Legal
Privacy Policy
Last updated: May 21, 2026
This policy explains what information Travelyt collects when you use our website, mobile app, or service, how we use it, who we share it with, and your rights. It applies to all Travelyt customers, account holders, and visitors.
Information we collect
When you request a quote, create a booking, or contact support, we collect identifiers and trip details you provide directly: full name, email address, phone number, pickup and delivery addresses, travel dates, flight numbers, number and description of bags, and any handling notes. When you pay, our payment processor collects card or wallet details on our behalf — we do not store full card numbers on our systems. For active bookings, we also generate operational records (timestamps, location checkpoints, seal IDs, bag photos, signatures, and proof-of-service images) needed to maintain chain of custody. If you create an account, we store your login credentials and account preferences. We may also collect basic device information (browser type, IP address, app version, crash logs) for security, fraud prevention, and product improvement.
How we use it
We use your information to respond to quotes, coordinate pickups and deliveries, complete payments, send service updates (SMS, email, and push notifications), maintain chain-of-custody and insurance records, support claims and disputes, prevent misuse and fraud, comply with legal obligations, and improve Travelyt operations. We do not sell your personal information, and we do not use it for cross-context behavioral advertising.
Who we share it with
We share booking and contact details only with the people and providers required to operate the service: assigned drivers and handlers, the airline carrying your flight (for bag identification and TSA security handoff at the airport), our payment processor (Stripe), our communications providers (SMS and email delivery), our hosting and analytics providers, our insurance and claims partners, and our legal and accounting advisors. We may disclose information to law enforcement or other authorities when required by law, subpoena, or court order, or when needed to protect Travelyt, our customers, or the public.
Tracking and custody data
For active bookings, we generate and retain timestamps, GPS location checkpoints, tamper-evident seal IDs, bag photos, driver and handler IDs, and proof-of-service signatures or photos. This data is used to verify chain of custody, support insurance claims, and let you and authorized recipients track your bags in real time.
Push notifications
If you opt in, we send push notifications for booking confirmations, pickup and delivery status, driver assignments, exception alerts, and limited service announcements. You can disable push notifications at any time from your device's notification settings or your in-app preferences.
Cookies and local storage
Travelyt uses essential cookies and local storage to support login state, save in-progress quotes, remember preferences, and protect against abuse. We may also use analytics tools that set cookies to measure aggregate usage. You can control cookies through your browser settings; disabling essential cookies may prevent parts of Travelyt from working.
Data retention
We retain quote requests for up to 24 months. We retain completed booking records, chain-of-custody data, and payment records for as long as needed to provide service, handle claims, comply with tax and accounting laws, and resolve disputes — typically 7 years for financial records and 3 years for operational records, unless a longer period is required by law. Account data is retained while your account is active and deleted on request as described below.
Security
We protect personal information using HTTPS in transit, encrypted databases at rest, access controls on internal systems, role-based permissions, audit logs, and vetted handlers with background checks. No system is perfectly secure; if a breach affects you, we will notify you and the relevant authorities as required by law.
Your rights
You have the right to access, correct, delete, or export your personal information, and to object to or restrict certain processing. California residents have additional rights under the CCPA, including the right to know what we collect, the right to delete, the right to correct, the right to opt out of sale or sharing (we do not sell), and the right to non-discrimination. Residents of the EU/EEA and UK have rights under the GDPR and UK GDPR, including the right to lodge a complaint with your local supervisory authority. To exercise any of these rights, email privacy@travelyt.app.
Account and data deletion
You can delete your account and request deletion of your personal information at any time. From the app or website, go to Profile → Settings → Delete Account, or email privacy@travelyt.app. We will confirm your identity, delete your account and personal information within 30 days, and retain only the records we are legally required to keep (such as financial records and chain-of-custody logs for completed bookings).
Children's privacy
Travelyt is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us at privacy@travelyt.app and we will delete it.
International transfers
Travelyt is operated from the United States. If you use Travelyt from outside the US, your information may be transferred to, stored, and processed in the US and other countries where our service providers operate. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses.
AI and automated systems
Travelyt uses artificial intelligence and automated processing in two distinct ways. (1) Internal operations: an in-house system supports dispatch routing, anomaly detection on seal scans and bag photos, chain-of-custody reporting, and aggregate service analytics. It runs on booking and operational data only and is restricted to authorized Travelyt staff. (2) Customer-facing assistants: if we offer an AI chat or support assistant, it runs on a separate, scoped system that can only see the minimum context needed for your request — not full account history, payment details, or other customers' data. We do not use your trip, location, or chain-of-custody data to train third-party AI models, and we do not sell or share AI-derived insights about you. Automated outputs (estimated windows, status summaries, suggestions) may contain errors; binding service details come from confirmed booking records and Travelyt staff. You can request human review of any decision that materially affects your booking by contacting privacy@travelyt.app.
Third-party services
Travelyt integrates with third-party services including Stripe (payments), our SMS and email providers, our hosting and analytics providers, the airlines we deliver bags to on your behalf, and mobile platform services from Apple and Google when you use our app. These providers process information under their own privacy policies and our data-processing agreements with them.
Changes to this policy
We may update this policy as Travelyt evolves. When we make material changes, we will update the date below and, where appropriate, notify you by email or in-app notice before the changes take effect.
Contact
Questions, requests, or complaints about privacy can be sent to privacy@travelyt.app. We respond to verified requests within 30 days.
This summary is written for clarity and operational use. Final review by counsel is recommended before broad commercial rollout.