Privacy Policy
Last Updated: December 13, 2025
Effective Date: December 13, 2025
This Privacy Policy explains how TravelIQ collects, uses, discloses, and safeguards your information when you use our AI-powered travel supplier platform. We are committed to protecting your privacy in compliance with EU and UK data protection laws.
Table of Contents
1. Introduction and Scope
Welcome to TravelIQ. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered travel supplier platform, including our AI assistant "Vee," lead capture systems, and related services.
The policy applies to all users located in the EU and UK and covers our website, AI chatbot interactions, forms, newsletter signup, analytics, and any related services. We comply with the EU General Data Protection Regulation (GDPR) and UK GDPR.
1.1 Services Covered
- AI chatbot "Vee" (text and voice interactions)
- Lead capture and contact forms
- Newsletter signup and communications
- Chat history storage and management
- Supplier directory and profiles
- Admin dashboard and user authentication
- Third-party integrations (Google Sheets, AI services)
2. Roles and Accountability
TravelIQ acts as a data controller for personal data we collect directly from users (e.g., name, email, agency information via forms, chat interactions, analytics data). As controller, we determine the purposes and means of processing and bear primary accountability for compliance, transparency, security, and rights handling.
In certain scenarios, particularly with supplier knowledge base data, TravelIQ may act as a data processor, processing data on behalf of suppliers according to their documented instructions and contractual terms.
2.1 Accountability Measures
- Maintenance of processing activity records
- Data Protection Impact Assessments (DPIAs) where required
- Implementation of privacy-by-design principles
- Staff training and awareness programs
- Regular compliance reviews and updates
3. Information We Collect
We may collect information about you in a variety of ways. The information we may collect includes:
3.1 Personal Data
- Contact Information: Name, email address, phone number, agency name
- Account Data: Username, password (encrypted), profile information
- Communication Data: Messages sent through our platform, feedback, survey responses
3.2 Usage Data
- IP address, browser type, operating system
- Access times and pages viewed
- Referring websites and exit pages
- Device information and unique identifiers
3.3 AI and Voice/Text Data
- Voice commands and text inputs to our AI assistant
- AI-generated responses and conversation history
- Audio recordings (with consent) for service improvement
- Metadata about interaction patterns and preferences
4. How We Use Your Information
Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. We use information collected about you via the platform to:
- Create and manage your account and provide customer support
- Process transactions and send related information
- Generate AI responses and improve our chatbot functionality
- Send technical notices, updates, and support messages
- Monitor and analyze usage and trends to improve user experience
- Send marketing communications (with your consent)
- Respond to your comments, questions, and customer service requests
- Comply with legal obligations and protect our rights
5. Legal Basis for Processing
Under GDPR, we must have a legal basis for processing your personal data. We rely on the following legal bases:
5.1 Contract Performance
Processing necessary to provide our services, respond to inquiries, and fulfill our contractual obligations to you.
5.2 Consent
Processing based on your explicit consent, particularly for marketing communications, non-essential cookies, and voice recording features.
5.3 Legitimate Interests
Processing necessary for our legitimate interests in improving our services, preventing fraud, and ensuring platform security, balanced against your rights and interests.
5.4 Legal Obligation
Processing necessary to comply with legal obligations, such as tax reporting and regulatory requirements.
6. Disclosure of Your Information
We do not share your personal information with third parties except as described in this Privacy Policy. We may share information we have collected about you in certain situations:
6.1 Service Providers
We work with trusted third-party service providers who perform services for us, including cloud hosting, analytics, customer support, and payment processing.
6.2 Legal Requirements
We may disclose your information if required to do so by law or in response to valid requests by public authorities.
6.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the business transaction.
7. AI and Voice/Text Processing
When you interact with our AI assistant "Vee," we process voice commands and text inputs to generate appropriate responses. This processing includes:
7.1 Voice Data Processing
- Voice-to-text conversion for AI processing
- Analysis of voice patterns for quality improvement
- Secure storage of voice interactions (with consent)
- Anonymization for AI training purposes
7.2 Text Data Processing
- Natural language processing for response generation
- Conversation context management
- Sentiment analysis for service improvement
- Content moderation and safety checks
7.3 Supplier Knowledge Base
For our supplier partners, we understand that knowledge base data is sensitive and proprietary. We maintain strict confidentiality and security for this information, using it exclusively to power dedicated AI sales support assistants.
8. Security of Your Information
We use administrative, technical, and physical security measures to help protect your personal information. Our security measures include:
- Encryption of data in transit and at rest
- Access controls and authentication systems
- Regular security audits and penetration testing
- Staff training on data protection and security
- Incident response procedures and breach notification
- Secure cloud infrastructure with backup systems
Important: While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.
9. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
9.1 Retention Periods
- Account Data: Duration of account plus 3 years
- Chat History: 2 years for service improvement
- Voice Recordings: 1 year unless longer retention required for quality purposes
- Marketing Data: Until consent is withdrawn
- Legal Compliance: As required by applicable laws
10. Your Rights Under GDPR
Under GDPR, you have several rights regarding your personal data. You may exercise these rights at any time by contacting us.
10.1 Your Rights Include:
- Right of Access: Request copies of your personal data
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Data Portability: Request transfer of your data to another organization
- Right to Object: Object to processing based on legitimate interests
- Right to Restrict Processing: Request limitation of processing
- Right to Withdraw Consent: Withdraw consent where processing is based on consent
10.2 How to Exercise Your Rights
To exercise any of these rights, please contact us at hey@traveliq.biz. We will respond to your request within 30 days.
12. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards.
12.1 Transfer Safeguards
- Adequacy decisions by the European Commission
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules
- Certification schemes and codes of conduct
Contact Information
If you have questions or comments about this Privacy Policy, please contact us at: hey@traveliq.biz
Data Protection Queries
For specific data protection questions or to exercise your rights under GDPR, you may also contact your local data protection supervisory authority:
- EU: Your national data protection authority
- UK: Information Commissioner's Office (ICO)