Privacy Policy

Last Updated: January 12, 2026 Effective Date: January 12, 2026

1. Introduction

This Privacy Policy describes how Travos.ai ("Travos.ai," "we," "us," or "our") collects, uses, stores, and shares your personal information when you:

• Visit our website at travos.ai;
• Create an account and use our Services;
• Deploy applications on our infrastructure;
• Contact us for support or information.

This policy applies to all users worldwide. If you are located in the European Economic Area (EEA), United Kingdom, or other regions with specific data protection laws, please see the "International Users and Your Rights" section for additional information about your rights under GDPR, UK GDPR, and other applicable regulations.

Please read this policy carefully. By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

For information about our Services, Terms of Service, and other policies, please visit:

• Terms of Service: travos.ai/terms-of-service
• Refund Policy: travos.ai/refund-policy
• Cookie Policy: travos.ai/cookies-policy

2. Information We Collect

We collect several types of information from and about users of our Services.

Information You Provide Directly

Account Information

When you register for an account, we collect:

• Email address (required for account creation and communications)
• Password (stored in hashed and encrypted form - we never have access to your plain-text password)
• Name (optional)
• Company name (optional)
• Profile information (optional)

Payment Information

When you subscribe to a paid plan, we collect:

• Billing address
• Payment method information (credit card details are processed and securely stored by our payment processor, Polar.sh - we do not directly store full credit card numbers)
• Transaction history and invoices
• VAT/Tax identification numbers (if provided)

Service Configuration Data

When you use our Services, you provide:

• GitHub repository connections - OAuth tokens for accessing your repositories
• Custom domain configurations - domain names you connect to your deployments
• Environment variables and secrets - encrypted at rest using industry-standard encryption
• Deployment configurations - settings and parameters for your pods
• Workflow definitions - configurations for n8n, Langflow, or other applications

Communications with Us

When you contact us, we collect:

• Support requests and correspondence via email or support tickets
• Feedback, survey responses, and product reviews
• Messages sent through our contact forms

Information Collected Automatically

When you access or use our Services, we automatically collect certain information:

Usage and Performance Metrics

• Resource consumption data - CPU usage, memory usage, storage usage, network bandwidth
• Deployment logs - system logs for infrastructure management (not application-level data)
• API usage patterns - requests, response times, endpoints accessed
• Feature usage - which features and services you use and how often
• Error logs - for troubleshooting and improving service reliability

Technical Information

• IP address - for security, fraud prevention, and approximate location
• Browser type and version
• Device type and operating system
• Referring URLs - which website referred you to our site
• Pages visited - navigation within our website and dashboard
• Date and time of visits and interactions
• Language preferences
• Screen resolution and device identifiers (anonymized)

Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. For detailed information, see our Cookie Policy at travos.ai/cookies-policy and Section 9 below.

Information from Third Parties

We receive information from third-party services you connect to our platform:

We only receive information from third parties that you authorize us to access through OAuth connections or that is necessary to provide our Services.

Information We Do NOT Collect

To be completely transparent, here's what we do not collect or access:

• Content of your workflows - We do not inspect, analyze, or access the business logic or data processed by your deployed applications
• Application-level data - We see only infrastructure metrics (CPU, memory, storage), not what your applications are doing with data
• Sensitive personal data - We do not intentionally collect health information, biometric data, genetic data, or other special categories of personal data as defined by GDPR
• Financial account numbers - Full credit card numbers are stored only by our PCI-compliant payment processor
• Children's information - We do not knowingly collect information from anyone under 18 years of age

3. How We Use Your Information

We use the information we collect for the following purposes:

Primary Purposes (Contract Performance)

These uses are necessary to provide you with our Services:

Secondary Purposes (Legitimate Interests)

These uses are based on our legitimate business interests:

With Your Consent

For certain activities, we rely on your explicit consent:

You can withdraw your consent at any time by contacting us at privacy@travos.ai or using the unsubscribe link in emails.

