies and Tracking Technologies
We use cookies and similar technologies as described in our Cookie Policy. Essential cookies are required for the platform to function (including authentication). Analytics and performance cookies are only set with your consent.
8. International Data Transfers
Your data may be processed in countries outside your country of residence, including the United States, where our service providers operate. When we transfer data internationally, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, data processing agreements with our service providers, and the data protection measures described in this policy.
9. Children's Privacy
Travelese is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a person under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@travelese.ai.
10. AI-Specific Privacy Considerations
10.1 How AI Processes Your Data
When you interact with our AI assistant, your messages are sent to xAI's language models for processing. xAI processes your input to generate responses and does not use your individual conversations to train its models, per our data processing agreement.
10.2 Voice Data
When you use voice features, your speech is converted to text and processed by the AI. Text-to-speech responses are generated by xAI's voice synthesis. Voice personas (Eve, Ara, Rex, Sal, and Leo) are AI-generated voices, not recordings of real individuals.
10.3 Automated Decision-Making
Travelese uses AI to provide travel recommendations and search results. These are suggestions and do not constitute automated decision-making with legal or similarly significant effects. All booking decisions are made by you.
11. Third-Party Links
Our platform may contain links to third-party websites, including airline and hotel websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing them with personal information.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to registered users via email or in-app notification at least thirty (30) days before they take effect. The "Effective Date" at the top of this policy indicates when it was last updated. Your continued use of Travelese after changes take effect constitutes acceptance of the updated policy.
13. Contact
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:
Privacy inquiries: privacy@travelese.ai General support: support@travelese.ai Website: travelese.ai