Legal

Legal documents

Last updated: 1 June 2026

Terms of Service

Welcome to SimpleTravels, operated by SimpleTravels Ltd.(“we,” “us,” or “our”). By accessing or using our platform at simpletravels.com, you agree to be bound by these Terms of Service. If you do not agree, please do not use our services.

1. Use of Services

You must be at least 18 years old to create an account and make bookings. You agree to provide accurate, complete, and current information when using our services and to keep your account credentials secure.

You may not use our platform for any unlawful purpose, to transmit spam, to impersonate any person, or to attempt to gain unauthorised access to our systems.

2. Bookings and Payments

All flight and hotel bookings are subject to the terms and conditions of the relevant travel provider (Duffel for flights, LiteAPI-connected hotels). A booking is confirmed only when payment is received and a confirmation number is issued by the provider.

Prices displayed include our service fee (a margin applied to the provider's net rate). The final price is confirmed at checkout. Prices are quoted in USD and may be shown alongside a local currency estimate for reference only — the USD amount governs.

We accept cryptocurrency payments via NowPayments and Thirdweb. Cryptocurrency transactions are irreversible once confirmed on-chain. Wallet top-ups are capped at $5,000 per transaction. Refunds are processed to your SimpleTravels Wallet in USD.

3. Cancellations and Refunds

Cancellation policies are set by the individual travel provider and shown at the time of booking. Refundable bookings will be credited to your SimpleTravels Wallet or the original payment method within 5–10 business days of the provider processing the cancellation.

Non-refundable bookings may not be cancelled for a refund. We are not liable for provider-side cancellations but will assist in pursuing refunds on your behalf.

4. AI Assistant

Our AI travel assistant is a planning aid and does not constitute professional advice. Itineraries generated by the assistant are suggestions — always verify entry requirements, visa needs, and local conditions with official sources before travelling.

5. Intellectual Property

All content on SimpleTravels, including text, design, software, and trademarks, is owned by SimpleTravels Ltd. or licensed to us. You may not reproduce, distribute, or create derivative works without our written permission.

6. Limitation of Liability

To the maximum extent permitted by law, SimpleTravels Ltd. is not liable for indirect, incidental, or consequential damages arising from your use of our platform. Our total liability for any claim is limited to the amount paid by you for the relevant booking.

7. Governing Law

These Terms are governed by the laws of England and Wales. Any disputes shall be resolved in the courts of England and Wales.

Questions about these Terms? Contact us at legal@simpletravels.com.

Privacy Policy

SimpleTravels Ltd. is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, and your rights. We process data in accordance with the UK GDPR and, where applicable, the EU GDPR.

1. Data We Collect

  • Account data: name, email address, and profile information you provide.
  • Booking data: passenger details, travel dates, payment method (we do not store raw card numbers).
  • Wallet data: top-up amounts, transaction history, and crypto wallet addresses.
  • Usage data: pages visited, search routes, product analytics events, session replay (all form inputs masked), heatmaps/clickmaps, device/browser information, internal user ID, and coarse account traits when analytics consent is granted.
  • Location data: approximate location inferred from IP address; precise location only after you sign in and approve the browser permission prompt.
  • AI interaction data: messages sent to the AI assistant, generated itineraries, and sanitized planner prompt snippets when enabled. Planner behavior signals are used in aggregate, not as per-user replay profiles.

2. How We Use Your Data

  • To process and manage your bookings with travel providers.
  • To operate and improve the AI travel assistant and personalised recommendations.
  • To improve planner usability using aggregate behavior signals, such as cohort-level validation friction and feature handoffs.
  • To send transactional emails (booking confirmation, itinerary updates, payment receipts) via Customer.io.
  • To send marketing communications, only with your explicit consent (opt-in).
  • To detect and prevent fraud.
  • To comply with legal obligations (KYC for crypto transactions above regulatory thresholds).

3. Data Sharing

We share data only as necessary to deliver our services:

  • Duffel (flights): passenger name, date of birth, and passport details for booking.
  • LiteAPI-connected hotels: guest name and contact details for hotel check-in.
  • NowPayments / Thirdweb: transaction data for crypto payment processing.
  • Supabase (EU/US): our primary database and authentication provider.
  • Customer.io (EU): email delivery and lifecycle messaging.
  • PostHog (EU, via first-party /ingest proxy): consent-based product analytics, session replay with all form inputs masked, heatmaps, internal-ID analytics, coarse metadata, and aggregate behavior exports.
  • Sentry (US): anonymised error reporting for platform reliability.

We do not sell your personal data to third parties or use it for advertising targeting outside our own platform.

4. Data Retention

We retain booking data for 7 years to comply with financial regulations. Account data is deleted 30 days after account closure on request. AI interaction data is retained for 12 months to power personalisation, then anonymised.

5. Your Rights

Under UK/EU GDPR you have the right to: access your data, correct inaccurate data, delete your data (where not required for legal compliance), restrict processing, data portability, and object to processing for marketing.

To exercise these rights, email legal@simpletravels.com. We will respond within 30 days.

6. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access to production systems is restricted to authorised personnel via Tailscale VPN. We conduct regular security audits and hold no raw card-number data.

Cookie Policy

We use a minimal set of cookies and similar technologies. We will always ask for your consent before setting non-essential cookies.

1. Essential Cookies

These are strictly necessary to operate the platform and cannot be disabled:

CookieDurationPurpose
sb-<project-ref>-auth-tokenSessionSupabase authentication session
sb-<project-ref>-refresh-token14 daysSupabase session refresh
__Host-csrfSessionCSRF protection on forms

2. Analytics Cookies (opt-in)

With your consent, we use Customer.io's browser SDK for lifecycle analytics and PostHog (EU-hosted, via first-party /ingest proxy) for product analytics, session replay (all form inputs masked), heatmaps, and aggregate behavior exports. For signed-in users, PostHog may receive your SimpleTravels internal public user ID plus coarse metadata such as account type, consent state, app runtime, and loyalty tier. We do not send email address, name, phone number, passport details, address, date of birth, wallet address, or payment data as analytics identity metadata. Sensitive checkout, traveler, wallet, payment, passport, contact, and authentication areas are hidden or obscured. Planner free text is not captured as raw text; when prompt snippets are enabled, they are sanitized and truncated before use.

Aggregate behavior exports may power planner helper copy, prompt weighting, and low-weight recommendation ordering hints. These signals are cohort-level only and do not override your explicit trip intent, provider facts, prices, dates, availability, or hard constraints. No data is shared with advertising networks.

Cookie / keyDurationPurpose
ph_phc_<token>_posthog~1 yearPostHog device/distinct ID and feature flags (EU-hosted)
__ph_opt_in_out_<token>~1 yearPostHog consent state
st-consent:v230 daysYour analytics consent decision (localStorage)
_cio~1 yearCustomer.io anonymous visitor ID
cio_id~1 yearCustomer.io signed-in user identifier

3. Managing Cookies

You can withdraw or change consent at any time via the “Cookie preferences” link in the footer. You can also block cookies via your browser settings, though this may affect platform functionality. Essential cookies cannot be disabled without logging out.

4. Changes to This Policy

We may update this Cookie Policy periodically. Material changes will be notified via the consent banner on your next visit. The “last updated” date at the top of this page reflects the most recent revision.

SimpleTravels Ltd. · Registered in England and Wales · legal@simpletravels.com