Privacy Policy
Last updated on 28 Nov 2025
Welcome to Retrip Inc., a Delaware corporation (“Retrip”, “we”, “us”, or “our”). This Privacy Policy is designed to help you understand how we collect, use, disclose, and safeguard personal and business information when you use our SaaS platform for agencies, our agentic AI infrastructure, our websites, and any related services (collectively, the “Services”).
1. General
2. Scope and Roles
3. Information We Collect
4. How We Use Information
5. Legal Bases for Processing (Where Applicable)
6. How We Share Information
7. Cookies and Similar Technologies
8. Data Security
9. Data Retention
10. Your Rights and Choices
11. International Data Transfers
12. Children’s Privacy
13. Changes to this Privacy Policy
14. Contact Information
1. General
1.1. Last updated
1.1.1. Date of last update shown at the top of this page.
1.2. Purpose of this Policy
1.2.1. This Privacy Policy explains how Retrip (“Retrip”, “we”, “us”, or “our”) collects, uses, and protects personal and business information.
1.2.2. This Policy applies to all use of our websites, platforms, APIs, SaaS tools, and agentic AI infrastructure (collectively, the “Services”).
1.3. Acceptance
1.3.1. By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
1.3.2. If you do not agree with this Policy, you must stop using the Services.
2. Scope and Roles
2.1. Covered Services
2.1.1. This Policy applies to (collectively, the “Services”):
2.1.1.1. The Retrip Workspace platform for travel agencies, operators, and intermediaries (“Retrip Workspace”);
2.1.1.2. Our agentic AI infrastructure, APIs, tools, and any usage-based or pay-as-you-go offerings (the “Agentic Services”);
2.1.1.3. Our websites and related subdomains, including retrip.ai, retrip.io, and any other sites that link to this Policy.
2.1.2. This Policy applies regardless of how you access the Services (e.g. web app, API, integrations, or embedded widgets), unless otherwise stated in a specific agreement.
2.2. Data Controller and Data Processor Roles
2.2.1. Retrip may act as a data controller for information we collect and use about you as a user, customer representative, business contact, or website visitor.
2.2.2. Retrip acts as a data processor (or equivalent under applicable law) when we process traveller or passenger data and other operational information on behalf of your company to power travel operations, quotes, bookings, changes, support, or agentic workflows. In these cases, your company is the data controller and determines the purposes and legal bases for processing.
2.2.3. If you are a traveller or end customer of one of our clients, your primary relationship is with that client. We process your data only on their instructions and in accordance with our agreement with them.
2.2.4. Where there is a conflict between this Policy and a data processing agreement or similar contract between Retrip and a client, that contract will generally govern our processing on behalf of that client.
3. Information We Collect
3.1. Account and Contact Information
3.1.1. Full name and contact details (e.g. email address, phone number).
3.1.2. Company/agency name, role, tax ID and business profile.
3.1.3. Login credentials and authentication data.
3.2. Business and Transactional Information
3.2.1. Details of your agency, operator, or OTA (e.g. branches, teams, configuration).
3.2.2. Booking, quotation, and transaction data, including:
3.2.2.1. Itineraries, routes, dates, products, prices, and margins;
3.2.2.2. Reference numbers, PNRs, and related identifiers;
3.2.2.3. Supplier and distribution channel information.
3.3. Traveller and Passenger Data (Customer Data)
3.3.1. When you use the Services, you may process traveller or passenger data, such as:
3.3.1.1. Names, contact details, and identification data as required for travel;
3.3.1.2. Booking preferences, loyalty numbers, and travel history;
3.3.1.3. Special requests (e.g. seating, dietary needs, mobility assistance) where permitted by law and your own policies.
3.3.2. In this context, your company is typically the data controller, and Retrip acts as data processor, handling this information solely to provide and improve the Services, in accordance with your documented instructions.
3.3.3. Traveller and passenger data is protected with industry-standard security measures (including encryption in transit and at rest, role-based access controls, and logical separation of customer environments).
3.3.4. Retrip does not use traveller or passenger data to train AI models or for unrelated purposes, unless explicitly agreed with you in a separate written agreement.
