At Travelity ("we," "us," or "our"), a platform developed and operated by
BraveCrew Inc,
we are committed to
empowering travel agencies, tour operators, drivers, tour guides, and their teams with advanced tools to
streamline operations, manage bookings, allocate resources, and coordinate communication across multiple channels.
As a B2B software platform developed specifically for the travel service industry, we understand the significance
of data security and privacy in managing business workflows, personnel information, and client records. This
Privacy Policy outlines how we collect, use, disclose, and protect personal data shared with us by our business
clients and their authorized users. We adhere to strict data protection regulations, including the General Data
Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable international
frameworks.
I. Introduction
This Privacy Policy describes Travelity's commitment to protecting the personal and organizational data shared
by
users of our platform, which is designed for professional use by agencies and personnel in the travel services
sector. Our users include account-holding travel companies, operational staff, tour organizers, guides, and
transportation partners who use our software to facilitate travel logistics. This policy informs you about the
nature of the data we collect, the purposes for which we use it, and the rights and choices available to you
under
applicable data protection laws.
By using the Travelity platform or any associated services, you acknowledge and agree to the terms set out in
this
Privacy Policy.
II. Information We Collect
A. Personal Information
We collect business-related personal information that is necessary for account management, operational
coordination,
and customer support. This includes:
Full name and role/title within the business
Business contact details such as email address and telephone number
Organization name and location
Login credentials and account activity
Payment and billing information for subscription or service transactions
In cases where the platform is used to process customer bookings on behalf of clients, agencies may enter
limited
end-customer data (e.g., name, contact info, tour preferences), in which case Travelity acts as a data
processor on
behalf of the agency.
B. Non-Personal Information
We also collect technical and behavioral data from users interacting with our platform:
IP addresses and access timestamps
Browser type and device configuration
Operating system and session duration
Navigation behavior and platform feature usage metrics
This information is used to maintain the functionality and performance of our services, diagnose issues, and
support
product development.
III. Legal Basis for Processing
(GDPR)
Our processing of personal data is based on the following legal grounds:
Contractual necessity: When data processing is required to provide our software and fulfill service
agreements
with our clients.
Legitimate interest: When we use data to improve platform performance, prevent misuse, or maintain
business
continuity.
Consent: Where the user has provided explicit consent for specific purposes, such as receiving marketing
updates.
Legal obligation: When we are required by law to retain or disclose certain information.
IV. How We Use Your
Information
The information we collect is used primarily to operate and improve the Travelity platform. Use cases include:
Account provisioning and access management for agency teams, drivers, and guides
Managing real-time booking workflows and scheduling assignments
Providing customer support and resolving operational issues
Communicating updates, alerts, and service notifications to users
Facilitating billing and subscription management
Monitoring usage trends and optimizing system performance
We do not use your data for consumer marketing or profiling, unless explicitly agreed.
V. Sharing and Disclosure of Personal
Information
We share information only when necessary and with appropriate safeguards in place:
Service Providers: Such as data hosting platforms, infrastructure providers, analytics vendors, and
integrated
CRM tools.
Authorized Partners: Where agencies connect their Travelity accounts with third-party services or OTAs.
Compliance and Legal Requests: To fulfill legal obligations or respond to valid government inquiries.
Corporate Events: In the event of a merger, restructuring, or acquisition.
We do not sell or monetize user data.
VI. Data Security Measures
We employ rigorous data protection practices:
Advanced Role-Based Access Control (RBAC)
Access is governed through fine-grained, context-aware RBAC applied consistently across all services. The
IDP we use manages user authentication and federated identity with dynamic access tokens and scopes tied
to precise roles and permissions. Service-to-service communication is secured with identity-aware proxying
and workload identity bindings within our cloud platform of choice, ensuring only authorized microservices
can access protected APIs or resources.
Encryption at Rest and in Transit
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256, managed by our cloud platform
of choice and database.
Secure Storage and Isolation
Our database and storage are protected with signed URLs, IAM controls, reducing misconfiguration risk.
Secure Development Lifecycle (SDLC)
Our development process integrates threat modeling, secure code reviews, static/dynamic analysis, and
dependency scanning from design to deployment.
Incident Response and Business Continuity
We have an actionable incident response plan that includes detection, triage, notification, and
remediation.
Compliance and Governance
All the 3rd party services of choice support compliance with industry standards such as SOC 2, ISO 27001
and GDPR. Access policies and logging ensure traceability and accountability across systems.
VII. Data Retention Policy
Data is retained only for as long as necessary to fulfill the intended business purpose, fulfill contractual
obligations, or comply with applicable legal requirements.
