Privacy & Legal

Your Data.
Our Responsibility.

Traveler personality data is sensitive. We treat it with the same care as financial or health information. Here's exactly how we protect it.

Compliance

Regulatory Compliance

PIPEDA (Canada)

Full compliance with Canada's Personal Information Protection and Electronic Documents Act. All data collection, use, and disclosure follows PIPEDA's 10 fair information principles.

GDPR (EU)

GDPR-ready for European travelers. Lawful basis for processing, data minimisation, right to erasure, and data portability fully supported.

CCPA (California)

California Consumer Privacy Act compliance for US travelers. Right to know, right to delete, and right to opt-out of data sales.

SOC 2 Type II (Planned)

Working toward SOC 2 Type II certification for enterprise clients. Security, availability, and confidentiality controls audited annually.

Security

Enterprise-Grade Security

Traveler DNA data receives enhanced protection beyond standard personal data. Our security architecture is designed to protect the most sensitive behavioral insights.

AES-256 encryption at rest for all traveler data
TLS 1.3 encryption in transit for all communications
Multi-factor authentication for all admin access
Regular penetration testing and vulnerability assessments
Role-based access control (RBAC) for partner data
Automated backup with 30-day retention
Incident response plan with 24-hour breach notification
Data Processing Agreements (DPA) with all sub-processors
Data Handling

What We Collect & How We Use It

Traveler DNA Data

Sensitive

Data Points

Quiz responses
Marker scores (0-100)
Archetype classifications
Blend ratios

Retention

Lifetime (with consent) or until deletion requested

Sharing Policy

Shared with partner agencies as aggregated profiles only. Raw quiz responses never shared.

Account Data

Standard

Data Points

Name, email, phone
Agency information
Billing details

Retention

Duration of account + 7 years for tax/legal

Sharing Policy

Never shared with third parties. Used only for service delivery.

Usage Analytics

Operational

Data Points

Quiz completion rates
Feature usage
Performance metrics

Retention

24 months rolling

Sharing Policy

Aggregated, anonymised analytics shared in partner dashboards.

Legal Documents

Available Documentation

Terms of Service (B2C)

Terms governing consumer use of the TravelOne platform

B2B Agency Licensing Agreement

Standard SaaS licensing terms for agency partners

Data Processing Agreement (DPA)

GDPR-compliant DPA for data sharing with partners

Mutual Non-Disclosure Agreement

Standard mutual NDA for pre-partnership discussions

Privacy Policy

Full privacy policy covering all data collection and use

Supplier/DMC Services Contract

Standard terms for DMC and supplier partnerships

Cookie Policy

Details on cookies and tracking technologies used

All legal documents are available upon request during the partnership onboarding process. Contact our team at legal@travelone.io for copies.

Questions About Privacy?

Our data protection team is available to answer any questions about how we handle traveler data.

Contact Our Team