Privacy Policy

1. Introduction and Scope

BizTrip AI, Inc. (“BizTrip AI,” “we,” “our,” or “us”) provides an AI-powered corporate travel management platform that enables organizations and their employees to plan, book, and manage business travel through conversational AI agents, accessible via our website at www.biztrip.ai, our mobile applications (iOS and Android), and related APIs and integrations (collectively, the “Service”).

This Privacy Policy (“Policy”) describes how we collect, use, disclose, and otherwise process personal data in connection with our Service. It also explains your rights and choices regarding your personal data. This Policy applies to all users of the Service, including individual travelers, corporate administrators, and visitors to our website and mobile applications.

This Policy is incorporated by reference into our Terms of Service, available at https://biztrip.ai/terms-of-service. By accessing or using our Service, you acknowledge that you have read and understood this Policy. If you are using the Service on behalf of an organization, you represent that you have authority to accept this Policy on behalf of that organization.

Depending on the context in which we process your personal data, BizTrip AI may act as a “data controller” (determining the purposes and means of processing) or a “data processor” / “service provider” (processing data on behalf of your employer or the corporate account holder). Where we act as a processor, the corporate account holder’s privacy policy governs the processing of your data, and you should contact your employer or the account administrator for privacy-related inquiries.

2. Defined Terms

• “Personal Data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an identified or identifiable individual.
• “Service” refers to the BizTrip AI platform, including our website (www.biztrip.ai), mobile applications, APIs, browser extensions, conversational AI agents, and all related tools, features, and services.
• “Corporate Account” means an organizational account established by a business entity to manage corporate travel for its employees, contractors, or authorized travelers.
• “Administrator” means an individual authorized by a Corporate Account holder to manage the account, set travel policies, approve bookings, and access reporting and analytics features.
• “Traveler” means an individual end user who uses the Service to plan, book, or manage business travel, whether directly or through a Corporate Account.
• “Visitor” means an individual who visits our website or interacts with our Service without being logged into an account, such as someone browsing our marketing pages or submitting a contact form.
• “Transaction Data” means data collected in connection with travel bookings and transactions, which may include traveler name, contact details, payment method information, itinerary details, booking references, pricing, travel provider information, and related metadata.
• “AI Features” means the artificial intelligence and machine learning capabilities embedded in the Service, including conversational AI agents, travel recommendation engines, predictive analytics, natural language processing, and automated policy compliance tools.
• “Travel Partners” means third-party travel service providers integrated with or accessible through the Service, including airlines, hotels, car rental companies, ground transportation providers, travel management companies, and global distribution systems (GDS).

3. Personal Data We Collect

3.1 Information You Provide Directly

• Account Registration Data: Name, email address, phone number, job title, department, employer/organization name, and login credentials.
• Traveler Profile Data: Passport and government-issued identification details, nationality, date of birth, gender, Known Traveler Number (TSA PreCheck/Global Entry), frequent flyer and hotel loyalty program numbers, seating and meal preferences, accessibility or special assistance requirements, emergency contact information, and travel document expiration dates.
• Payment Information: Credit or debit card numbers, billing address, and corporate payment method details. Payment card data is processed and stored by our PCI DSS-compliant payment processors; we do not store full card numbers on our servers.
• Communications Data: Messages, prompts, and queries you submit to our AI agents; support requests; feedback and survey responses; and any other content you provide through the Service.
• Expense Data: Receipts, expense reports, per diem amounts, reimbursement claims, and associated documentation that you upload or generate through the Service.

3.2 Information Collected Automatically

• Device and Technical Data: Device type, operating system, browser type and version, unique device identifiers (including advertising identifiers), mobile network information, screen resolution, and language settings.
• Usage Data: Pages and features accessed, search queries, booking flows initiated, time spent on pages, clickstream data, error logs, and interactions with AI Features.
• Location Data: With your consent on mobile devices, precise geolocation data to provide location-based services (such as nearby airport or hotel suggestions). We also infer approximate location from your IP address. You may disable precise location sharing through your device settings at any time.
• Push Notification Tokens: If you opt in to push notifications on your mobile device, we collect your device token to send you flight alerts, itinerary updates, gate changes, and other time-sensitive travel notifications.

