Privacy Policy

2. Information We Collect

2.1 Information You Provide Directly

We collect personal information that you voluntarily provide when creating an account, making a booking, or interacting with our Services:

• Account Information: Full name, email address, phone number, date of birth, and profile photo
• Travel Preferences: Preferred destinations, travel style, seat preferences, dietary requirements, accessibility needs, and loyalty program details
• Booking & Itinerary Data: Flight details, hotel reservations, tour bookings, travel dates, passenger/guest names, and confirmation numbers
• Payment Information: Payment card details (card number, expiry date, CVV), billing address, and transaction history — processed and stored securely in compliance with PCI-DSS standards
• Identity Documents: Passport numbers, national identification numbers, and visa information as required for international travel bookings
• Communications: Messages, feedback, reviews, and support requests submitted to TravelAgent

2.2 Information Collected Automatically

When you use our Services, we automatically collect certain technical information:

• Device & Browser Information: Device type, operating system, browser type and version, unique device identifiers
• Usage Data: Pages visited, features used, search queries, time spent on the platform, and interaction logs
• Location Data: Approximate location derived from IP address, and — with your explicit consent — precise GPS location to provide nearby travel recommendations and location-based services
• Log Data: IP addresses, access times, referring URLs, and error logs
• Cookies & Tracking Technologies: Session cookies, persistent cookies, and similar tracking technologies (see Section 9 for full details)

2.3 Information from Third Parties

We may receive information about you from third-party sources including:

• Travel partners such as airlines, hotels, car rental companies, and tour operators in connection with bookings you make
• Social login providers (e.g., Google, Apple) if you choose to sign in through a third-party authentication service
• Payment processors and fraud prevention services to verify transactions and protect against unauthorised activity
• Analytics and marketing providers to help us understand how our Services are used

3. How We Use Your Information

We use the information we collect for the following purposes, each supported by an appropriate lawful basis:

3.1 Service Delivery (Contract Performance)

• Processing and managing your travel bookings, reservations, and itineraries
• Sending booking confirmations, e-tickets, itinerary updates, and travel alerts
• Facilitating check-in, boarding passes, and related travel documentation
• Providing customer support and resolving disputes
• Processing payments and issuing refunds

3.2 Personalisation & Service Improvement (Legitimate Interest)

• Personalising travel recommendations, destination suggestions, and pricing based on your preferences and booking history
• Improving the functionality, usability, and content of our Services
• Conducting internal analytics, research, and quality assurance
• Developing new features and travel products

3.3 Safety, Security & Legal Compliance

• Verifying user identities and preventing fraudulent or unauthorised transactions
• Detecting, investigating, and preventing security incidents, abuse, and violations of our Terms of Service
• Complying with applicable laws, regulations, judicial orders, and lawful requests from government authorities
• Enforcing our legal rights and contractual obligations

3.4 Marketing Communications (Consent / Legitimate Interest)

• Sending you promotional offers, travel deals, newsletters, and service updates — with your consent or where we have a legitimate interest
• You may opt out of marketing communications at any time by clicking the unsubscribe link in any email or contacting us at admin@humaicorp.com

4. How We Share Your Information

TravelAgent does not sell your personal data to third parties. We share your information only in the following circumstances:

4.1 Travel Service Providers

To fulfil your bookings, we share necessary information with airlines, hotels, car rental companies, cruise lines, tour operators, and other travel vendors. These providers receive only the data required to fulfil your specific booking and are bound by their own privacy obligations.

4.2 Infrastructure & Technology Partners

We use reputable, enterprise-grade cloud infrastructure and technology service providers to operate, maintain, and secure the TravelAgent platform. These partners process data strictly on our behalf and under contractual data processing agreements that include:

• Restrictions on using your data for any purpose other than providing services to TravelAgent
• Obligations to implement appropriate technical and organisational security measures
• Requirements to comply with applicable data protection laws

Our infrastructure partners are certified to internationally recognised security standards, including ISO 27001 and SOC 2 Type II, and maintain robust Service Level Agreements (SLAs) to ensure service availability, data integrity, and disaster recovery capabilities.

