Privacy Policy for Triptaim

1. Introduction

Triptaim, operated by Oystertec Ltd ("we", "us", or "our"), is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and share personal data when you use our travel booking platform, including flight and hotel reservations, AI-powered trip planning, and related services.

2. Data Processing Activities

We collect and process the following types of personal data:

• Account Information: Email address, name, and profile details for account creation and management.
• Booking Information: Traveler details (names, dates of birth, passport information) required for flight and hotel bookings.
• Payment Information: Processed via Stripe for card payments and NowPayments for cryptocurrency transactions.
• Travel Preferences: Destination preferences, travel dates, and AI planner inputs to personalize your experience.
• Wallet Information: Cryptocurrency wallet addresses for Web3 authentication and balance management.
• Analytics Data: Usage patterns and device information to improve our services.

3. Lawful Bases for Processing Personal Data

We rely on the following lawful bases for processing your personal data under the UK General Data Protection Regulation (UK GDPR):

• Consent: For newsletter signups and marketing communications.
• Contractual Necessity: To process payments and provide our services.
• Legitimate Interests: To improve our services and user experience through analytics.

4. Data Subject Rights

Under the UK GDPR, you have the following rights regarding your personal data:

1. Right to Access: You can request copies of your personal data.
2. Right to Rectification: You can request corrections to any inaccurate or incomplete data.
3. Right to Erasure: You can request the deletion of your personal data under certain conditions.
4. Right to Restrict Processing: You can request that we restrict the processing of your personal data.
5. Right to Data Portability: You can request the transfer of your personal data to another organization or directly to you under certain conditions.
6. Right to Object: You can object to the processing of your personal data in certain circumstances.

To exercise any of these rights, please contact us using the information provided below.

5. Retention Periods

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Specific retention periods include:

• User Emails: Retained until you unsubscribe from our newsletter.
• Payment Information: Retained as required by law for financial records.
• User Preferences and Account Data: Retained for the duration of your account activity.

6. International Transfers

We may transfer your personal data to countries outside the UK, including the USA and EU, where we use third-party services such as Stripe, Google Analytics, AWS, OpenAI, Supabase, Vercel, and Resend. We ensure that any such transfers comply with applicable data protection laws and that appropriate safeguards are in place.

7. Third-Party Services

We use the following third-party services to assist in our operations:

• Stripe: For payment processing.
• Google Analytics: For website analytics.
• AWS: For cloud services.
• OpenAI: For AI-related services.
• Supabase: For database management.
• Vercel: For deployment of our applications.
• Resend: For email communications.

These third parties may also process your personal data in accordance with their own privacy policies.

8. ICO as Supervisory Authority

If you have any concerns regarding our processing of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can contact the ICO at https://ico.org.uk.

9. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us at:

• Email: hello@oystertec.io
• Address: 123 Tech Street, London, EC1A 1BB, United Kingdom

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this Privacy Policy periodically to stay informed about our practices.