Skip to content

Privacy Policy

TravelBuilderPro values your privacy. This policy explains how we collect, use, and protect your information.

Effective Date: January 17, 2025

1. Information We Collect

Personal Data

We collect the following personal information when you use our services:

Account Information:

  • Email address (required for account creation and login)
  • Name and profile photo (when using Google OAuth authentication)
  • Organization name and billing email

Billing Information:

  • Payment data processed by Stripe (billing address, tax ID/VAT number, credit card information)
  • Subscription details: plan tier, billing period, payment history

Non-Personal Data

  • Website usage data collected through Supabase hosting
  • Technical data: IP addresses, browser type, device information
  • Form submission metadata: timestamps, form identifiers, referrer URLs

Data from External Forms

When you integrate TravelBuilderPro with your website forms, we collect data submitted by your website visitors according to your field mappings. You are responsible for obtaining proper consent from your website visitors before collecting their data.

2. Use of Information

Personal Data

Your personal information is used to:

  • Create and manage your account
  • Provide access to our platform and services
  • Process subscription payments and billing
  • Send service-related communications (authentication emails, account updates)
  • Provide customer support
  • Manage your travel agency operations (contacts, trips, itineraries)

Non-Personal Data

Technical and usage data is used to:

  • Maintain and improve platform performance
  • Analyze usage patterns and optimize user experience
  • Ensure security and prevent fraud
  • Provide analytics for your business operations

3. Sharing of Data

We do not sell, trade, or share your personal data with third parties, except as necessary to provide our services or comply with legal obligations.

Third-Party Service Providers

We share data with the following trusted service providers:

Supabase (Database & Authentication):

  • Stores user accounts, contacts, trips, and application data
  • Hosts uploaded images and files
  • Purpose: Platform infrastructure and data storage

Stripe (Payment Processing):

  • Processes subscription payments and billing
  • Stores billing address and tax ID information
  • Purpose: Secure payment processing and subscription management

Resend (Email Services):

  • Sends authentication emails (magic links) and service notifications
  • Purpose: Transactional email delivery

Google OAuth (Authentication):

  • Provides optional third-party authentication
  • Shares email, name, and profile photo when you choose to sign in with Google
  • Purpose: Simplified authentication

For more details on data processing, please refer to our Data Processing Agreement (if applicable).

4. Cookies

We use essential cookies to maintain your login session and provide core platform functionality. These are necessary for the service to work properly.

We do not currently use analytics or tracking cookies for marketing purposes.

You can disable cookies in your browser settings, but this may limit your access to certain features of the platform.

5. Security

We implement industry-standard security measures to protect your data:

  • Row Level Security (RLS) policies in our database
  • Organization-scoped data access controls
  • HTTPS encryption for all data transmission
  • Secure authentication with Supabase Auth
  • Role-based access control (admin, manager, agent)
  • Webhook security with unique tokens per form

However, no method of transmission over the internet is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

6. User Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restriction: Limit how we process your data
  • Right to Portability: Receive your data in a structured, commonly used format
  • Right to Object: Object to certain types of processing

To exercise any of these rights, please contact us via our contact form at travelbuilderpro.com/contact.

7. Data Retention

Free Plan & 7-Day Trial Accounts

  • Every new account starts with a 7-day full-feature trial of every paid feature (no credit card required)
  • After the trial, the workspace continues on the Free plan unless the user upgrades — the account is not suspended
  • Free plan accounts are retained as long as they remain active; long-inactive Free workspaces may be archived or deleted after additional notice
  • You may request account deletion at any time

Active Subscriptions

  • Data retained for the duration of your active subscription
  • After subscription cancellation: Data retained for 30 days before permanent deletion
  • You may request immediate deletion upon cancellation

Form Submissions

  • Contact and lead data retained indefinitely while your subscription is active
  • Webhook submission logs retained for debugging and analytics purposes

Payment Records

  • Billing history retained for legal and accounting requirements (typically 7 years)

8. Children's Privacy

TravelBuilderPro is a business-to-business (B2B) service intended for travel agencies and professionals. We do not knowingly collect personal information from children under 16 years of age. If you believe we have inadvertently collected such information, please contact us immediately.

9. International Data Transfers

Our service providers (Supabase, Stripe, Resend) may process data in countries outside the European Economic Area (EEA). When data is transferred internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection standards
  • Service provider compliance with GDPR requirements

10. Your Responsibilities

When using TravelBuilderPro to collect data through website forms:

  • You must obtain proper consent from your website visitors before collecting their data
  • You must provide your own privacy policy to your website visitors
  • You are responsible for compliance with applicable data protection laws in your jurisdiction
  • You must configure form webhooks securely and protect webhook secrets

11. Updates to Privacy Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify you via:

  • Email notification to your registered email address
  • Prominent notice on the platform dashboard

Your continued use of the service after such modifications constitutes acceptance of the updated policy.

12. Governing Law

This Privacy Policy is governed by the laws of Spain and the General Data Protection Regulation (GDPR). Any disputes arising from this policy will be subject to the exclusive jurisdiction of the courts of Madrid, Spain.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or need to contact us regarding privacy matters, please use our contact form.