4.3 Payment Processors

Payment card information is processed by PCI-DSS compliant payment processors. TravelAgent does not store full card numbers on our systems. Transaction data is retained only as necessary for accounting, fraud prevention, and regulatory compliance.

4.4 Legal & Regulatory Disclosure

We may disclose your personal data when required by law, regulation, court order, or other legal process, or when we believe disclosure is necessary to protect the rights, property, or safety of TravelAgent, our users, or the public.

4.5 Business Transfers

In the event of a merger, acquisition, sale of assets, or restructuring of TravelAgent, your personal data may be transferred to the relevant successor entity. We will notify affected users of any such transfer and any changes to this Privacy Policy.

5. Data Storage & Security

5.1 Where Your Data is Stored

Your personal data is stored in secure, enterprise-grade cloud databases hosted in geographically distributed data centres. Our infrastructure is designed with redundancy and failover capabilities to ensure high availability and data durability. Data centres used by our infrastructure partners are certified to internationally recognised physical and operational security standards.

5.2 Security Measures

We implement a comprehensive set of technical, administrative, and physical security controls to protect your personal data, including:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of sensitive data at rest using AES-256 or equivalent standards
• Role-based access controls and least-privilege principles to restrict data access
• Multi-factor authentication for access to internal systems
• Regular security assessments, vulnerability scanning, and penetration testing
• Automated monitoring, intrusion detection, and security incident response procedures
• Secure development practices including code reviews and security testing

While we take all reasonable precautions to protect your data, no method of transmission or storage is completely secure. We cannot guarantee absolute security, and you use our Services at your own risk.

5.3 Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy, including:

• Account data: For the duration of your account and up to 3 years after account closure
• Booking and transaction records: Up to 7 years for financial and regulatory compliance
• Location data: No longer than 12 months unless required for active bookings
• Marketing preferences: Until you withdraw consent or request deletion

Where data is no longer required, we securely delete or anonymise it in accordance with our data retention schedule.

6. Your Rights & Choices

Depending on your location and applicable data protection laws, you may have the following rights regarding your personal data:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal retention obligations) — see our separate User Data Deletion Policy
• Right to Data Portability: Request your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Restrict Processing: Request that we limit processing of your data in certain circumstances
• Right to Withdraw Consent: Withdraw consent for processing activities based on consent, without affecting prior lawful processing

To exercise any of these rights, contact us at admin@humaicorp.com. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

7. International Data Transfers

TravelAgent operates internationally, and your data may be transferred to and processed in countries other than your country of residence. When transferring personal data across borders, we take appropriate safeguards including:

• Using Standard Contractual Clauses (SCCs) approved by relevant data protection authorities
• Transferring only to jurisdictions that provide an adequate level of data protection
• Ensuring contractual obligations with recipients regarding data protection standards

8. Children's Privacy

TravelAgent is not directed at children under the age of 13 (or a higher age threshold as required by applicable law in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected data about a child, please contact us immediately at admin@humaicorp.com and we will take prompt steps to delete such information.

9. Cookies & Tracking Technologies

TravelAgent uses cookies and similar tracking technologies to enhance your experience, analyse usage, and deliver personalised content. Types of cookies we use:

• Essential Cookies: Required for core platform functionality such as login sessions and booking cart
• Analytics Cookies: Help us understand how users interact with our platform to improve performance
• Preference Cookies: Store your settings and preferences for a personalised experience
• Marketing Cookies: Used to deliver relevant travel offers and measure campaign effectiveness

You can manage cookie preferences through your browser settings or our cookie consent manager. Disabling certain cookies may affect the functionality of our Services.

10. Third-Party Links

Our Services may contain links to third-party websites, including airline websites, hotel booking portals, and travel blogs. TravelAgent is not responsible for the privacy practices of these third-party sites. We encourage you to review their privacy policies before providing any personal information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Services. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify registered users via email or in-app notification
• Post a prominent notice on our website

Your continued use of TravelAgent following such notification constitutes your acceptance of the updated policy.

12. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Privacy Team: