Privacy Policy

Pindrop Travel ("Pindrop Travel," "we," "us," or "our") operates a mobile and web application (the "App") that connects travelers with licensed travel agents. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the App or any related services.

By creating an account or using the App, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.

This policy is effective as of May 30, 2026. We will notify you of material changes by updating the date above and, where appropriate, by in-app notification. Please review this page periodically.

a. Information You Provide Directly

• Account details: full legal name, email address, password, and profile photo.
• Role information: whether you are a traveler or a licensed travel agent, and (for agents) your agency name and IATA/CLIA number if provided.
• Trip and booking data: number of travelers, room or package preferences, co-traveler names and email addresses.
• Communications: messages you send to travel agents or to our support team through the App.
• Feedback and support requests: any information you voluntarily submit when contacting us.

b. Payment Information

We process payments through Stripe, Inc. ("Stripe"), a PCI-DSS Level 1 certified payment processor. Pindrop Travel does not store, process, or have access to your full card number, CVV, or bank account details. Stripe retains payment method data on our behalf under its own privacy policy (available at stripe.com/privacy). We receive and store only a tokenised reference and the last four digits of your card for display purposes.

Travel agents who connect a Stripe account to the platform ("Stripe Connect") are subject to Stripe's Connected Account Agreement in addition to this Privacy Policy.

c. Information Collected Automatically

• Device and connection data: device type and model, operating system, browser type, IP address, and unique device identifiers.
• Usage data: pages viewed, features accessed, session duration, clickstream data, and in-app navigation patterns.
• Cookies and similar technologies: see Section 6 below.

d. Push Notification Tokens

If you grant permission, we collect a device push notification token to deliver booking confirmations, payment reminders, and messages from your travel agent. You can revoke this permission at any time in your device's system settings.

We use the information we collect to:

• Create and manage your account, authenticate your identity, and provide the App's core features.
• Facilitate bookings between travelers and travel agents, including processing deposit and installment payments.
• Send transactional communications: booking confirmations, payment receipts, installment reminders, and account notices.
• Deliver push notifications with your consent.
• Enable in-app messaging between travelers and their travel agents.
• Operate, maintain, and improve the App and its features.
• Detect, prevent, and investigate fraudulent or unauthorized activity.
• Comply with applicable laws, regulations, and legal process.
• Enforce our Terms of Service and other agreements.

We do not use your personal information for automated decision-making or profiling in ways that produce legal or similarly significant effects without your consent.

We share personal information only in the following circumstances:

a. With Travel Agents

When you book a trip, your name, email address, and booking details are shared with the travel agent responsible for that trip. This is necessary to fulfill the booking contract. Travel agents are required to handle your information in accordance with applicable law.

b. With Stripe

Payment data is transmitted directly to Stripe to process deposits, installment payments, and agent payouts. Stripe acts as a data processor under our instructions and its own privacy policy.

c. With Service Providers

We engage third-party vendors to provide services on our behalf — including cloud hosting (Supabase), email delivery (Resend), and analytics. These vendors have access only to the data needed to perform their specific functions and are contractually prohibited from using it for other purposes.

d. For Legal Compliance and Safety

We may disclose information when required by law, subpoena, or court order; to protect the rights, property, or safety of Pindrop Travel, our users, or the public; or to detect and prevent fraud or security incidents.

e. Business Transfers

If Pindrop Travel is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a materially different privacy policy.

f. With Your Consent

We will share your information with third parties in other circumstances only with your explicit consent.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

We retain your personal information for as long as your account is active or as needed to provide the App's services. Specifically:

• Account data: retained until you delete your account, plus any additional period required by law.
• Booking and payment records: retained for a minimum of seven (7) years for financial record-keeping and tax compliance.
• Support communications: retained for up to three (3) years after resolution.
• Usage and analytics data: retained in aggregated or anonymised form indefinitely; identifiable usage logs retained for up to two (2) years.

When data is no longer required, we delete or anonymise it in accordance with our internal data disposal procedures.

The App uses cookies and similar technologies (such as local storage and session identifiers) to keep you signed in, remember your preferences, and analyze usage patterns. We use:

• Essential cookies: required for authentication and core App functionality. These cannot be disabled.
• Analytics technologies: used to understand how the App is used in aggregate so we can improve it. No individual-level advertising profiles are created.

Pindrop Travel does not display third-party advertisements and does not use third-party advertising networks or ad-tracking cookies.

You can manage cookie preferences through your device or browser settings, though disabling essential cookies may prevent the App from functioning correctly.

We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, and destruction. These include:

• Encryption of data in transit using TLS (Transport Layer Security).
• Encrypted storage of sensitive data at rest.
• Row-level security policies on our database to prevent cross-account data access.
• Payment processing exclusively through PCI-DSS compliant infrastructure (Stripe).
• Access controls limiting staff access to personal data on a need-to-know basis.

No method of electronic transmission or storage is 100% secure. If you believe your account has been compromised, please contact us immediately at support@pindroptravel.com.

Depending on your state of residence, you may have the following rights regarding your personal information:

• Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: request deletion of your personal information, subject to certain legal exceptions (e.g., transaction records we are required to retain).
• Right to Correct: request correction of inaccurate personal information we hold about you.
• Right to Data Portability: request a copy of your personal information in a structured, machine-readable format.
• Right to Opt-Out of Sale: we do not sell personal information, so this right is not applicable, but you may contact us to confirm.
• Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights.

California Residents (CCPA/CPRA)

California residents have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). To submit a request to know, delete, or correct your data, please contact us at support@pindroptravel.com with the subject line "California Privacy Request." We will respond within 45 days.

Other State Residents

Residents of Virginia, Colorado, Texas, Connecticut, Utah, and other states with applicable privacy laws may also exercise the rights listed above by contacting us at support@pindroptravel.com.

How to Exercise Your Rights

You may update your profile information directly in the App at any time. To request deletion or portability of your data, or to submit any other privacy request, email support@pindroptravel.com. We may need to verify your identity before processing your request.

With your permission, we send push notifications to your device for: booking confirmations, payment receipts, upcoming installment reminders, overdue payment alerts, and new messages from your travel agent.

You can disable push notifications at any time in your device's system settings (iOS: Settings → Notifications → Pindrop Travel; Android: Settings → Apps → Pindrop Travel → Notifications). Disabling push notifications does not affect in-app notifications or email communications.

The App is intended for users who are at least 18 years old. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at support@pindroptravel.com and we will delete that information promptly.

The App may contain links to third-party websites or services, including travel-related content provided by travel agents. This Privacy Policy does not apply to those third-party sites or services. We encourage you to read the privacy policies of any third-party services you access through the App.

If you choose to sign in using a third-party account (such as Apple or Google), information from that account may be shared with us as described at sign-in. Your relationship with those providers is governed by their respective terms and privacy policies.

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and notify you through the App or by email to the address associated with your account. Your continued use of the App after the effective date of any updated Privacy Policy constitutes your acceptance of the changes.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

Pindrop Travel

Email: support@pindroptravel.com

California residents who have unresolved privacy complaints may also contact the California Attorney General's Office or the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs at 1625 North Market Blvd., Suite N 112, Sacramento, CA 95834; telephone (800) 952-5210.