1. Information We Collect
We collect information you provide directly:
- Account information (name, email address) via Google OAuth
- Travel preferences (home airport, preferred cabin class, timezone)
- Loyalty program data (program memberships, point balances, certificates)
- Trip details (origins, destinations, dates, airlines)
We collect information automatically when you use the Service:
- Email data from connected Gmail accounts (travel-related emails only)
- Calendar events from connected Google Calendar accounts (travel-related events only)
- Usage data and device information
2. How We Use Your Information
- Provide and improve the Service
- Parse travel-related emails and calendar events to detect trips and loyalty updates
- Generate upgrade recommendations and price predictions
- Send notifications about flight status and price changes
- Process subscription payments via Stripe
- Power AI-assisted features using anonymized and aggregated data
3. Third-Party Services
We share data with the following third-party services:
- Google APIs — Gmail and Calendar access for travel data extraction
- Stripe — Subscription billing and payment processing
- Amadeus — Flight search and pricing data
- Anthropic / Google AI — Email parsing and AI-powered features
- Mapbox — Map visualization
We do not sell your personal information to third parties.
4. Data Retention
We retain your data for as long as your account is active. When you delete your account, we will delete your personal data within 30 days. Anonymized and aggregated data used for analytics may be retained indefinitely.
5. Your Rights
You have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and associated data
- Export your data in a portable format
- Disconnect Gmail and Calendar integrations at any time via Settings
- Opt out of non-essential notifications
6. Cookies and Tracking
We use essential cookies for authentication and session management. We do not use third-party tracking cookies or advertising pixels.
7. Security
We implement industry-standard security measures to protect your data, including encryption in transit (TLS), encrypted credential storage (AES-256-GCM), and secure OAuth token handling. However, no method of transmission over the internet is 100% secure.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service.