Privacy Policy

This Privacy Policy describes how TripDesk365 ("TripDesk365", "we", "our", or "us") collects, uses, and discloses personal information when you use our website, applications, and services (collectively, the "Service"). TripDesk365 is a product of Elite Travel Technologies LLC, a Delaware-registered limited liability company.

1. Information we collect

Information you provide directly

Account information: name, email address, password (hashed), and role when you create an account or are invited to a workspace.
Agency and client data: business name, contact email, phone, mailing address, and configuration you provide when setting up an agency or client workspace.
Traveler data: passenger names, frequent flyer numbers, passport details, contact emails, and other booking- related fields you submit or which arrive via your connected booking inbox.
Communications: the content of support messages, feedback, and demo requests you send to us.

Information collected automatically

Usage data: pages viewed, features used, timestamps, referring URLs, and similar analytics signals.
Device data: IP address, browser type and version, operating system, and approximate location (city / country) derived from IP.
Cookies and similar technologies:session cookies for authentication, a 30-day referral attribution cookie (when you arrive via a referral link), and minimal preference storage in your browser's localStorage (e.g. theme, saved filters). See our Cookie Policy for the full list.

Information from third parties

Connected Gmail inboxes: when an agency authorizes Gmail access, we read messages routed to the agency's ingestion address solely to extract booking information (confirmation numbers, segment details, traveler names).
Identity providers: Clerk handles sign-in, so we receive the identity attributes Clerk provides (email, name, OAuth tokens for connected providers).
Flight data providers: we query FlightAware AeroAPI by flight identifier (e.g. "UA456") to retrieve real-time status. We do not transmit traveler names or personal data to AeroAPI.

2. How we use information

To deliver, maintain, and improve the Service.
To parse booking emails into structured itineraries and surface them in your calendar.
To send service notifications (booking imports, disruption alerts, approval requests, account messages).
To provide customer support and respond to inquiries.
To detect, investigate, and prevent abuse, fraud, or violations of our Terms.
To comply with legal obligations.

3. Sub-processors and disclosure

We use the following sub-processors to operate the Service. Each handles only the data necessary for their function and is contractually bound to confidentiality and security obligations.

Vercel — application hosting and serverless compute.
Neon — managed Postgres database.
Clerk — user authentication and session management.
Resend — transactional email delivery.
FlightAware AeroAPI — real-time flight status data (no personal data is sent).
Google Cloud (Pub/Sub + Gmail API) — used by agencies who connect their Gmail inbox for booking ingestion.
Upstash — distributed rate limiting and cache.
Sentry — error tracking and observability.

We do not sell personal information. We disclose information only to: (a) the sub-processors above, (b) authorized users within your own workspace, (c) law enforcement when legally compelled, or (d) successors in a merger, acquisition, or sale of assets (in which case affected users will be notified).

4. International data transfers

TripDesk365 is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to such transfer.

5. Data retention

We retain personal information for as long as your account is active and as needed to provide the Service. After account closure, we retain limited records (audit logs, billing history) for up to seven years to comply with legal and accounting obligations. You may request earlier deletion subject to those obligations.

6. Your rights

Depending on where you live, you may have the right to:

Access the personal information we hold about you.
Correct inaccurate information.
Request deletion of your personal information.
Receive a copy of your data in a portable format.
Object to or restrict certain processing.
Withdraw consent for processing where consent is the legal basis.

To exercise any of these rights, email support@tripdesk365.com with the subject "Privacy request". We will respond within 30 days.

7. Security

We use industry-standard safeguards including TLS encryption in transit, encryption at rest, role-based access controls, audit logging, and per-tenant data isolation. See our Security page for technical detail.

8. Children

The Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have, contact us at support@tripdesk365.com.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice and update the "Last updated" date above.

10. Contact

For privacy questions or requests, contact:

Elite Travel Technologies LLC
8 The Green, Dover, DE 19901, United States
Email: support@tripdesk365.com
Phone: +1 (844) 786-8666

Canonical URL: https://tripdesk365.com/privacy

1. Information we collect

Information you provide directly

Account information: name, email address, password (hashed), and role when you create an account or are invited to a workspace.

Agency and client data: business name, contact email, phone, mailing address, and configuration you provide when setting up an agency or client workspace.

Traveler data: passenger names, frequent flyer numbers, passport details, contact emails, and other booking- related fields you submit or which arrive via your connected booking inbox.

Communications: the content of support messages, feedback, and demo requests you send to us.

Information collected automatically

Usage data: pages viewed, features used, timestamps, referring URLs, and similar analytics signals.

Device data: IP address, browser type and version, operating system, and approximate location (city / country) derived from IP.

Cookies and similar technologies:session cookies for authentication, a 30-day referral attribution cookie (when you arrive via a referral link), and minimal preference storage in your browser's localStorage (e.g. theme, saved filters). See our Cookie Policy for the full list.

Information from third parties

Connected Gmail inboxes: when an agency authorizes Gmail access, we read messages routed to the agency's ingestion address solely to extract booking information (confirmation numbers, segment details, traveler names).

Identity providers: Clerk handles sign-in, so we receive the identity attributes Clerk provides (email, name, OAuth tokens for connected providers).

Flight data providers: we query FlightAware AeroAPI by flight identifier (e.g. "UA456") to retrieve real-time status. We do not transmit traveler names or personal data to AeroAPI.

2. How we use information

To deliver, maintain, and improve the Service.

To parse booking emails into structured itineraries and surface them in your calendar.

To send service notifications (booking imports, disruption alerts, approval requests, account messages).

To provide customer support and respond to inquiries.

To detect, investigate, and prevent abuse, fraud, or violations of our Terms.

To comply with legal obligations.

3. Sub-processors and disclosure

We use the following sub-processors to operate the Service. Each handles only the data necessary for their function and is contractually bound to confidentiality and security obligations.

Vercel — application hosting and serverless compute.

Neon — managed Postgres database.

Clerk — user authentication and session management.

Resend — transactional email delivery.

FlightAware AeroAPI — real-time flight status data (no personal data is sent).

Google Cloud (Pub/Sub + Gmail API) — used by agencies who connect their Gmail inbox for booking ingestion.

Upstash — distributed rate limiting and cache.

Sentry — error tracking and observability.

5. Data retention

6. Your rights

Depending on where you live, you may have the right to:

Access the personal information we hold about you.

Correct inaccurate information.

Request deletion of your personal information.

Receive a copy of your data in a portable format.

Object to or restrict certain processing.

Withdraw consent for processing where consent is the legal basis.

To exercise any of these rights, email support@tripdesk365.com with the subject "Privacy request". We will respond within 30 days.

1. Information we collect

Information you provide directly

Information collected automatically

Information from third parties

2. How we use information

3. Sub-processors and disclosure

4. International data transfers

5. Data retention

6. Your rights

7. Security

8. Children

9. Changes to this policy

10. Contact

Travel-ops insights, monthly.

Privacy Policy

1. Information we collect

Information you provide directly

Information collected automatically

Information from third parties

2. How we use information

3. Sub-processors and disclosure

4. International data transfers

5. Data retention

6. Your rights

7. Security

8. Children

9. Changes to this policy

10. Contact

Travel-ops insights, monthly.