3.3 Information from Third Parties

• Corporate Account Data: Your employer or Corporate Account Administrator may provide us with your name, email, employee ID, department, cost center, travel policy tier, and approval hierarchy.
• Travel Partners: Airlines, hotels, and other Travel Partners may share booking confirmations, check-in status, flight status updates, loyalty program information, and other trip-related data with us to facilitate your travel management.
• Single Sign-On (SSO) Providers: If you authenticate using your corporate SSO, Google Workspace, Microsoft Entra ID, Okta, or similar identity providers, we receive your name, email address, and organizational attributes as authorized by your identity provider configuration.
• Calendar Integrations: With your permission, we may access calendar data from Google Calendar, Microsoft Outlook, or other supported calendar services to suggest optimal travel times, detect scheduling conflicts, and provide proactive trip planning recommendations.

3.4 Sensitive Personal Data

In certain circumstances, we may collect categories of data considered sensitive under applicable law. These may include government-issued identification numbers (such as passport numbers), precise geolocation, biometric identifiers (if identity verification is required by a Travel Partner), health-related information (such as dietary requirements, disability or accessibility needs, or medical documentation required for certain destinations), and payment card data. We collect sensitive data only when necessary to provide the Service or as required by law, and we apply enhanced security measures to protect such data.

4. How We Use Your Personal Data

4.1 Providing and Operating the Service

• Processing travel searches, bookings, cancellations, and modifications with Travel Partners.
• Creating and managing your account and traveler profile.
• Facilitating payment processing, expense tracking, and corporate billing.
• Sending booking confirmations, itinerary updates, flight alerts, gate changes, and other transactional communications.
• Enforcing corporate travel policies and facilitating approval workflows on behalf of your employer.
• Providing customer support and responding to inquiries.

4.2 AI-Powered Features

• Powering conversational AI agents to understand and respond to your travel planning queries in natural language.
• Generating personalized travel recommendations based on your preferences, past booking history, and corporate travel policy.
• Predicting pricing trends and suggesting optimal booking times.
• Automating travel policy compliance checks and flagging out-of-policy bookings.
• Providing proactive trip disruption alerts and rebooking suggestions.

4.3 Analytics, Improvement, and Development

• Analyzing usage patterns to improve and optimize the Service, including AI model performance.
• Conducting research and development to build new features and services.
• Generating aggregate, de-identified analytics and reporting for Corporate Account holders regarding their organization’s travel spend, booking trends, and policy compliance.

4.4 Security and Fraud Prevention

• Detecting, investigating, and preventing fraudulent transactions and unauthorized access.
• Monitoring for security threats and protecting the integrity of the Service.
• Verifying user identities and authenticating access.

4.5 Legal Compliance and Obligations

• Complying with applicable laws, regulations, and legal processes.
• Responding to lawful requests from governmental authorities.
• Enforcing our Terms of Service and other agreements.
• Maintaining records as required for tax, accounting, and regulatory purposes.

4.6 Communications and Marketing

• Sending service-related notifications (booking confirmations, policy updates, security alerts) which are not marketing and cannot be opted out of.
• With your consent or as otherwise permitted by law, sending promotional communications about new features, product updates, and offers. You can opt out of marketing communications at any time.

5. AI-Specific Data Practices

5.1 AI Model Training

We may use de-identified and aggregated data derived from user interactions to improve our AI models, including conversational quality, travel recommendation accuracy, and predictive capabilities. We do not use your individually identifiable personal data, travel itineraries, or conversational content to train general-purpose AI models that serve other customers without first applying robust de-identification and aggregation techniques. Corporate Account holders may opt out of having their organization’s data used for AI model improvement by contacting us at privacy@biztrip.ai.