Legal Obligations

We process certain information to comply with legal requirements:

Specific Use Cases

Infrastructure Management:

• Provisioning and managing your Kubernetes pods
• Monitoring resource usage for billing and capacity planning
• Detecting and resolving technical issues
• Auto-scaling resources based on demand
• Performing backups and disaster recovery

Security:

• Detecting unauthorized access attempts and brute force attacks
• Preventing abuse of our platform (DDoS, crypto mining, spam)
• Investigating security incidents and Terms of Service violations
• Implementing rate limiting and abuse prevention measures

Analytics (Aggregated and Anonymized):

• Understanding which features are most popular
• Identifying areas for improvement and pain points
• Making data-driven product decisions
• Creating anonymized usage reports and statistics

What We Do NOT Do with Your Information

We want to be clear about what we do not do:

• ❌ We do not sell your personal information to third parties, data brokers, or advertisers
• ❌ We do not use your Customer Data to train AI/ML models or for any purpose other than providing Services to you
• ❌ We do not share your information with advertisers for targeted advertising
• ❌ We do not use your workflows or application data for competitive analysis or product development
• ❌ We do not profile you for unrelated marketing or decision-making purposes

4. How We Share Your Information

We share your personal information only in the limited circumstances described below.

Service Providers (Data Processors)

We share information with third-party service providers who help us operate our business. These providers are contractually obligated to protect your information and use it only for the services they provide to us:

Each of these providers:

• Is carefully selected based on their security and privacy standards
• Is contractually required to protect your data
• May only use your data to provide services to us
• Is required to comply with applicable data protection laws (including GDPR where applicable)

We execute Data Processing Agreements (DPAs) with service providers that handle personal data.

Legal Requirements and Protection of Rights

We may disclose your information if required by law or if we believe such action is necessary to:

a) Comply with legal obligations, including:

• Responding to valid subpoenas, court orders, or legal processes
• Complying with tax and financial reporting requirements
• Responding to lawful requests from government authorities

b) Protect our rights, property, or safety, including:

• Enforcing our Terms of Service and Acceptable Use Policy
• Investigating and preventing fraud, security breaches, or illegal activity
• Protecting against legal liability

c) Protect the safety of our users and the public, including:

• Reporting child sexual abuse material (CSAM) to the National Center for Missing & Exploited Children (NCMEC) and law enforcement as required by law
• Preventing imminent harm or danger to individuals
• Cooperating with law enforcement investigations into serious crimes

We will notify you of legal requests for your information unless:

• We are legally prohibited from doing so
• Notification would compromise a law enforcement investigation
• There is an emergency involving danger of death or serious physical injury

Business Transfers

If Travos.ai is involved in a merger, acquisition, bankruptcy, reorganization, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. In such cases:

• We will provide notice before your information is transferred and becomes subject to a different privacy policy
• You will have the opportunity to delete your account and data before the transfer if you disagree with the new privacy practices
• The acquiring entity will be contractually obligated to honor the commitments made in this Privacy Policy

Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. For example:

• Industry reports and benchmarks
• Usage statistics and trends
• Performance metrics (e.g., "Average pod uptime is 99.7%")

This information does not constitute personal data and is not subject to this Privacy Policy.

With Your Consent

We may share your information with third parties when you explicitly consent to such sharing, such as:

• Authorizing us to share your deployment with a consultant or contractor
• Participating in co-marketing initiatives (with your opt-in)
• Connecting third-party integrations that require data sharing

What We Never Do

• ❌ We never sell your personal information to data brokers, advertisers, or other third parties
• ❌ We never share your Customer Data (workflows, configurations, application data) with other customers
• ❌ We never provide your information to advertisers for targeted advertising
• ❌ We never share your data for purposes unrelated to providing our Services without your explicit consent

5. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods

After Account Termination or Cancellation

When you close your account or cancel your subscription:

Immediate (0-7 days):

• Access to Services is terminated
• You have 7 days to export your data (if termination was not for cause)

Within 30 days:

• Active account data is deleted from production systems
• Deployed pods and infrastructure are permanently removed
• Personal information is removed from active databases

Within 90 days:

• Backup copies are purged from disaster recovery systems
• All copies of your Customer Data are deleted

Retained as required:

• Financial records (7 years for tax compliance)
• Aggregated, anonymized usage statistics (indefinitely)
• Data required by law or for legitimate legal purposes

Right to Earlier Deletion

You may request earlier deletion of your data by contacting us at privacy@travos.ai. We will comply with deletion requests within 30 days, except for:

• Data we are legally required to retain (e.g., financial records)
• Data needed to resolve disputes or enforce our agreements
• Data retained in backup systems (automatically purged within 90 days)

6. Data Security

We take the security of your personal information seriously and implement industry-standard security measures to protect it.