Retention Principles:
User Data & Authentication Information
Retained for the duration of the user's account activity and for a limited period thereafter, unless a
longer retention period is required or justified.
Operational & Application Data
Retained while it remains relevant for service functionality, analysis, or support purposes. We
periodically review and securely dispose of data no longer required.
Logs, Backups, and System Data
Retained for a reasonable period in line with operational continuity and auditing needs. These are
automatically purged on a rolling basis or securely deleted after their usefulness has expired.
Data Subject Rights
Individuals may request access to, correction of, or deletion of their personal data, and we respond in
accordance with applicable data protection laws, including the GDPR.
Secure Disposal:
When data is no longer needed, it is securely and permanently deleted using industry-standard methods to
prevent unauthorized access or recovery.
VIII. Your Rights and Data Choices
Platform users and authorized client representatives have the right to:
Request access to the data associated with their user accounts
Correct inaccuracies or update contact information
Request data deletion or deactivation (where permitted)
Object to certain processing or revoke previously given consent
To exercise any of these rights, please contact us using the details provided in Section XV. We may require
identity
verification before fulfilling your request, and we will respond within the timeframes required by applicable
law
Agencies acting as data controllers for their clients are responsible for fulfilling requests related to
end-customer data.
IX. International Data
Transfers
If user or agency data is transferred outside the user's country (including to or from the EEA), we implement
appropriate safeguards, including:
Standard Contractual Clauses (SCCs)
Hosting within compliant jurisdictions
Vendor assessments aligned with GDPR or equivalent data transfer principles
X. Children's Privacy
Travelity is intended for professional use only. Our services are not marketed to or intended for children under
the
age of 18, and we do not knowingly collect data from minors.
XI. Cookies and Tracking Technologies
Cookies and similar tools that may be used:
Essential Cookies
These are necessary for the basic operation of our website or application. They support authentication,
security, and core user functionality.
Performance and Analytics Cookies
These cookies help us understand how users interact with our services, enabling us to improve performance
and user experience over time.
Functionality Cookie
These remember your preferences and settings to deliver a more personalized experience.
Third-Party Cookies and Technologies
We may work with trusted third-party providers (such as analytics or identity services) who may set their
own cookies or use similar technologies. These are subject to their own privacy policies.
Users may control cookie preferences through their browser settings.
XII. U.S. State Privacy Rights
For U.S. users subject to CCPA or other state-level privacy laws, we provide:
Transparency on what data is collected
A method to request access or deletion of data
A commitment not to sell personal data
Authorized users may submit requests through designated contact channels.
XIII. Notice of Financial
Incentives
If we provide account-based incentives or early-access promotions, the terms will clearly explain the
conditions,
value, and user rights. Participation is always optional.
XIV. Updates to this Privacy Policy
We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. We will
notify users of material updates via email or platform notifications, and all changes will be reflected with an
updated "Effective Date."
XV. Contacting Travelity
For any data privacy inquiries or user rights requests:
Email:
support@travelity.app
Website:
www.travelity.app
This Privacy Policy applies to all organizational users of the Travelity platform, including agencies,
subcontractors, and registered account holders. It governs the handling of all personal and business data
processed
through our systems on or after the effective date stated above.
Effective Date: 25 June, 2025
Travelity, developed and operated by BraveCrew Inc, is a software-as-a-service (SaaS) platform designed to support
the operational and administrative needs of businesses in the travel industry.
These Terms and Conditions
("Terms") define the legal framework governing your relationship with us, the use of our Platform, and your rights
and responsibilities as a registered user.
Travelity is a business-facing platform designed to be used by entities such as travel agencies, tour operators,
local transportation providers, and freelance guides. It facilitates the management of tour offerings, traveler
bookings, service schedules, staff assignments, and customer communications. Please read these Terms carefully to
understand the scope and limitations of your use of the Platform.
§ 1: Key Definitions
To ensure clarity throughout this document, the following terms shall have the meanings described:
Platform refers to the Travelity digital system available via www.travelity.app, which provides users
with tools for managing tourism-related services.
User is a business entity or sole proprietor registered to use Travelity’s services.
Team denotes a collaborative workspace associated with a User, in which multiple roles can be assigned
(e.g., to staff or subcontractors).
Traveler Data refers to the data pertaining to travelers—such as contact details and booking
information—entered by the User.
Event refers to a scheduled instance of a tour or service.
Product means any travel-related offering (such as a tour or transfer) created and published on the
Platform by the User.
Booking indicates a specific reservation made by or on behalf of one or more travelers.
Super User designates a team owner or admin with advanced permissions within the system.
