1. Legal
  2. Privacy Policy

Privacy Policy

Effective date: August 19, 2025
Last updated: August 19, 2025
Controller: Traveldax LLC, 30 N Gould St STE N, Wyoming, USA
Contact: privacy@traveldax.com

Traveldax provides software and data services for the travel industry. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you interact with our website and services. It is written for clarity and practical use.

1) Scope & Audience

This Policy applies to:

  • Our public website and marketing pages, including the contact form.
  • Business communications with us (email, support inquiries).
  • Our logged-in product surfaces (e.g., dashboards) and analytics captured via Google Analytics (GA4) and Mixpanel.

It does not cover third-party sites/services that link to or from our site, or personal data processed by customers inside their own systems.

2) Key Definitions

  • “Personal data” (or “personal information”) means information that identifies or can reasonably be linked with an individual.
  • “Controller” means the entity that determines the purposes and means of processing personal data (here, Traveldax LLC).
  • “Processor” / “Service provider” means an entity that processes personal data on behalf of a controller.
  • “EU/UK” refers to the European Union and the United Kingdom.
  • “Cookies/Trackers” include cookies, SDKs, pixels and similar technologies used for analytics and functionality.

3) What We Collect

A. Data you provide directly
  • Contact form: name, email, company, role, and the message you choose to send.
  • Billing & account setup (B2B): company legal and billing details you email to us (e.g., company name, VAT/tax IDs, billing contact).
  • Communications: content of emails/support requests and our correspondence with you.
B. Data collected automatically (site/product usage)

Through GA4 and Mixpanel, we collect:

  • Identifiers and device data: IP address, general location derived from IP (e.g., city/region), device type, operating system, browser type/version, preferred language.
  • Usage and events: pages visited, referrers, session duration, clicks/events, timestamps, and navigation paths.
  • Diagnostics: performance and error information to help us troubleshoot and improve reliability.

We also maintain basic server logs for security and operational continuity.

C. Payments
  • We accept wire transfers and card payments via Stripe.
  • Stripe collects and processes payment information as an independent controller or processor according to its own privacy notices. Traveldax does not store full card numbers or CVV codes on its systems.
D. Data we process from public sources

Traveldax processes publicly available flight and pricing data to provide analytics and insights. This data typically does not include personal data. If personal information appears incidentally, we take steps to minimize and remove it.

We do not intentionally collect special categories of personal data (e.g., health data, precise geolocation) and our services are not directed to children.

4) Why We Use Data (Purposes & Legal Bases)

  1. Service delivery and operations: provide access to our site/product, respond to inquiries, set up billing and accounts, provide support.
    Legal bases (EU/UK): Contract, Legitimate interests.
  2. Analytics, product improvement, and security: measure usage, improve features, detect/prevent abuse and fraud, fix errors.
    Legal bases (EU/UK): Legitimate interests; Consent for non-essential cookies/trackers in the EU/UK.
  3. Communications and marketing: send product updates, newsletters, and invitations (subject to consent/opt-in where required).
    Legal bases (EU/UK): Consent, Legitimate interests.
  4. Legal compliance: comply with tax, accounting, and lawful requests; enforce our terms; protect rights, safety, and property.
    Legal bases (EU/UK): Legal obligation, Legitimate interests.

Legitimate interests test (summary): our analytics and security interests are balanced against individual privacy by using aggregated reporting, limited retention, and opt-out/consent controls where required.

5) Cookies & Similar Technologies

  • We use essential cookies/trackers for site operation and security.
  • We use analytics cookies/SDKs (GA4 and Mixpanel) to understand usage and improve our services.
  • In the EU/UK, non-essential analytics run only with consent via a cookie banner (supporting granular choices and withdrawal at any time). Where available, we implement Consent Mode to respect the user’s choices.
  • You can adjust your cookie preferences via the banner or Cookie Settings on our site, and through your browser settings.

Examples of analytics cookies (non-exhaustive):

  • GA4: _ga, _ga_*
  • Mixpanel: mp_*

Exact names and lifetimes may vary by vendor; see vendor documentation.

6) How We Share Data

We disclose personal data to:

  • Service providers / subprocessors who support our operations (hosting, security, analytics, communications, payments). We require appropriate confidentiality and data protection commitments.
  • Stripe (payments), Google LLC (GA4), Mixpanel, Inc. (product analytics).
  • Professional advisors (accountants, auditors, lawyers) under confidentiality.
  • Authorities where required by law or to protect rights and safety.
  • Corporate transactions (e.g., financing, merger or sale) subject to appropriate safeguards.

We do not sell personal data and do not engage in cross-context behavioral advertising that would constitute a “sale” or “sharing” under certain US state laws.

7) International Data Transfers

We are a US company and may process data in the United States and other countries. For EU/UK personal data transferred outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms, plus technical and organizational measures to protect data.