Technical Security Measures

Encryption:

• In Transit: All data transmitted to and from our Services uses TLS 1.2 or higher encryption
• At Rest: Customer Data, including environment variables and secrets, is encrypted using AES-256 encryption
• Backups: All backups are encrypted using industry-standard encryption

Access Controls:

• Role-Based Access Control (RBAC): Employees have access only to data necessary for their job functions
• Principle of Least Privilege: Access is restricted to the minimum necessary
• Multi-Factor Authentication (MFA): Required for all administrative access to systems
• Authentication: Secure authentication using industry-standard protocols (OAuth 2.0, JWT)

Infrastructure Security:

• AWS Security Best Practices: Our infrastructure follows AWS Well-Architected Framework security pillar
• Network Isolation: Virtual Private Cloud (VPC) isolation for customer workloads
• Firewall Rules: Strict firewall rules and security groups
• Intrusion Detection: Monitoring for suspicious activity and unauthorized access attempts
• DDoS Protection: CloudFlare and AWS Shield for DDoS mitigation

Application Security:

• Secrets Management: Environment variables and API keys are encrypted and stored securely
• Input Validation: All user inputs are validated and sanitized to prevent injection attacks
• Security Headers: Implementation of security headers (CSP, HSTS, X-Frame-Options, etc.)
• Dependency Scanning: Regular scanning for vulnerabilities in third-party dependencies

Organizational Security Measures

Personnel:

• Background Checks: For employees with access to customer data
• Security Training: Regular security awareness training for all employees
• Confidentiality Agreements: All employees sign confidentiality and data protection agreements
• Access Reviews: Periodic reviews of employee access rights

Policies and Procedures:

• Incident Response Plan: Documented procedures for responding to security incidents
• Disaster Recovery and Business Continuity: Regular backups and tested recovery procedures
• Change Management: Controlled and documented changes to production systems
• Vulnerability Management: Regular security assessments and penetration testing

Monitoring and Auditing:

• Logging: Comprehensive logging of access to systems and data
• Anomaly Detection: Automated monitoring for unusual activity patterns
• Regular Audits: Periodic security audits and assessments
• Compliance Reviews: Regular reviews to ensure compliance with security standards

Your Security Responsibilities

While we implement robust security measures, security is a shared responsibility. You are responsible for:

• Protecting Your Credentials: Keep your password and API keys confidential
• Using Strong Passwords: Choose strong, unique passwords for your account
• Securing Your Environment: Protect secrets and API keys you use in your deployments
• Monitoring Your Account: Regularly review your account activity for unauthorized access
• Reporting Security Issues: Immediately report suspected security incidents to security@travos.ai

Breach Notification

In the event of a data breach that affects your personal information:

Within 72 Hours:

• We will notify affected users via email to the address associated with your account
• We will notify relevant supervisory authorities as required by applicable law (e.g., GDPR)

Notification Will Include:

• Description of the nature of the breach
• Categories and approximate number of data subjects affected
• Types of personal information involved
• Likely consequences of the breach
• Measures taken or proposed to address the breach and mitigate its effects
• Contact information for further inquiries

Your Rights:

• You have the right to receive timely notification of breaches affecting your data
• You may exercise your rights under applicable data protection laws (see Section 8)

Limitations

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You acknowledge and accept the inherent security risks of internet-based services.

7. International Data Transfers

Data Location

Your personal information and Customer Data are processed and stored on Amazon Web Services (AWS) infrastructure located in the United States (US East - N. Virginia region).

Transfers from the EEA, UK, and Switzerland

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data will be transferred to the United States, which may not provide the same level of data protection as your home jurisdiction.

We rely on the following mechanisms to ensure adequate protection for international data transfers:

Standard Contractual Clauses (SCCs)

We use the European Commission's Standard Contractual Clauses (also known as Model Clauses) approved for transfers of personal data to third countries. SCCs are contractual commitments between us and our service providers to protect your data according to European standards.