3.4. Usage, Logs, and Technical Information
3.4.1. IP address, browser type, device information, and operating system.
3.4.2. Dates and times of access, features used, and pages viewed.
3.4.3. API calls, agent actions, and system events for audit, security, and debugging.
3.4.4. Session identifiers, cookies, and similar technologies.
3.4.5. For agentic workflows, we may also log:
3.4.5.1. Prompts, instructions, and system messages sent to agents;
3.4.5.2. Inputs and outputs of agentic operations, including actions taken on connected systems, for traceability, monitoring, and improving reliability of the Services.
3.5. Payment and Billing Information
3.5.1. Billing contact details, billing address, and tax information.
3.5.2. Records of subscriptions, usage, pay-as-you-go consumption, and invoices.
3.5.3. Limited payment information; full card data is typically handled by our payment provider and not stored directly by Retrip.
3.6. Communication and Support Information
3.6.1. Emails, messages, and other communications with our team.
3.6.2. Support tickets, feedback, and survey responses.
3.6.3. Information related to participation in waitlists, beta programs, or community channels.
3.6.4. Information received from third parties (e.g. integration partners, providers, or public sources) to maintain account and business data.
4. How We Use Information
4.1. Providing and Operating the Services
4.1.1. To create and manage accounts, workspaces, and user access.
4.1.2. To operate both the v1 SaaS platform and the Agentic Services in line with our agreement with you.
4.1.3. To power quotes, bookings, changes, cancellations, and operational workflows under your configurations and policies.
4.2. Agentic AI Automation and Operations
4.2.1. To execute agentic tasks and workflows based on your configurations, policies, and system connections, acting on your instructions as data controller.
4.2.2. To maintain logs, audit trails, and monitoring for safety, compliance, and troubleshooting.
4.2.3. To tune routing, orchestration, and risk controls around agent behaviour, including safeguards to prevent unauthorized or unintended actions.
4.3. Improving and Developing Our Products
4.3.1. To analyze usage patterns and performance (e.g. feature adoption, latency, error rates) and improve reliability and usability.
4.3.2. To test, train, and improve models, algorithms, and infrastructure using aggregated, statistical, or de-identified information derived from usage data. We do not use identifiable traveller/passenger data or your confidential content for generic model training unless you have explicitly agreed to this in a separate written agreement.
4.3.3. To design new features, pricing models (including pay-as-you-go), and integrations that better support your operations.
4.4. Communication and Customer Success
4.4.1. To contact you about your account, security issues, service changes, and maintenance.
4.4.2. To respond to support requests and provide onboarding, training, or implementation assistance.
4.4.3. To send product updates, invitations to betas, and relevant marketing communications, where permitted by law and always with an option to opt out.
4.5. Security, Fraud Prevention, and Compliance
4.5.1. To detect and prevent abuse, unauthorized access, or harmful activity.
4.5.2. To enforce our Terms & Conditions and other agreements with you.
4.5.3. To comply with legal obligations, regulatory requirements, and valid law-enforcement requests.
4.6. No Sale of Personal Information
4.6.1. Retrip does not sell or rent your personal information.
4.6.2. We do not share your personal information with third parties for their own independent marketing or advertising purposes.
5. Legal Bases for Processing (Where Applicable)
5.1. Contractual Necessity
5.1.1. We process information when it is necessary to perform our contract with you or your company, including providing and operating the Services, executing agentic workflows, and maintaining account functionality.
5.2. Legitimate Interests
5.2.1. We process certain information to operate, secure, and improve the Services, analyze performance, prevent misuse, and communicate with business contacts—always balancing these interests against your rights and expectations.
5.2.2. These activities exclude identifiable traveller or passenger data unless instructed by you as data controller.
5.3. Legal Obligations
5.3.1. We process information when required to comply with applicable laws, regulations, government requests, or court orders, including obligations related to security, accounting, and fraud prevention.
5.4. Consent
5.4.1. In cases where the law requires it (e.g., certain marketing communications or optional features), we rely on your consent.
5.4.2. You may withdraw consent at any time without affecting the lawfulness of processing that occurred before withdrawal.
5.5. Customer-Controlled Data (Passengers and Travellers)
5.5.1. For traveller or passenger data, you (the customer) are the data controller and determine the appropriate legal basis. Retrip processes such data solely on your documented instructions and does not determine independent purposes or legal bases for that processing.
