Privacy Policy

At Traliyo (“we,” “us,” or “our”), we respect your privacy and are committed to protecting the personal data you share with us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, web platform, and related services (collectively, the “Service”).

By using the Service, you consent to the data practices described in this policy. If you do not agree with any part of this policy, please discontinue use of the Service.

a) Information You Provide Directly

• Account Information — Name, email address, and profile photo when you create an account.
• Authentication Data — Login credentials or tokens from third-party providers (e.g., Google OAuth).
• Trip Data — Itineraries, destinations, travel dates, stops, notes, and preferences you create within the app.
• Uploaded Documents — Boarding passes, tickets, hotel confirmations, and other travel documents you scan or upload.
• Profile Information — Optional details such as preferred currency, home country, and travel preferences.
• Communications — Messages, feedback, or support requests you send to us.

b) Information Collected Automatically

• Device Information — Device type, operating system, unique device identifiers, and app version.
• Usage Data — Features accessed, pages viewed, interactions, and session duration.
• Log Data — IP address, browser type, access times, and referring URLs (web platform).
• Crash Reports — Diagnostic data to help us identify and fix bugs.

c) Information from Third-Party Services

• Google OAuth — Name, email, and profile photo when you sign in with Google.
• Flight Data Providers — Flight status information linked to your booking references.
• Google Maps & Places — Location-based place data when you use the Explore feature.

We use collected information to:

• Provide the Service — Create and manage your account, process trip itineraries, track flights, and deliver personalised travel recommendations.
• AI-Powered Features — Process documents through AI for data extraction, generate AI itineraries via Google Gemini, and provide intelligent suggestions.
• Improve the Service — Analyse usage patterns to enhance features, fix bugs, and optimise performance.
• Communications — Send account-related notifications, service updates, and respond to your enquiries.
• Security — Detect, prevent, and address fraud, abuse, and security issues.
• Legal Compliance — Comply with applicable laws, regulations, and legal processes.

Traliyo uses AI technologies to enhance your travel experience. Here is how your data interacts with AI:

• Document Scanning — When you scan travel documents, images are processed by AI to extract relevant details (flight numbers, dates, booking references). Document images are processed in real-time and are not stored on our servers beyond the processing session unless you explicitly save them to your trip.
• AI Trip Planning — Your destination preferences, travel dates, and stated interests are sent to Google Gemini to generate personalised itineraries. We do not send your personal identity information to AI providers.
• On-Device Processing — Where possible, we prioritise on-device processing to minimise data transmission.

Cloud Storage with Offline Access

Your trip data, documents, and preferences are stored securely in the cloud using our backend infrastructure powered by Supabase. To ensure you can access essential information without an internet connection, the app also caches data locally on your device for offline use. Local device data is synchronised with the cloud when connectivity is available.

Security Measures

We implement industry-standard security measures to protect your data, including:

• Encryption of data in transit using TLS/SSL protocols.
• Encryption of sensitive data at rest.
• Row-level security (RLS) policies on our database to ensure users can only access their own data.
• Secure authentication via Supabase Auth with support for OAuth providers.
• Regular security audits and vulnerability assessments.

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

We do not sell your personal data. We may share your information only in these limited circumstances:

• Service Providers — Trusted third-party providers who assist us in operating the Service (e.g., Supabase for backend infrastructure, Google for AI and Maps). These providers are bound by contractual obligations to protect your data.
• Legal Requirements — When required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers — In connection with a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. You will be notified of any change in ownership.
• With Your Consent — When you explicitly authorise us to share your information with a third party.

The Service integrates with the following third-party services, each governed by their own privacy policies:

We encourage you to review the privacy policies of these third-party services to understand how they handle your data.

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy:

• Account Data — Retained for the duration of your account. Deleted within 30 days of account deletion.
• Trip Data — Retained while your account is active. Deleted with account deletion.
• Usage Analytics — Aggregated and anonymised data may be retained indefinitely for analytical purposes.
• Legal Obligations — Certain data may be retained longer if required by law.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request correction of inaccurate or incomplete data.
• Deletion — Request deletion of your personal data. You can delete your account through the app settings or by contacting us.
• Portability — Request your data in a structured, machine-readable format.
• Objection — Object to processing of your data for certain purposes.
• Withdrawal of Consent — Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at support@traliyo.com. We will respond to requests within 30 days.

Our web platform may use cookies and similar tracking technologies to:

• Essential Cookies — Maintain your session and authentication state.
• Functional Cookies — Remember your preferences and settings.
• Analytics Cookies — Understand how you interact with the Service to improve it.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect the functionality of the Service.

The Service is not directed at children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

Your data may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we take appropriate safeguards to ensure your data remains protected in accordance with this Privacy Policy.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make changes, we will update the “Last Updated” date and, for significant changes, notify you through the Service or via email. Your continued use of the Service after changes constitutes your acceptance of the updated policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: