Privacy policy
1.
Scope
This Privacy Policy applies to personal data collected through our website, SaaS platform, mobile applications (including our TravelSight app) and related services.
TripZILLA may act as a data controller or a data processor, depending on the context:
TripZILLA as Controller
TripZILLA acts as an independent data controller for the personal data we collect directly from our business customers (travel professionals, agencies, and their staff). This includes account registration details, billing and subscription data, usage analytics, support communications, and marketing preferences.
TripZILLA as Processor
When our business customers use the Platform to manage their own clients (travelers), TripZILLA acts as a data processor. In this role, we process traveler data (such as names, contact details, itineraries, passport details, or uploaded documents) only on the instructions of our customers, who remain the data controllers. These processing obligations are governed by our Data Processing Agreement (DPA).
TripZILLA does not act as a joint controller with its customers.
2.
Information we collect
TripZILLA is a platform for travel agencies and advisors (“Clients”) to manage their business. We may collect the following categories of personal data:
2.1
User Information
Used to create and manage your TripZILLA account. This may include your name, email address, job title, business name, login credentials, and profile details.
2.2
Business Information
Data related to your agency or company, including agency name, location, logo, timezone, website, social media accounts, and contact details of employees or team members.
2.3
Client Data
Personal information entered by Clients about their own customers (travelers), including names, contact details, passport numbers, itinerary preferences, uploaded documents, or other travel-related data. Travel professionals must ensure they have a lawful basis (e.g., client consent) before entering such data.
2.4
Payment Information
Subscription billing details such as billing contact, business address, and transaction data. Payments are securely processed by FastSpring, our payment provider. We do not store full credit card numbers.
2.5
Usage Data
Automatically collected information about how you use the Platform, such as IP address, device type, operating system, browser, pages visited, features used, session duration, and device identifiers (including device name or other unique device identifiers used for analytics, bug reporting and security purposes).
2.6
Communication Data
Information shared when you contact us or use the Platform to communicate, including support requests, feedback, or survey responses.
2.7
Cookies & Analytics Data
Data from cookies and similar technologies, including session identifiers, referral sources, click behavior, and aggregated usage patterns (see Section 9).
2.8
Marketing Contact Information:
If you sign up for marketing updates, we collect your email address. You may opt out at any time.
2.9
Mobile App Data
When you use our mobile applications (including our TravelSight app), we may collect additional technical data necessary to operate and improve the app. This may include:
Device name and identifiers
App usage data (such as interactions, features used, and session activity)
Diagnostic data (such as crash logs and performance data)
Push notification tokens (if you enable notifications)
This data is used solely to provide, maintain, and improve the functionality, security, and performance of the mobile application.
3.
How we use personal data
4.
Legal basis for processing (GDPR)
For users in the EU/EEA, UK, and similar jurisdictions, we process data under these legal bases:
Contractual necessity – to deliver our services
Consent – for marketing or optional features
Legitimate interests – for analytics, fraud prevention, platform improvements
Legal obligation – to comply with applicable laws
5.
Data sharing and sub-processors
We may share personal data with a limited number of trusted third-party service providers (“sub-processors”) that help us operate, maintain, and improve the TripZILLA Platform.
These providers support essential business functions such as:
• Infrastructure and cloud hosting
• Secure file storage
• Email delivery and communication tools
• Payment processing and subscription management
• Travel booking and other third-party service integrations
When you use TripZILLA to book travel services (such as hotel reservations), we may share limited client data (e.g., traveler names, travel dates, and destination details) with our booking partners in order to complete the transaction. These third parties process personal data in accordance with their own privacy policies and applicable laws.
In addition, where you have explicitly provided your consent, we may share your contact details with selected partners (such as RateHawk) so that they may contact you about their services. Such partners act as independent data controllers and are responsible for their own processing of personal data.
All sub-processors and integration partners are contractually required to handle data in compliance with applicable privacy regulations, including the GDPR.
A current list of sub-processors can be requested by contacting [email protected].
We do not sell your personal data or allow third-party advertising on the Platform.
6.
International data transfers
Some of our service providers (e.g., FastSpring, Mailchimp, RateHawk) are located outside the European Economic Area (EEA), including in the United States.
When we transfer personal data internationally, we rely on appropriate safeguards such as:
the EU-U.S. Data Privacy Framework (DPF) and its UK and Swiss extensions, where applicable,
Standard Contractual Clauses (SCCs) approved by the European Commission,
Transfers to countries with a valid adequacy decision and additional technical and organizational measures.
7.
Data security
We implement a combination of technical and organizational safeguards to protect personal data against unauthorized access, loss, or misuse.
Key measures include:
Encrypted data storage (including encryption at rest and in transit)
Role-based access control and multi-factor authentication
Regular system monitoring and audit logging
Hosting in secure, ISO 27001-certified data centers located in the EU
A “privacy by design” approach integrated into our development process
While no system is 100% immune to attack, we regularly assess and update our security controls to meet evolving risks and industry standards. If a personal data breach occurs affecting data for which TripZILLA is the controller, we will notify affected individuals and authorities in accordance with applicable law.
8.
Cookies and tracking technologies
We use cookies and similar technologies to:
Maintain your session and login state
Analyze usage trends and improve the platform
Monitor system performance
We do not use device identifiers or similar technologies for cross-app tracking or for advertising purposes.
Where required by law, we request your consent before setting non-essential cookies (such as analytics or marketing cookies). You can withdraw your consent at any time via your browser settings or our cookie banner. For more information, see our Cookie Policy.
9.
Data retention
We retain personal data only for as long as necessary to:
Provide our services
Fulfill contractual and legal obligations
Resolve disputes or enforce our Terms
Upon account closure, you may request deletion of your data. Data may be anonymized or retained where legally required.
10.
Your rights
If you are located in the EU, UK, or similar jurisdictions, you have the right to:
Access your personal data
Correct inaccurate data
Request deletion of your data
Object to processing or request restrictions
Request data portability
Withdraw consent (where applicable)
To exercise these rights, contact us at [email protected]. We may require identity verification. You also have the right to lodge a complaint with your local supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens (www.autoriteitpersoonsgegevens.nl).
11.
Marketing Communications
We may use your email address to send marketing and product update communications, such as newsletters or feature announcements.
You can unsubscribe at any time by clicking the “unsubscribe” link included in the email, or by contacting us at [email protected].
12
Children's Privacy
TripZILLA is designed for professional use by travel advisors and businesses. You must be at least 16 years old to create an account and use the Platform.
If you are under 16, you may only use TripZILLA with verifiable parental or guardian consent and only if permitted by the applicable law in your country (for example, under the GDPR the minimum digital consent age is 16, unless local law sets it lower, but never below 13).
We may request proof of age or consent and may terminate accounts that fail to meet these requirements.
We do not knowingly collect personal data from children under 13. If we become aware that we have collected such data, we will delete it promptly.
Where our business customers input traveler data relating to children (for example, passport numbers or dates of birth), TripZILLA processes this data solely on the customer’s instructions. The customer is responsible for ensuring a valid lawful basis (such as parental consent) for such processing.