5.2 Conversational Data

When you interact with our AI agents, your prompts, queries, and the AI-generated responses are logged for the purposes of providing the Service (including maintaining conversation context), improving response quality, debugging errors, and ensuring safety. Conversational logs are retained in accordance with Section 8 (Data Retention) of this Policy. You may request deletion of your conversational history through your account settings or by contacting us.

5.3 Automated Decision-Making

Our Service may use automated processing to make certain decisions, such as flagging bookings that fall outside your corporate travel policy, suggesting alternative travel options, or assessing the risk profile of a transaction. These automated decisions are designed to assist, not replace, human judgment. Where automated decisions have a significant legal or similarly significant effect on you, you have the right to request human review, to express your point of view, and to contest the decision, in accordance with applicable law.

5.4 Third-Party AI Sub-Processors

We may use third-party AI infrastructure and model providers (such as large language model APIs) to power certain AI Features. Data shared with these sub-processors is subject to contractual data processing agreements that require the sub-processor to process data solely on our instructions, maintain appropriate security measures, and refrain from using the data for their own model training. A list of our current AI sub-processors is available upon request.

6. How We Share Your Personal Data

We do not sell your personal data. We share your personal data only in the following circumstances:

6.1 With Travel Partners — To complete bookings and provide travel services, we share relevant Transaction Data and Traveler Profile Data with airlines, hotels, car rental companies, and other Travel Partners necessary to fulfill your travel arrangements. This includes your name, contact details, travel document information, loyalty program numbers, and preferences. Each Travel Partner’s own privacy policy governs their subsequent use of your data.

6.2 With Your Employer / Corporate Account — If you use the Service through a Corporate Account, your employer or Account Administrator may have access to your booking history, itinerary details, expense reports, travel policy compliance data, and aggregate usage analytics. The scope of employer access is defined by the Corporate Account agreement and the Administrator’s configuration. Your employer’s privacy policy governs their use of such data.

6.3 With Service Providers — We engage trusted third-party service providers who process data on our behalf to operate the Service, including cloud hosting and infrastructure providers, payment processors, email and notification delivery services, analytics providers, customer support platforms, identity verification services, and AI sub-processors. These providers are contractually bound to use your data only as instructed by us, maintain confidentiality, and implement appropriate security measures.

6.4 For Legal and Compliance Purposes — We may disclose your personal data when required to do so by law, in response to valid legal process (such as a court order, subpoena, or government request), to enforce our Terms of Service, to protect the rights, property, or safety of BizTrip AI, our users, or the public, and to detect, prevent, or address fraud, security, or technical issues.

6.5 Corporate Transactions — In the event of a merger, acquisition, reorganization, bankruptcy, asset sale, or similar corporate transaction, your personal data may be transferred to the acquiring entity or successor. We will provide notice of any such transfer and any choices you may have regarding your data.

6.6 With Consent — We may share your personal data with third parties when you have given us explicit consent to do so, such as when you authorize an integration with a third-party application or service.

7. Cookies and Tracking Technologies

We use cookies, pixel tags, local storage, and similar tracking technologies on our website and within our mobile applications.

7.1 Essential Cookies — Required for the basic operation of the Service, such as authentication, session management, security, and load balancing. These cannot be disabled.

7.2 Functional Cookies — Remember your preferences (such as language, currency, and default airport) to provide a more personalized experience.

7.3 Analytics Cookies — Help us understand how users interact with the Service, measure feature adoption, identify errors, and improve performance. We may use third-party analytics services (such as Google Analytics or Mixpanel) for this purpose.

7.4 Advertising and Marketing Cookies — Used to deliver relevant advertisements and measure advertising campaign effectiveness. We may allow third-party advertising partners to place cookies for interest-based advertising. We do not use advertising cookies within the mobile app unless you explicitly opt in.

7.5 Your Cookie Choices — You may manage your cookie preferences through our cookie consent banner when you first visit our website, through your browser settings, or through platform-specific privacy controls. On mobile devices, you may opt out of interest-based advertising through your device’s privacy settings. We honor Global Privacy Control (GPC) signals. Please note that disabling certain cookies may affect the functionality of the Service.