6. How We Share Information
6.1. Service Providers and Subprocessors
6.1.1. We may share information with third-party vendors that support our operations, such as:
6.1.1.1. Cloud hosting and infrastructure;
6.1.1.2. Data storage, logging, monitoring, and security tools;
6.1.1.3. Payment processing and billing;
6.1.1.4. Email, messaging, and communication services;
6.1.1.5. Analytics, product telemetry, and reliability tooling.
6.1.2. These providers are contractually required to use the data only for the specific services they provide, implement appropriate security measures, and are prohibited from using customer or traveller data to train their own models or for unrelated purposes.
6.2. Travel and Technology Partners
6.2.1. When you choose to connect our Services to travel systems, suppliers, distribution channels, or other tools, we may share data as necessary to complete the operations you request (e.g., search, pricing, booking, changes, reissues) and to maintain those integrations.
6.2.2. Retrip does not share traveller or passenger data with third parties except as required to execute the workflows you initiate or authorize.
6.3. Professional Advisors and Corporate Transactions
6.3.1. We may share information with legal, tax, financial, or other professional advisors under confidentiality obligations.
6.3.2. We may disclose information in connection with mergers, acquisitions, financings, or similar transactions, subject to appropriate protections and continued confidentiality.
6.4. Legal and Regulatory Disclosures
6.4.1. We may disclose information where required by law, regulation, legal process, or governmental request.
6.4.2. We may disclose information to protect the rights, property, or safety of Retrip, our users, or others, including investigating security incidents or potential misuse.
6.5. Marketing by Third Parties
6.5.1. We do not permit third parties to use your information for their own marketing or advertising purposes without your explicit consent.
7. Cookies and Similar Technologies
7.1. Use of Cookies
7.1.1. Our websites and platforms may use cookies and similar technologies to:
7.1.1.1. Keep you signed in and maintain secure sessions;
7.1.1.2. Remember your preferences and configuration;
7.1.1.3. Analyze traffic, usage, and performance.
7.2. Cookie Management
7.2.1. You can manage cookie preferences through your browser settings.
7.2.2. If you disable certain cookies, some features of the Services may not function properly.
8. Data Security
8.1. Technical and Organizational Measures
8.1.1. We implement industry-standard security and reliability measures, which may include:
8.1.1.1. Encryption in transit and at rest for customer and traveller data;
8.1.1.2. Role-based access controls and least-privilege permissions across internal systems;
8.1.1.3. Logical separation of customer environments, workspaces, and integrations;
8.1.1.4. Network and application-level protections, including monitoring, rate-limiting, and anomaly detection;
8.1.1.5. Logging and audit trails for agentic actions, API calls, and system events;
8.1.1.6. Periodic security reviews, updates, and vulnerability mitigation.
8.2. Shared Responsibility
8.2.1. No system can guarantee absolute security, and maintaining security is a shared responsibility between Retrip and our customers.
8.2.2. You are responsible for:
8.2.2.1. Using strong, unique passwords and enabling available authentication features;
8.2.2.2. Managing and restricting credentials used by agents and connected systems, and revoking access when no longer required;
8.2.2.3. Reviewing user accounts, roles, permissions, and access settings regularly;
8.2.2.4. Ensuring integrations you connect to Retrip comply with your own internal security requirements.
8.3. Credentials and Integrations
8.3.1. Retrip does not reuse or repurpose customer credentials outside the scope of the Services.
8.3.2. Agentic workflows operate strictly under the credentials, permissions, and policies you configure.
9. Data Retention
9.1. Retention Periods
9.1.1. We retain information for as long as necessary to:
9.1.1.1. Provide, operate, and improve the Services;
9.1.1.2. Fulfil the purposes described in this Policy;
9.1.1.3. Comply with legal, tax, and accounting requirements;
9.1.1.4. Resolve disputes and enforce agreements.
9.1.2. Traveller and passenger data is retained only for the period required to support the operations you initiate (e.g. quotations, bookings, modifications) and is removed or minimized according to your instructions, applicable law, and internal retention schedules.
9.1.3. Operational logs and audit records may be retained for a limited period to ensure reliability, security, and traceability across all Services.