Service Provider Compliance

Our key service providers maintain compliance with international data protection standards:

• AWS: Maintains certifications including ISO 27001, SOC 2, and provides GDPR-compliant Data Processing Agreements
• Polar.sh: [Compliance information]
• Supabase: [Compliance information]

Supplementary Measures

In addition to SCCs, we implement supplementary technical and organizational measures, including:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Pseudonymization and data minimization where feasible
• Regular security assessments and audits
• Strict access controls and authentication requirements

Your Consent to Transfers

By using our Services and providing your information, you consent to the transfer of your information to the United States and other countries where we or our service providers operate. If you do not consent to such transfers, please do not use our Services.

UK GDPR

For users in the United Kingdom, we comply with the UK GDPR and UK data protection laws. We use the UK International Data Transfer Agreement or International Data Transfer Addendum to the European Commission's Standard Contractual Clauses as appropriate.

Questions About Data Transfers

If you have questions or concerns about how your data is transferred or protected, please contact us at privacy@travos.ai.

8. Your Privacy Rights

We respect your rights regarding your personal information. Your rights vary depending on your location.

Rights for All Users (Global)

Regardless of your location, you have the following rights:

Access: Request a copy of the personal information we hold about you.

Correction: Request correction of inaccurate or incomplete information.

Deletion: Request deletion of your personal information (subject to certain legal exceptions).

Data Portability: Receive your data in a structured, commonly used, machine-readable format (e.g., JSON, CSV).

Withdraw Consent: Withdraw consent for processing based on consent (does not affect lawfulness of processing before withdrawal).

Additional Rights for EEA/UK Users (GDPR)

If you are in the European Economic Area or United Kingdom, you have these additional rights under GDPR:

Restrict Processing: Request that we limit how we use your data in certain circumstances:

• You contest the accuracy of your data
• Processing is unlawful but you oppose deletion
• We no longer need the data, but you need it for legal claims
• You object to processing and verification is pending

Object to Processing: Object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.

Automated Decision-Making: Right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. (Note: We do not currently use automated decision-making for such purposes.)

Lodge a Complaint: File a complaint with your local data protection authority (supervisory authority) if you believe we have violated your privacy rights.

Relevant supervisory authorities include:

• UK: Information Commissioner's Office (ICO) - ico.org.uk
• Ireland: Data Protection Commission - dataprotection.ie
• Germany: Various Land data protection authorities
• Other EEA countries: Your local data protection authority

Additional Rights for California Users (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: Request disclosure of:

• Categories of personal information collected
• Categories of sources from which information is collected
• Business or commercial purpose for collecting information
• Categories of third parties with whom we share information
• Specific pieces of personal information we hold about you

Right to Delete: Request deletion of your personal information (subject to certain exceptions).

Right to Opt-Out of Sale: Opt-out of the "sale" of your personal information. Note: We do not sell personal information.

Right to Correct: Request correction of inaccurate personal information.

Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information (we do not collect sensitive personal information as defined by CCPA).

Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights (e.g., by denying Services, charging different prices, or providing different quality of service).

Additional Rights for Other Jurisdictions

If you are in other jurisdictions with specific data protection laws, you may have additional rights. Please contact us at privacy@travos.ai to inquire about rights specific to your location.

How to Exercise Your Rights

To exercise any of your privacy rights:

1. Email Us:

• Privacy requests: privacy@travos.ai
• Account deletion: Include "Account Deletion Request" in the subject line
• Data access requests: Include "Data Access Request" in the subject line

2. Provide Verification Information:

• Your account email address
• Your full name
• Description of your request
• Any additional information needed to verify your identity

3. We Will Respond:

• GDPR requests: Within 30 days (may be extended to 60 days for complex requests)
• CCPA requests: Within 45 days (may be extended to 90 days for complex requests)
• Other requests: Within 30 days

Verification Process

To protect your privacy and security, we must verify your identity before fulfilling your request. We may:

• Ask you to log into your account
• Request additional identifying information
• Send a verification email to your registered email address

We cannot fulfill requests if we cannot verify your identity.

