Privacy Policy for TravelSmart Mobile Application
Last Updated: January 9, 2026
Effective Date: January 8, 2026
Introduction
NewEcom AI ("we," "our," or "us") operates the TravelSmart mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.
By using TravelSmart, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Information You Provide
| Data Type | Purpose | Storage |
|-----------|---------|---------|
| Account Information | Email, name, password (hashed) | Encrypted on device & securely hashed |
| Business Information | Agency name, IATA/ARC numbers, certifications | Stored locally on device |
| Client Information | Names, contact details, travel preferences | Stored locally on device |
| Travel Requests | Trip details, destinations, dates, budgets | Stored locally on device |
1.2 Information Collected Automatically
| Data Type | Purpose | Retention |
|-----------|---------|-----------|
| Voice Recordings | Transcription of travel requests | Processed in real-time, not permanently stored |
| Photos | Analyze travel inspiration images | Processed in real-time, not permanently stored |
| Usage Analytics | App improvement (anonymized) | 90 days |
1.3 Information from Third-Party Services
We integrate with the following services to provide travel search functionality:
- OpenAI - Natural language processing for travel requests
- Amadeus - Flight and hotel search
- Google Places - Place details, ratings, and reviews
- Viator - Tours and experiences (if enabled)
These services may process your travel queries. Please review their respective privacy policies:
- OpenAI: https://openai.com/privacy
- Amadeus: https://amadeus.com/en/policies/privacy-policy
- Google: https://policies.google.com/privacy
2. How We Use Your Information
We use collected information to:
✅ Provide Services
- Generate personalized travel itineraries
- Search for flights, hotels, and experiences
- Create client proposals and quotes
✅ Improve the App
- Analyze usage patterns (anonymized)
- Fix bugs and optimize performance
- Develop new features
✅ Communicate with You
- Send service-related notifications
- Respond to support requests
- Provide important updates
❌ We Do NOT
- Sell your personal information
- Share client data with third parties for marketing
- Use your data for targeted advertising
3. Data Storage and Security
3.1 Local Storage
All personal and client data is stored locally on your device using Apple's secure storage mechanisms:
- SwiftData - Encrypted database for structured data
- iOS Keychain - API keys and sensitive credentials (AES-256 encryption)
3.2 Security Measures
| Measure | Implementation |
|---------|---------------|
| Password Hashing | PBKDF2 with 100,000 iterations + random salt |
| API Key Storage | iOS Keychain with `kSecAttrAccessibleWhenUnlocked` |
| Network Security | All API calls over HTTPS/TLS 1.3 |
| Input Validation | Sanitization against XSS, injection attacks |
3.3 Third-Party API Processing
When you create travel requests, query data is sent to:
- OpenAI servers for natural language processing
- Amadeus servers for travel inventory search
- Google Places servers for place details, ratings, and reviews
These transmissions are encrypted and data is not permanently stored by these services beyond their stated retention policies.
4. Data Retention
| Data Type | Retention Period |
|-----------|-----------------|
| Account Information | Until you delete your account |
| Client Profiles | Until you delete them |
| Itineraries | Until you delete them |
| Voice Recordings | Processed immediately, not stored |
| Photos | Processed immediately, not stored |
| API Usage Logs | 90 days (anonymized) |
5. Your Rights and Choices
5.1 Access and Export
You can:
- View all your stored data within the App
- Export itineraries as PDF documents
- Request a copy of your data by contacting us
5.2 Deletion
You can:
- Delete individual clients, itineraries, or proposals
- Delete your account (removes all associated data)
- Request complete data deletion by contacting us
5.3 Permissions
You can revoke app permissions at any time:
| Permission | How to Revoke |
|------------|---------------|
| Microphone | Settings → TravelSmart → Microphone → Off |
| Photos | Settings → TravelSmart → Photos → None |
6. Children's Privacy
TravelSmart is designed for professional travel agents and is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.
7. International Data Transfers
If you use TravelSmart outside the United States, your information may be transferred to and processed in the United States where our third-party service providers (OpenAI, Amadeus) operate. By using the App, you consent to this transfer.
8. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Posting the new Privacy Policy in the App
- Updating the "Last Updated" date
- Sending a notification for material changes
9. California Privacy Rights (CCPA)
California residents have additional rights:
- Right to Know - What personal information we collect
- Right to Delete - Request deletion of your data
- Right to Opt-Out - We do not sell personal information
- Right to Non-Discrimination - Equal service regardless of privacy choices
To exercise these rights, contact us at the address below.
10. European Privacy Rights (GDPR)
If you are in the European Economic Area, you have rights under GDPR including:
- Access to your personal data
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Data portability
- Restriction of processing
- Objection to processing
Legal Basis for Processing:
- Contract performance (providing the service)
- Legitimate interests (improving the App)
- Consent (optional features like voice input)
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights:
Email: privacy@newecom.ai
Address:
NewEcom AI
915 Shore Acres Drive
Mamaroneck
10543 New York
U.S.A
Data Protection Officer: privacy@newecom.ai
12. Consent
By using TravelSmart, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
*This Privacy Policy was last reviewed and updated on January 9, 2026.*