9.2. Aggregation and Anonymization
9.2.1. We may anonymize or aggregate data so that it can no longer be linked to an identifiable person or customer.
9.2.2. We may retain anonymized or aggregated data for analytical, reliability, and product development purposes for longer periods.
10. Your Rights and Choices
10.1. Data Subject Rights
10.1.1. Depending on your location and applicable law, you may have rights such as:
10.1.1.1. Access to the personal data we hold about you;
10.1.1.2. Correction of inaccurate or incomplete data;
10.1.1.3. Deletion of your data, subject to legal obligations and retention requirements;
10.1.1.4. Restriction of certain types of processing;
10.1.1.5. Objection to processing based on legitimate interests;
10.1.1.6. Data portability for certain information.
10.1.2. These rights apply to personal data for which Retrip acts as data controller. For data we process on behalf of our clients as data processor, the client determines how such rights can be exercised.
10.2. How to Exercise Your Rights
10.2.1. To exercise your rights, contact us at contact@retrip.ai with a clear description of your request and, if applicable, the name of your company.
10.2.2. We will acknowledge your request within a reasonable period (typically within 48 business hours).
10.2.3. We aim to respond within applicable legal timeframes, or within a commercially reasonable period where no legal deadline applies.
10.3. Travellers and End Customers of Our Clients
10.3.1. If you are a traveller or end customer of one of our clients, you should contact that company directly to exercise your data rights, as they act as the data controller for that information.
10.3.2. Retrip will assist our clients, where required, in responding to such requests as part of our obligations as data processor.
10. Your Rights and Choices
10.1. Data Subject Rights
10.1.1. Depending on your location and applicable law, you may have rights such as:
10.1.1.1. Access to the data we hold about you;
10.1.1.2. Correction of inaccurate or incomplete data;
10.1.1.3. Deletion of your data, subject to legal obligations;
10.1.1.4. Restriction of certain types of processing;
10.1.1.5. Objection to processing based on legitimate interests;
10.1.1.6. Data portability for certain information.
10.2. How to Exercise Your Rights
10.2.1. To exercise your rights, please email contact@retrip.ai with a clear description of your request and the name of your company.
10.2.2. We will acknowledge your request within a reasonable period (typically within 48 business hours).
10.2.3. We aim to respond within applicable legal timeframes and in any case within a commercially reasonable period.
10.3. Travellers and End Customers of Our Clients
10.3.1. If you are an end traveller of one of our clients, you should contact that company directly to exercise your rights.
10.3.2. We will support our clients, where required, in responding to such requests.
11. International Data Transfers
11.1. Locations of Processing
11.1.1. Retrip may process and store information in countries other than your own, including jurisdictions where our infrastructure providers and subprocessors operate.
11.1.2. These locations may include the United States, the European Union, Latin America, or other regions where we maintain services or integrations.
11.2. Safeguards
11.2.1. When transferring personal data internationally, we apply appropriate safeguards required by applicable law, such as contractual protections, standard contractual clauses, or other legally recognized mechanisms.
11.2.2. We require our subprocessors to implement equivalent protections and to process data only for the purposes allowed under our agreements.
12. Children’s Privacy
12.1. Business Use Only
12.1.1. Our Services are intended for businesses and professionals, and are not directed to children.
12.2. No Direct Collection from Children
12.2.1. We do not knowingly collect personal information directly from children under the age defined by applicable law.
12.2.2. In some cases, our clients may submit traveller information that includes minors as part of a booking or travel operation. In those situations, the client acts as the data controller, and Retrip processes such information solely to provide the Services and only under the client’s instructions.
12.3. Reporting Concerns
12.3.1. If you believe a child has provided us with personal information directly and without appropriate consent, please contact us and we will take appropriate steps.
13. Changes to this Privacy Policy
13.1. Updates
13.1.1. We may update this Privacy Policy from time to time to reflect changes in our Services, technology, or legal requirements.
13.1.2. When we make material changes, we will notify you by email and/or through the Services.
13.2. Effective Date
13.2.1. The “Last updated” date at the top of this Policy indicates the latest revision.
13.2.2. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated Policy.
14. Contact Information
14.1. Contact Details
14.1.1. If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
14.1.1.1. Email: contact@retrip.ai