Privacy Policy

This Privacy Notice explains how Voyage Companion Ltd ("Modulix", "we", "us") collects, uses, and protects personal data when you visit voyagecompanion.io or use the Modulix AI platform.

We comply with the UK GDPR, EU GDPR (where applicable), and the Data Protection Act 2018.

Information You Provide

• Account Information: Name, email, company name, job title, phone number
• Payment Information: Billing address, payment details (processed by third parties)
• Booking Data: Traveller information, itineraries, preferences
• Communications: Messages, support requests, feedback

Information We Collect Automatically

• Usage Data: Pages visited, features used, booking history
• Device Information: IP address, browser type, operating system
• Log Data: Access times, error messages, API calls

Information from Third Parties

• Travel Suppliers: Booking confirmations from GDS providers (Amadeus, Sabre)
• Payment Processors: Transaction status, payment verification
• Analytics Providers: Aggregated usage statistics

Service Delivery

• Creating and managing your account
• Processing bookings and payments
• Providing customer support and service notifications

Service Improvement

• Analysing usage patterns to improve features
• Training and improving our AI models
• Developing new products and services

Legal and Security

• Complying with legal obligations
• Detecting and preventing fraud
• Enforcing our Terms of Service

• Contract Performance: Processing necessary to provide the Service
• Legitimate Interests: Improving our Service, analytics, fraud prevention
• Consent: Marketing communications, optional cookies (withdraw any time)
• Legal Obligation: Compliance with tax and regulatory requirements

Service Providers

• Cloud Infrastructure: Microsoft Azure (hosting, storage)
• Payment Processors: Stripe
• Travel Suppliers: Amadeus, Sabre, Hotelbeds

Legal Requirements

We may disclose data to law enforcement or regulators when required by law or to protect our rights.

Business Transfers

In the event of a merger or acquisition, personal data may transfer to the acquiring entity.

• Account Data: Duration of account plus 6 years
• Booking Records: 7 years (regulatory compliance)
• Marketing Data: Until you withdraw consent
• Usage Logs: 12 months
• Support Tickets: 3 years after resolution

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal obligations)
• Restrict Processing: Limit how we use your data
• Data Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for processing at any time

To exercise your rights, email privacy@voyagecompanion.io. We respond within 30 days.

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Access controls and multi-factor authentication
• Regular security assessments and penetration testing
• Incident response and breach notification procedures