VamoTrip Privacy Policy

This Privacy Policy explains how VamoTrip (“we,” “us,” or “our”) collects, uses, shares, and protects information, including personal data, in relation to our travel-planning chatbot and related services (the “Service”). It also describes your rights and choices regarding your personal data to the extent applicable under the laws of your jurisdiction.

We aim to comply with applicable privacy laws, including (where relevant) the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and other local laws.

By using the Service, you agree to the collection and use of information as described in this Policy. If you do not agree, please do not use the Service. We may update this Policy from time to time, and the revised version will be posted with a new “Last Updated” date.

1. Introduction and Scope

VamoTrip is an AI-powered chatbot that helps users plan travel itineraries and discover personalized recommendations. When you use our Service, you are interacting with an AI conversational system, not a human agent. We disclose this for transparency, including compliance with emerging AI regulations (such as the EU’s Artificial Intelligence Act). This Privacy Policy applies to information we collect through our website, applications and chatbot interface (currently at our main site or any authorized apps/extensions) where the Privacy Policy is referenced or linked.

This Privacy Policy does not cover any third-party websites or services that we do not control, even if our Service provides links to them or integrates with them (such as booking partners or external travel information sources). Those third parties have their own privacy policies.

2. Information We Collect

We aim to collect only the information we need to provide and improve our Service. The data we collect can be grouped into two categories: (A) information you voluntarily provide to us, and (B) information collected automatically when you interact with the Service.

A. Information You Provide Voluntarily

• Travel Preferences. Optional inputs such as destinations, budget, or interests.
• Chat Inputs. Information you provide in conversations with the chatbot (e.g., travel dates, personal circumstances). These may include personal data if you choose to disclose it.
• Communications. Information you provide when contacting us directly (e.g., support requests, feedback).
• Surveys/Feedback. Information you provide when participating in research, contests, or surveys.
• Sensitive Data. We do not request or require government IDs, or financial account details. Do not provide such data. If you enter it into the chatbot, it will be processed as general chat input, and transmitted to AI providers under their terms, outside our control, at your own risk.

B. Information Collected Automatically

• Device and Browser Data. Device type, operating system, browser, language, screen resolution.
• IP Address. Used to derive approximate location, detect misuse, and for diagnostics.
• Usage Data. Information about how you interact with the Service (pages visited, features used, timestamps, navigation paths).
• Chatbot Logs. Inputs and AI responses may be logged for context, diagnostics, and service improvement.
• Cookies and Similar Technologies. Used to remember sessions and analyze usage. See our Cookie Policy for details.
• Analytics Services. We use third-party analytics to measure usage and improve the Service. These providers collect device and usage information but not direct identifiers such as your name or email unless you voluntarily include such identifiers in chat inputs.

3. How We Use Information

We use information for the following purposes:

• To provide and maintain the Service. We process data to deliver the chatbot functionality and related features. For example, your chat inputs are used by AI engine to generate travel recommendations. We may also use data to troubleshoot and fix issues you encounter.
• To personalize responses and recommendations. Information you provide (like travel preferences, home city, or past trip data) and data we collect about your interactions helps us tailor the recommendations and content you see. For instance, if you often search for beach destinations, we might highlight beach-related suggestions, or use your IP-derived region to show nearby attractions. Personalization makes the chatbot’s responses more relevant to you.
• To communicate with you (support, service updates, optional marketing).
• To analyze usage and improve the Service. We use automatically collected data (and aggregated user information) to understand how our Service is used. This helps us debug problems, improve the AI’s accuracy and responsiveness, decide on new features, and enhance user experience. For example, we might analyze which types of questions confuse the AI to improve its training, or see which features are rarely used to reconsider our design. We may also use aggregated analytics to improve design and usability.
• To prevent misuse and maintain security.
• To comply with legal obligations.
• For other purposes with your consent.

Legal bases (GDPR/UK GDPR): performance of contract, consent, legitimate interests (balanced against your rights), and legal obligations.

4. How We Share Information

We share personal data only in these cases:

• Service Providers. Hosting, analytics, communications, and related functions.
• AI Providers. Chat inputs are transmitted to external AI platforms such as OpenAI and Google. We do not have a zero-retention agreement. These providers may log or use the data under their own terms and privacy policies, which are outside our control. By using the Service, you acknowledge and accept this risk. We encourage you to review their privacy policies.
• Travel Partners. If you initiate a booking, relevant details might be transmitted to the partner to process the reservation. Their use of data is governed by their own privacy policy.
• Legal Obligations. When required by law or necessary to protect rights and safety.
• Business Transfers. In case of merger, acquisition, or similar event.
• With Consent. Apart from the situations above, if we intend to share your personal information for other purposes, we will obtain your consent.

No Sale of Personal Data: We do not sell your personal data to third parties for money. We also do not share personal information with third parties for their own direct marketing purposes unless you have given consent.

5. Data Retention

• Chat Logs (without account). User chat sessions may be stored temporarily on our servers to maintain context during your session and for short-term analysis. we aim to purge or anonymize casual chat logs that are not tied to an account after a certain period (typically within 30–60 days) to reduce data storage, unless we need them longer for troubleshooting or improvement purposes. If chat data is used to improve the service, we might retain it in an aggregated or anonymized form (with no direct identifiers) for a longer period.
• Analytics Data. Data collected via cookies and analytics tools may be retained as long as needed for our analysis.
• Communications. If you contact us via email or support, we may retain those communications and our responses for as long as necessary to address your issue and for training or quality assurance. Important business communications might be retained longer if necessary.
• Legal/Backups. Retained as required by law or for dispute resolution.