Exceptions and Limitations

In some cases, we may not be able to fulfill your request if:

• We are required to retain the information by law
• The information is necessary to complete a transaction you requested
• The information is needed to detect, prevent, or investigate security incidents or fraud
• The request is manifestly unfounded or excessive (in which case we may charge a reasonable fee or refuse the request)
• Fulfilling the request would infringe on the rights of others

We will explain the reasons if we cannot fulfill your request.

Authorized Agents

You may designate an authorized agent to make requests on your behalf. The authorized agent must:

• Provide written authorization signed by you
• Verify their own identity
• We may also require you to verify your identity and confirm the authorization

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities on our website.

What Are Cookies?

Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit a website. Cookies allow the website to recognize your device and remember information about your visit.

Types of Cookies We Use

We use the following types of cookies:

Essential Cookies (Strictly Necessary)

These cookies are necessary for the website and Services to function properly. They cannot be disabled.

Functional Cookies

These cookies enable enhanced functionality and personalization, such as remembering your preferences.

Analytics Cookies

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.

Google Analytics collects:

• Pages visited and time spent on each page
• Referral sources (how you found our website)
• General location (country, city level - not precise location)
• Device type, browser, operating system
• Interactions with website elements

Data sharing: Google Analytics data is processed by Google LLC. Google's privacy policy: https://policies.google.com/privacy

Third-Party Cookies

Third-party cookies are set by domains other than travos.ai. We use third-party cookies for:

• Google Analytics: Website analytics and usage tracking
• [Payment processor cookies]: Payment processing (if applicable)
• [Social media widgets]: Embedded content from social platforms (if applicable)

Cookie Consent

When you first visit our website, you will see a cookie consent banner. You can choose to:

• Accept all cookies
• Reject non-essential cookies
• Customize your cookie preferences

Essential cookies cannot be disabled as they are necessary for the website to function.

You can change your cookie preferences at any time by clicking the "Cookie Preferences" link in the footer of our website.

How to Control and Delete Cookies

Browser Settings

Most web browsers allow you to control cookies through their settings. You can typically:

• Block all cookies
• Block third-party cookies only
• Delete cookies after closing the browser
• View and delete individual cookies

Browser help links:

• Chrome: chrome://settings/cookies
• Firefox: about:preferences#privacy
• Safari: Preferences > Privacy
• Edge: edge://settings/privacy

Google Analytics Opt-Out

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on: https://tools.google.com/dlpage/gaoptout

Do Not Track (DNT)

Some browsers offer a "Do Not Track" (DNT) signal. We currently do not respond to DNT signals because there is no universally accepted standard for how to interpret them. We respect your cookie preferences set through our cookie consent banner.

Impact of Blocking Cookies

If you block or delete cookies:

• Essential cookies: The website and Services may not function properly. You may not be able to log in or use certain features.
• Functional cookies: Your preferences will not be saved, and you may need to re-enter settings each visit.
• Analytics cookies: We will not be able to measure website performance and improve user experience based on usage data.

Other Tracking Technologies

In addition to cookies, we may use:

• Web beacons (pixel tags): Small invisible images in emails or web pages that track whether content was viewed
• Local storage: HTML5 local storage for storing data on your device
• Session storage: Temporary storage that is cleared when you close your browser

These technologies serve similar purposes to cookies (e.g., analytics, functionality).

Updates to Cookie Use

We may update our use of cookies and tracking technologies. Any material changes will be reflected in this Privacy Policy and, where required, we will obtain your consent for new cookies.

10. Children's Privacy

Our Services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from children.

Age Restriction

To use Travos.ai Services, you must be:

• At least 18 years of age, or
• The age of legal majority in your jurisdiction (whichever is greater)

By using our Services, you represent and warrant that you meet these age requirements.

No Intentional Collection

We do not knowingly collect, use, or disclose personal information from children under 18 years of age. Our Services are designed for adults and businesses.

Parental Notice

If you are a parent or legal guardian and believe that your child under 18 has provided us with personal information without your consent, please contact us immediately at privacy@travos.ai with:

• Your contact information
• Your child's name and account information (if known)
• Proof of your relationship to the child

Our Response

If we become aware that we have collected personal information from a child under 18 without parental consent:

• We will delete the information as quickly as possible
• We will terminate the associated account
• We will take steps to prevent future unauthorized access

We will respond to parental requests within 30 days.