8) Data Retention

We keep personal data only as long as needed for the purposes above and to comply with legal obligations. Typical periods:

Category Retention period
Contact inquiries (contact form, sales emails) Up to 24 months from last interaction
Billing/account records Life of account + 7 years (for tax/compliance)
Analytics events (GA4/Mixpanel) Up to 24 months (subject to consent/opt-out)
Server/security logs Up to 12 months, unless required longer for investigations

We may retain data longer if necessary to establish, exercise, or defend legal claims.

9) Security

We apply industry-standard safeguards, including encryption in transit, least-privilege access controls (IAM), network segmentation and firewalls, audit logging, secrets management, and vendor risk assessments. While no method is 100% secure, we continuously improve our controls.

Security incidents & breach notification: if a personal-data breach is likely to result in a risk to individuals, we will notify relevant supervisory authorities and affected individuals without undue delay and, where applicable, within 72 hours of becoming aware, consistent with legal requirements.

10) Your Privacy Rights

EU/UK (GDPR/UK-GDPR)

You may have rights to access, rectify, erase, restrict, object, and port your personal data. Where processing relies on consent, you can withdraw it at any time. You have the right to complain to a supervisory authority.

United States (including California)

Depending on your state, you may request to know/access, correct, or delete certain personal information, and to limit certain uses. Traveldax does not sell or share personal information under CPRA. We respond to verifiable requests within statutory timeframes.

How to exercise your rights: email privacy@traveldax.com. We may ask you to verify your identity (e.g., via email link) and will respond within applicable deadlines (typically 30–45 days).

Global Privacy Control (GPC): where applicable, we treat a valid GPC signal as a request to opt out of any selling/sharing (which we don’t do) and to restrict non-essential tracking in jurisdictions that recognize GPC.

11) Marketing Communications

If you opt in or otherwise consent to marketing, we may send newsletters and product updates. You can unsubscribe at any time using the link in the email or by contacting privacy@traveldax.com. Transactional or service messages are not marketing.

12) Children’s Privacy

Our services are business-to-business and not directed to children under 16. We do not knowingly collect personal data from children.

13) Do Not Track

Some browsers send “Do Not Track” (DNT) signals. We do not currently respond to DNT. We honor choices made via our cookie banner and settings where required.

14) Subprocessors & Vendors

Vendor Purpose Location/Transfer Mechanism
Stripe, Inc. Card payment processing and fraud prevention US; transfers safeguarded by SCCs/Stripe measures
Google LLC (GA4) Web analytics US; transfers safeguarded by SCCs/Google measures
Mixpanel, Inc. Product analytics US; transfers safeguarded by SCCs/Mixpanel measures
Cloud hosting, email, and security providers Hosting, email delivery, operational security Various; protected by appropriate contracts and safeguards
We maintain and update our list of subprocessors and will provide additional details on request at privacy@traveldax.com.

15) Data Protection Addendum (DPA)

For business customers, Traveldax offers a Data Protection Addendum incorporating the EU/UK Standard Contractual Clauses where applicable. To request or countersign a DPA, contact privacy@traveldax.com.

16) International Representatives

If and when required, Traveldax will appoint an EU and/or UK representative under Article 27 GDPR/UK-GDPR. Until appointed, EU/UK data subjects can contact us directly at privacy@traveldax.com.

17) Automated Decision-Making

Traveldax does not use personal data for automated decision-making that produces legal or similarly significant effects. We use analytics for aggregated insights and service improvement only.

18) Changes to This Policy

We may update this Policy periodically. We will post the updated version with a revised “Last updated” date. For material changes, we will provide additional notice where appropriate.

19) Contact

Traveldax LLC
30 N Gould St STE N, Wyoming, USA
Email: privacy@traveldax.com

Cookie Notice (Detailed)

What are cookies/trackers?

Small files or SDKs that help operate, secure, and measure our services.

Types we use
  1. Essential/functional (required): enable core site functions, load balancing, security, and session continuity.
  2. Analytics/measurement (subject to consent in EU/UK): GA4 and Mixpanel help us understand usage and improve product performance.
Your choices
  • In the EU/UK, our banner requests consent for non-essential cookies. You can accept all, reject all, or customize. You can revisit your choices anytime in Cookie Settings.
  • Browser controls and add-ons can also restrict cookies and trackers, which may affect functionality.
Retention

Cookie expirations vary by tool and configuration. Analytics data is generally retained up to 24 months. See Section 8 for overall retention.

Contact

Questions about cookies? Email privacy@traveldax.com.

Contact Us

Request a Demo

Email

info@traveldax.com

Phone

+1 646 637 4467

Address

30 N Gould St
Sheridan, USA

Hours

Monday - Friday
8 AM - 10 PM EST

Loading
Your message has been sent. Thank you!