When no longer needed, data is securely deleted or anonymized.

6. Your Rights

We will make reasonable efforts to honor requests in line with applicable laws, subject to our technical and operational capacity during beta testing. Depending on your jurisdiction, you may have rights to:

• Access or obtain a copy of your personal data. You have the right to request a copy of the personal data we hold about you (to the extent we can reasonably associate it).
• Request deletion (“right to be forgotten”). You may ask us to delete your personal information. Note that we may retain certain minimal information as required by law or as described in the Data Retention section (e.g., to record that we fulfilled your deletion request or to keep a record of a past transaction). If you simply stop using the Service without formally deleting, we may eventually purge personal data after a period of inactivity, but it’s best to request deletion for a clean removal.
• Object to or restrict processing. You have the right to object to our processing of your data in certain circumstances. For example, if we process your data based on legitimate interests, you can object if you believe it impacts your rights. If you make such an objection, we will consider whether we have compelling legitimate grounds to continue processing or if we need to stop.
• Withdraw consent (e.g., marketing). If we are processing any personal information based on your consent, you can withdraw that consent at any time. For example, if you signed up for marketing emails, you can unsubscribe (withdrawing consent for marketing). Withdrawing consent won’t affect the lawfulness of any processing done before withdrawal, but it will stop the specific activity moving forward. Note: if you withdraw consent for things like cookies, be sure to adjust settings in our Cookie banner or in your browser.
• Exercise rights under CCPA/CPRA (California). If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, use, disclose, or sell about you, the right to request deletion of your personal information, the right to opt-out of “sale” or “sharing” of personal info (as defined by CCPA; as noted, we do not sell data in the traditional sense, but if that ever changes we will provide an opt-out), and the right not to receive discriminatory treatment for exercising your rights. The sections of this Privacy Policy describe the categories of data we collect and how we use/share it, which should satisfy the “notice at collection” requirement. You or your authorized agent can submit requests to know or delete by contacting us as described below.
• Other Jurisdictions. If you reside in a country with comprehensive data protection laws (such as Canada, Australia, Brazil, Thailand, etc.), we will accommodate your requests for access, deletion, etc., in accordance with those laws as well.

Requests may be submitted to support@vamotrip.com. We may need to verify your identity.

7. Security

We implement encryption, access controls, monitoring, backups, and secure development practices. However, no system is completely secure.

We take reasonable and appropriate measures to protect the personal information we hold from loss, theft, misuse, and unauthorized access, disclosure, alteration, or destruction. These measures include:

• Encryption: We use HTTPS (TLS) encryption for data transmitted between your browser/app and our servers. This helps protect data in transit from eavesdropping.
• Access Controls: Personal data is accessible only to those team members and service providers who need it to perform their tasks. We implement access control and authentication measures to ensure that only authorized personnel (who are bound by confidentiality obligations) can access user data.
• Monitoring and Patching: We keep our software, libraries, and systems up-to-date with security patches. We monitor our systems for possible vulnerabilities or breaches. If we detect something suspicious, we will act swiftly to mitigate it.
• Secure Development Practices: As we develop the VamoTrip platform, we follow industry best practices for secure coding to minimize common vulnerabilities. We may, at our discretion, conduct internal or external security reviews.

Important: Chat content is processed by AI providers we do not control. Do not submit sensitive or confidential information in free-text chat inputs.

If you have a security-related concern, please contact us immediately at our contact email so we can investigate. In the event of a data breach that affects your personal information, we will notify you and the relevant authorities as required by law.

8. International Data Transfers

VamoTrip is available to users around the world. Your information may be transferred to and processed on servers located in countries different from your own. Some of our service providers (like analytics or AI providers) might process data in the U.S. or elsewhere. This means your personal data could be subject to the laws of jurisdictions where we or our providers operate, which may not provide the same level of data protection as your home country.

By using the Service, you consent to such transfers and acknowledge that different jurisdictions may apply different levels of protection.

9. Children’s Privacy

The Service is intended for individuals who are at least 16 years old (or the age of majority in your jurisdiction, if higher). If you are 13–15 years old, you may only use the Service with the consent of a parent or legal guardian. The Service is not available to anyone under 13. By using VamoTrip, you confirm you meet this requirement. If we learn we have collected data from someone under 13, we will delete it.

10. Third-Party Links

The VamoTrip Service contains links to external websites or services that are not operated by us. For example, when the AI suggests a hotel or attraction, it may provide a link to an external booking site or a tourism webpage. Similarly, we might include social media sharing buttons or use plugins (like a Facebook “Like” button) on our site.

Once you click a third-party link or engage with a third-party service, you will be redirected to that third party’s site or service. Any information you provide to these external sites is not covered by our Privacy Policy. We do not control the content, privacy practices, or security of these third-party sites. We encourage you to review the privacy policies of any site you visit.

For example, if you book travel on an airline or hotel site we linked to, that site will have its own data collection practices for your booking information.

We are not responsible for any third party’s policies or actions.

11. Changes to This Policy

We may modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will provide a prominent notice (e.g., on our website or via email if appropriate) and update the “Last Updated” date at the top of this Policy.

We encourage you to review this Policy periodically. Material changes will be notified as required by applicable law. If you do not agree to the changes, you should stop using the Service and, if applicable, delete your account or otherwise exercise your rights (you can request we delete your data).

We encourage you to review this Policy periodically to stay informed about how we are protecting your information.