Controller/Processor distinction is as follows: the User is the controller of end traveler data;
Travelity acts as its processor. Travelity is the controller for User account and usage metadata.
§ 2: Scope and Purpose of Services
Travelity offers a comprehensive suite of features tailored to the needs of modern travel businesses. These
include tools for designing and listing travel Products, managing availability and pricing, assigning
personnel
and assets (such as vehicles or equipment), tracking orders and Bookings, and analyzing operations through
dashboards and reports.
The Platform is strictly intended for professional and lawful use within the context of the tourism and
transport
service sectors. Misuse or unauthorized application of the software may lead to account suspension or
termination.
§ 3: Access and User Registration
To access the Platform, a business must complete a registration process or
receive an invitation from
Travelity.
Each User is granted a dedicated workspace and access credentials. The User is responsible for maintaining
accurate information during and after registration.
Within each Team, Users may designate additional staff or collaborators, assigning roles based on functional
responsibilities. Credentials (username and password) must be kept confidential and must not be shared outside
the
authorized team.
Super User privileges allow for retrospective modification of Events but are automatically restricted after
certain actions for security reasons.
§ 4: User Obligations and Conduct
Users are required to operate their workspace with integrity and professionalism. This includes:
Ensuring all data entered (including traveler data, Product descriptions, and pricing) is accurate and
lawful.
Managing internal roles, staff profiles, and asset inventories responsibly.
Not interfering with Platform infrastructure or attempting to reverse-engineer its features.
Avoiding unauthorized disclosure of access credentials.
Users are expected to use the Platform’s functionality in accordance with applicable laws and tourism
standards.
§ 5: Data Handling, Traveler Information, and Privacy
The User, in their capacity as a business, is the Controller of any end customer or Traveler Data entered into
the
Platform. Travelity serves as a Processor in such cases, accessing Traveler Data only to perform tasks
required
to
fulfill the User’s instructions.
This data may include names, email addresses, booking preferences, dietary or accessibility needs, and other
non-sensitive travel-related information. Users are prohibited from entering sensitive categories of data
(such
as
health or biometric data) unless legally justified and supported by an appropriate basis under applicable data
protection laws.
Travelity also processes User-related metadata (such as login activity and usage statistics) to maintain
system
integrity and deliver support. All processing complies with GDPR and other relevant regulations.
§ 6: Payments and Service Fees
Access to certain features or tiers of the Platform may require payment of a subscription or service fee.
Terms
of
payment are defined in the agreement executed between Travelity and the User.
Late or non-payment may result in restricted access to Platform features or full suspension of the account.
§ 7: Availability, Support, and Limitations
While Travelity strives to maintain continuous availability, occasional downtime may occur due to maintenance,
system updates, or external service dependencies. The Platform is provided "as is," and we make no guarantees
regarding uninterrupted or error-free access.
Users are responsible for ensuring that their use of the Platform complies with relevant regulations and that
their data configurations do not result in accidental loss of information.
§ 8: Intellectual Property Rights
All intellectual property associated with the Platform—including software code, interface design, templates,
content structure, and branding—is owned or licensed by Travelity. Users receive a non-transferable, limited
license to use the Platform for their business purposes only.
Any attempt to replicate, resell, reverse-engineer, or exploit the Platform outside of its intended use is
strictly prohibited and may lead to legal action.
§ 9: Account Suspension and Termination
Either party may terminate the relationship by providing written notice, subject to any applicable agreement
terms.
Following termination, User access will be disabled, and associated data may be deleted or archived, unless
retention is required by law or contract. Users should download any essential data before termination.
§ 10: Data Protection and User Rights
Users have the right to:
Access their account and usage data
Correct inaccuracies
Request deletion or export of their data
Object to certain types of processing
Travelity will provide the necessary support to fulfill these rights within legally prescribed timeframes.
Regarding traveler data, the User bears the responsibility of enabling end customers to exercise their data
protection rights in accordance with GDPR.
§ 11: Cookies and Analytics
Travelity uses cookies to facilitate user authentication, remember settings, and gather anonymized analytics.
Cookies may be disabled via browser settings, although this may impair some functionality.
§ 12: Amendments to Terms
These Terms may be updated periodically. Users will be notified in advance (at least 7 days) of any material
changes. Continued use of the Platform following such updates constitutes acceptance of the revised Terms.
§ 13: Legal Jurisdiction and Dispute Resolution
These Terms are governed by the laws of Delaware. Any disputes shall be resolved by the competent courts in
the
location of Travelity’s principal business establishment unless otherwise agreed.
If any provision is held to be invalid, the remainder of the Terms shall remain enforceable.
Contact Information
Email: support@travelity.app
Website: www.travelity.app