8. Data Retention

We retain your personal data for as long as reasonably necessary to fulfill the purposes described in this Policy.

• Account Data: Retained for the duration of your active account plus 30 days following account deletion to allow for reactivation requests and to complete any pending transactions.
• Transaction and Booking Data: Retained for seven (7) years from the date of the transaction to satisfy tax, accounting, and regulatory record-keeping requirements.
• Conversational Logs: Retained for two (2) years for service improvement and debugging, unless you request earlier deletion.
• Expense Data: Retained for the period required by the Corporate Account’s agreement or seven (7) years, whichever is longer.
• Marketing Data: Retained until you withdraw consent or opt out, after which we will delete or de-identify the data within 30 days.

When personal data is no longer needed, we securely delete or de-identify it in accordance with our data retention schedule and applicable law.

9. Data Security

We implement and maintain reasonable technical, administrative, and organizational security measures designed to protect your personal data against unauthorized access, alteration, disclosure, destruction, or loss. These measures include:

• Encryption of data in transit (TLS 1.2 or higher) and at rest (AES-256).
• Role-based access controls and least-privilege principles for employees and contractors.
• Multi-factor authentication for administrative access and sensitive operations.
• Regular security assessments, penetration testing, and vulnerability scanning.
• An incident response plan and breach notification procedures in compliance with applicable law.
• SOC 2 Type II compliance (or equivalent certification, as applicable).

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security. We encourage you to use strong, unique passwords and to keep your login credentials confidential.

10. International Data Transfers

BizTrip AI is headquartered in the United States. Your personal data may be transferred to, stored in, and processed in the United States or other countries where our service providers and Travel Partners operate. Where required by applicable law, we implement appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA.
• The UK International Data Transfer Addendum for transfers from the United Kingdom.
• Reliance on adequacy decisions where applicable.
• Compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework, as applicable.
• Other lawful transfer mechanisms recognized under applicable data protection law.

You may contact us at privacy@biztrip.ai to obtain more information about the safeguards we use for international data transfers.

11. Your Rights and Choices

Depending on your location and applicable law, you may have some or all of the following rights:

• Right of Access: Request confirmation of whether we process your personal data and obtain a copy of that data.
• Right to Rectification: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data, subject to applicable legal retention requirements.
• Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
• Right to Data Portability: Request a machine-readable copy of your personal data to transfer to another service provider.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
• Right to Non-Discrimination: Exercise your privacy rights without receiving discriminatory treatment.
• Right to Opt Out of Sale/Sharing: We do not sell personal data. If we ever engage in practices that constitute “sale” or “sharing” (as defined under the CCPA or similar laws), we will provide a clear opt-out mechanism.
• Right to Appeal: If we deny your rights request, you may appeal our decision by contacting privacy@biztrip.ai.

To exercise any of these rights, please contact us at privacy@biztrip.ai, use the privacy settings within your account, or write to us at the address provided in Section 19. We will respond to verified requests within the timeframes required by applicable law (typically 30 to 45 days).

12. Children’s Privacy

The Service is designed for use by businesses and adult professionals. We do not knowingly collect personal data from individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). If we become aware that we have inadvertently collected personal data from a child, we will take reasonable steps to delete that data promptly. If you believe that a child has provided personal data to us, please contact us at privacy@biztrip.ai.

13. Third-Party Services and Links

The Service may contain links to or integrations with third-party websites, applications, and services that are not operated by us, including Travel Partner booking platforms, corporate HR and finance systems, calendar applications, expense management tools, and others. This Policy does not apply to such third-party services. We encourage you to review the privacy policies of any third-party service before providing your personal data. We are not responsible for the privacy practices or content of third-party services.

14. Mobile Application Privacy

14.1 Device Permissions — Our mobile app may request access to location services, camera (for scanning travel documents, receipts, or boarding passes), push notifications, contacts (if you choose to share travel plans with colleagues), and calendar. Each permission is requested at the time of first use and can be revoked at any time through your device’s settings.

