Privacy Policy

Welcome to TravelReady, operated by Traveln Ltd (Registered in the United Kingdom). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application.

1. Information We Collect

We may collect information about you in a variety of ways. The information we may collect includes:

• Personal Data: Personally identifiable information, such as your name, email address, nationality, and date of birth, that you voluntarily give to us when you register with the application.
• Google Sign-In Data: If you choose to sign in using Google, we receive your name, email address, and profile photo from your Google Account. We use this information solely to create and manage your TravelReady account. We do not access your Google contacts, calendar, files, or any other Google services data beyond basic profile information.
• Derivative Data: Information our servers automatically collect when you access the app, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the app.
• Financial Data: We do not store any payment information. All payments are processed securely through Stripe, and we do not have access to your credit card details.
• User-Uploaded Documents: Documents you upload to your private "Document Vault" are encrypted and stored in our secure database for your convenience. When validated by our proprietary verification systems, documents are processed ephemerally and immediately purged from processing memory upon completion. We do not use your personal documents to train any models.
• Third-Party Fulfillment: To generate verifiable flight reservations (PNRs) as part of our premium application packs, we transfer necessary traveler details (Name, Travel Dates, Route) to our trusted IATA-accredited fulfillment partners. These partners store this data only as long as necessary to maintain the validity of your reservation.

1a. How We Handle Your Documents

When you use TravelReady's document preparation tools, you may upload personal documents including but not limited to: passport bio pages and scans, photographs, bank statements and financial records, employment letters and payslips, travel itineraries and hotel bookings, educational certificates, and cover letters or supporting statements.

Your documents are used exclusively to:

• Validate completeness against embassy requirements and generate your Application Strength Score.
• Pre-fill application templates and Expert Cover Letters.
• Store securely in your personal Document Vault for reuse across applications.

We do not:

• Share your documents with any embassy, consulate, or government body.
• Submit applications on your behalf.
• Sell, licence, or distribute your personal data to third parties.
• Use your documents to train machine learning models without explicit opt-in consent.
• Access your documents for any purpose beyond delivering the service you requested.

TravelReady staff do not access your documents unless required to resolve a support request you have initiated, and only with your explicit permission.

2. Use of Your Information

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you to:

• Create and manage your account.
• Authenticate your identity via email/password or Google Sign-In.
• Generate personalized visa checklists and travel itineraries.
• Provide Expert-powered analysis of your documents.
• Anonymously aggregate data for community insights, such as visa success rates.
• Process payments and subscriptions.
• Email you regarding your account or order.

3. Google API Services User Data Policy

TravelReady's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request access to the data necessary to provide our services (email, name, and profile photo for account creation).
• We do not use Google user data for advertising purposes.
• We do not sell Google user data to third parties.
• We do not use Google user data to train machine learning models.
• We limit our use of Google user data to the practices explicitly disclosed in this Privacy Policy.

4. Third-Party Service Providers

We use the following third-party services to operate TravelReady. Each provider only receives the minimum data necessary to perform its function:

• Google Firebase (Authentication & Database): Manages user authentication (including Google Sign-In) and securely stores application data. Governed by the Firebase Privacy Policy.
• Google Cloud Platform (Document Processing): Powers our document validation and intelligent checklist generation. Documents are processed ephemerally and not retained by Google for model training.
• Stripe (Payments): Handles all payment processing. We never see or store your card details. Governed by the Stripe Privacy Policy.

5. Cookies and Session Data

We use the following cookies to operate the application:

Essential Cookies (Always Active)

• Session Cookie (__session): An HTTP-only, secure cookie that maintains your authenticated session. It expires after 14 days and is deleted when you sign out.
• Referral Cookie (travelready_ref): Tracks referral attribution if you arrived via a referral link. Contains only the referrer ID.

Analytics Cookies (Consent Required)

With your explicit consent, we use the following analytics services to understand how our application is used and to improve the user experience:

• Google Analytics: Collects anonymized usage data such as pages visited, session duration, and general device information. Governed by the Google Privacy Policy.
• Mixpanel: Tracks product usage events to help us improve features. Does not collect personally identifiable information beyond what is necessary for analytics.