Compliance with Children's Privacy Laws

We comply with applicable children's privacy laws, including:

• Children's Online Privacy Protection Act (COPPA) in the United States
• GDPR provisions regarding children's consent in the European Union

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You of Changes

When we make changes to this Privacy Policy:

a) Update Date: We will update the "Last Updated" date at the top of this policy.

b) Material Changes: For significant changes that reduce your rights or significantly change how we process your data, we will:

• Send an email notification to the address associated with your account at least 30 days before the changes take effect
• Post a prominent notice on our website and dashboard
• Provide a summary of the key changes

c) Minor Changes: For non-material changes (typo corrections, clarifications, additional details that don't change substance), we may update the policy without advance notice.

What Constitutes Material Changes

Examples of material changes include:

• New purposes for processing personal information
• Sharing data with new categories of third parties
• Significant changes to data retention periods
• Changes to the legal basis for processing
• New types of personal information collected
• Reduced privacy protections or user rights

Your Acceptance

Your continued use of the Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

Disagreement with Changes

If you do not agree to the updated Privacy Policy:

• You may delete your account before the changes take effect
• You will not be bound by the new policy if you stop using the Services before the effective date
• We are not obligated to maintain prior policy terms for users who continue using the Services

Reviewing Previous Versions

We may maintain historical versions of this Privacy Policy. You may request a copy of previous versions by contacting us at privacy@travos.ai.

Notification Rights Under GDPR

If you are in the EEA or UK, you have the right to be informed about changes to how we process your personal data. We will ensure compliance with GDPR notification requirements.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries

Email: privacy@travos.ai

Use this email for:

• Privacy rights requests (access, deletion, correction, portability)
• Questions about how we use your data
• Concerns about data security or breaches
• Withdrawal of consent
• Cookie preferences and opt-outs

Data Protection Officer (DPO)

Email: dpo@travos.ai

If we are required to appoint a Data Protection Officer under GDPR or other regulations, you can contact them at this address.

General Support

Email: support@travos.ai

For general account support, technical issues, and non-privacy inquiries.

Legal and Compliance

Email: legal@travos.ai

For legal inquiries, compliance questions, and law enforcement requests.

Security Issues

Email: security@travos.ai

To report security vulnerabilities or suspected data breaches.

Mailing Address

Physical Address: [TO BE DETERMINED - will be added when company is incorporated]

For written correspondence, please send mail to the address above. Please allow additional time for postal mail responses.

Response Times

We strive to respond to all inquiries promptly:

• Privacy rights requests: Within 30 days (GDPR) or 45 days (CCPA)
• Security incidents: Within 24 hours
• General privacy inquiries: Within 5 business days
• Other inquiries: Within 1-2 business days

Filing a Complaint with Supervisory Authorities

If you are in the EEA or UK and believe we have violated your privacy rights, you have the right to lodge a complaint with your local supervisory authority:

• UK: Information Commissioner's Office (ICO) - https://ico.org.uk
• Ireland: Data Protection Commission - https://www.dataprotection.ie
• Other EEA countries: Contact your national data protection authority

We encourage you to contact us first so we can address your concerns directly.

---

Summary of Key Points

• We collect information you provide, usage data, and information from third parties to provide and improve our Services
• We use your information to operate our platform, provide support, improve Services, and ensure security
• We share information only with service providers, as required by law, or with your consent - we never sell your data
• We protect your information using industry-standard security measures including encryption, access controls, and monitoring
• We retain your data only as long as necessary and delete it within 30-90 days after account closure (except legally required records)
• You have rights to access, correct, delete, and port your data - contact privacy@travos.ai to exercise your rights
• We use cookies for essential functionality, preferences, and analytics - you can control cookie preferences
• We do not knowingly collect information from children under 18
• International users: Your data is processed in the United States with appropriate safeguards

For the complete details, please read the full Privacy Policy above.

---

© 2026 Travos.ai. All rights reserved.

This Privacy Policy was last updated on January 12, 2026.