14.2 Mobile Analytics and Crash Reporting — We use mobile analytics SDKs and crash reporting tools to monitor app performance, identify bugs, and improve the user experience. These tools may collect device information, app usage data, and crash logs.

14.3 Offline Data — Certain data (such as your upcoming itinerary and boarding passes) may be cached locally on your device for offline access. This data is protected by your device’s built-in encryption and security features. You may clear locally cached data by clearing the app’s data in your device settings or by logging out of the app.

14.4 App Store Terms — Your download and use of the mobile app is also subject to the terms and privacy policies of the applicable app store (Apple App Store or Google Play Store).

15. Corporate Account and Employer Data

When BizTrip AI provides the Service to a Corporate Account, the corporate entity (your employer) typically acts as the data controller. In this context, BizTrip AI acts as a data processor, processing personal data on behalf of and under the instructions of the corporate entity, as set forth in our Data Processing Agreement (DPA).

Corporate Account Administrators may have the ability to access traveler profiles and booking history, view and export expense reports and analytics, configure and enforce corporate travel policies, manage user access and permissions, and receive automated reports on travel spend and policy compliance.

16. Travel-Specific Data Considerations

16.1 Passenger Name Records (PNR) and Travel Documents — When you book travel through the Service, your Passenger Name Record and travel document information are shared with airlines, border control agencies, and other entities as required by law and industry standards. This data may be subject to mandatory government access in the destination country.

16.2 Health and Safety Data — In certain circumstances (such as destination-specific health requirements, pandemics, or travel insurance claims), we may process health-related information that you voluntarily provide. We process such data only for the specific purpose for which it was provided and apply enhanced protections as required by applicable law.

16.3 Loyalty Program Data — If you choose to link your airline, hotel, or other loyalty program accounts to your BizTrip AI profile, we will access and display your loyalty program information to facilitate bookings and earn rewards on your behalf. We do not share your loyalty credentials with unauthorized parties.

16.4 Travel Risk and Duty of Care — Corporate Account holders may use the Service’s traveler tracking features to fulfill their duty of care obligations. If your employer has enabled these features, your real-time or last-known location may be visible to designated safety coordinators within your organization during active trips. This data is used solely for safety and security purposes.

17. Changes to This Privacy Policy

We may update this Policy from time to time to reflect changes in our data practices, legal requirements, or business operations. The “Last Updated” date at the top of this Policy indicates when it was most recently revised. If we make material changes, we will notify you by posting a prominent notice on our website, sending an email, or displaying an in-app notification. Your continued use of the Service after any changes constitutes your acceptance of the updated Policy.

18. Jurisdiction-Specific Provisions

18.1 European Economic Area (EEA), United Kingdom, and Switzerland — Processing governed by GDPR and equivalent local laws. Legal bases: performance of a contract, legitimate interests, consent, and legal obligation. Data Protection Officer: dpo@biztrip.ai. Right to lodge complaint with local supervisory authority.

18.2 United States (CCPA/CPRA and State Privacy Laws) — We do not sell your personal information. We do not use or disclose sensitive personal information for purposes other than those permitted. We honor Global Privacy Control (GPC) signals. Contact privacy@biztrip.ai to exercise rights.

18.3 Brazil (LGPD) — Rights include access, correction, deletion, portability, and information about data sharing. Contact dpo@biztrip.ai.

18.4 Canada (PIPEDA and Provincial Laws) — Right to access and request correction of personal data. Contact privacy@biztrip.ai.

18.5 Australia — We comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth). Complaints may be directed to the Office of the Australian Information Commissioner.

18.6 Other Jurisdictions — We will comply with applicable data protection laws of your jurisdiction. Contact privacy@biztrip.ai for jurisdiction-specific information.

19. Contact Us

BizTrip AI, Inc.
Email: privacy@biztrip.ai
Data Protection Officer: dpo@biztrip.ai
Website: www.biztrip.ai
Phone: (415) 722-1554
Terms of Service: https://biztrip.ai/terms-of-service

If you are a Traveler using the Service through a Corporate Account and have questions about how your employer processes your personal data, please contact your employer directly.