These analytics cookies are only loaded after you accept cookies via our consent banner. You can withdraw consent at any time by clearing your browser cookies. We do not use advertising cookies or tracking pixels.

6. Data Retention

We retain your personal data only for as long as necessary to provide our services. Below are the specific retention periods for each category of data:

• Account Data: Retained for the lifetime of your account. Permanently deleted within 30 days of you requesting account deletion.
• Uploaded Documents: Stored in your encrypted vault for as long as your account is active. When you delete your account, all documents are queued for permanent deletion and removed from all systems (including backups) within 30 days.
• Document Processing Data: Documents submitted for validation are processed in real-time and immediately purged from processing memory upon completion. They are not stored separately from your vault.
• Payment Records: Transaction metadata (plan type, date, amount) is retained for 7 years for accounting and legal compliance as required by UK tax law. Full payment details are held by Stripe per their retention policy.
• Audit Logs: Anonymized security and compliance logs (containing no personal data or document contents) are retained for 2 years to support fraud prevention, security monitoring, and legal obligations.
• Analytics Data: Anonymized usage analytics are retained indefinitely as they contain no personally identifiable information.

7. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information. Our platform is built on enterprise-grade cloud infrastructure with bank-level encryption (AES-256), and we employ strict security rules to ensure that only you can access your own data. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

8. Your Data Rights: Access and Export

You have the right to access the personal data we hold about you. You can download a complete, machine-readable JSON file of all your data at any time from your account settings.

9. Your Data Rights: Deletion (“Right to be Forgotten”)

You have the right to request the permanent deletion of your account and all associated data. This action is irreversible.

10. Lawful Disclosure and Government Requests

TravelReady operates on a zero-access principle: your documents are processed by automated systems and are never viewed by staff unless you explicitly request Concierge assistance. However, “zero access” describes our operational practice — it does not mean we are technically unable to comply with lawful obligations.

We may disclose your personal data when required by law, specifically in response to:

• Valid court orders issued by a court of competent jurisdiction
• Lawful subpoenas
• Binding government requests under applicable law (e.g., UK Investigatory Powers Act)

When we receive such a request, we follow this procedure:

1. Verify validity: Our legal team reviews the request to confirm it is legally valid and properly scoped.
2. Minimize disclosure: We provide only the specific data legally required — nothing more.
3. Log all access: Every disclosure is recorded in our internal audit system with the date, scope, and requesting authority.
4. Notify you: We will notify you about the request unless we are legally prohibited from doing so (e.g., by a gag order or national security letter).

We publish an annual transparency summary reporting the number of government and legal requests received, complied with, and challenged.

11. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

• We will notify the UK Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, as required by GDPR Article 33.
• If the breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay via the email address associated with your account.
• Our notification will describe the nature of the breach, the data affected, the measures we have taken, and the steps you can take to protect yourself.

12. Automated Decision-Making

TravelReady uses automated systems to validate your documents and generate visa checklists. These systems provide recommendations and assessments only — they do not make legally binding decisions about your visa application. You always retain full control over which documents to submit and how to proceed with your application.

Under GDPR Article 22, you have the right to request human review of any automated assessment. To exercise this right, contact us at privacy@mytravelready.ai.

13. International Data Transfers

Your data may be processed in countries outside the United Kingdom and European Economic Area, including the United States (where our cloud infrastructure providers operate). When this occurs, we ensure appropriate safeguards are in place:

• Google Cloud Platform / Firebase: Covered by Standard Contractual Clauses (SCCs) and Google's Data Processing Terms.
• Stripe: Certified under applicable data transfer frameworks and subject to SCCs.

All transfers comply with Chapter V of UK GDPR and are subject to appropriate safeguards.

14. Data Processing Agreement

For business and agency customers processing client data through TravelReady, we offer a Data Processing Agreement (DPA) that details our obligations as a data processor. To request a DPA, contact legal@mytravelready.ai.

15. Policy for Children

We do not knowingly solicit information from or market to children under the age of 13. If we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the “Last updated” date at the top. Your continued use of TravelReady after any changes constitutes your acceptance of the updated policy.

17. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at: privacy@mytravelready.ai