Guides, references, and resources.
Last Updated: January 12, 2026 Effective Date: January 12, 2026
This Privacy Policy describes how Travos.ai ("Travos.ai," "we," "us," or "our") collects, uses, stores, and shares your personal information when you:
This policy applies to all users worldwide. If you are located in the European Economic Area (EEA), United Kingdom, or other regions with specific data protection laws, please see the "International Users and Your Rights" section for additional information about your rights under GDPR, UK GDPR, and other applicable regulations.
Please read this policy carefully. By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.
For information about our Services, Terms of Service, and other policies, please visit:
We collect several types of information from and about users of our Services.
When you register for an account, we collect:
When you subscribe to a paid plan, we collect:
When you use our Services, you provide:
When you contact us, we collect:
When you access or use our Services, we automatically collect certain information:
We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. For detailed information, see our Cookie Policy at travos.ai/cookies-policy and Section 9 below.
We receive information from third-party services you connect to our platform:
| Source | Information Received | Purpose |
|---|---|---|
| GitHub | Username, email address, repository metadata, commit information | To enable repository-based deployments |
| Polar.sh | Payment confirmation, subscription status, billing events | To manage your subscription and payments |
| Google Analytics | Anonymous usage patterns, demographics, interests | To understand how users interact with our website |
| OAuth Providers | Profile information, email address | To authenticate your account (if you use social login) |
We only receive information from third parties that you authorize us to access through OAuth connections or that is necessary to provide our Services.
To be completely transparent, here's what we do not collect or access:
We use the information we collect for the following purposes:
These uses are necessary to provide you with our Services:
| Purpose | Legal Basis (GDPR) | Description |
|---|---|---|
| Provide Services | Contract performance | Provisioning, managing, and maintaining your deployments |
| Process payments | Contract performance | Billing, invoicing, and payment processing through Polar.sh |
| Account management | Contract performance | Creating and managing your account, authentication |
| Customer support | Contract performance | Responding to your inquiries, troubleshooting issues |
| Service communications | Contract performance | Sending transactional emails (deployment status, billing notifications, security alerts) |
These uses are based on our legitimate business interests:
| Purpose | Legal Basis (GDPR) | Description |
|---|---|---|
| Improve Services | Legitimate interests | Analyzing usage patterns to enhance features and user experience |
| Security and fraud prevention | Legitimate interests | Detecting and preventing unauthorized access, abuse, and security threats |
| Analytics | Legitimate interests | Understanding how users interact with our platform to make data-driven decisions |
| Infrastructure optimization | Legitimate interests | Optimizing resource allocation and performance |
| Product development | Legitimate interests | Developing new features and services based on user needs |
For certain activities, we rely on your explicit consent:
| Purpose | Legal Basis (GDPR) | Description |
|---|---|---|
| Marketing communications | Consent | Sending promotional emails about new features, updates (you can opt-out anytime) |
| Optional analytics | Consent | Advanced tracking for product improvement (if you opt-in) |
| Beta testing | Consent | Inviting you to test experimental features |
You can withdraw your consent at any time by contacting us at privacy@travos.ai or using the unsubscribe link in emails.
We process certain information to comply with legal requirements:
| Purpose | Legal Basis (GDPR) | Description |
|---|---|---|
| Legal compliance | Legal obligation | Complying with tax laws, data retention requirements, court orders |
| Regulatory reporting | Legal obligation | Responding to lawful requests from authorities |
| Mandatory reporting | Legal obligation | Reporting illegal content (e.g., CSAM) to authorities as required by law |
Infrastructure Management:
Security:
Analytics (Aggregated and Anonymized):
We want to be clear about what we do not do:
We share your personal information only in the limited circumstances described below.
We share information with third-party service providers who help us operate our business. These providers are contractually obligated to protect your information and use it only for the services they provide to us:
| Service Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Amazon Web Services (AWS) | Infrastructure hosting, compute, storage | Customer deployments, infrastructure data, backups | US East (Virginia) |
| Polar.sh | Payment processing, subscription management | Billing information, payment details, transaction history | [Polar.sh data centers] |
| Supabase | Authentication and database services | Account information, user profiles, auth tokens | [Supabase data centers] |
| Google Analytics | Website analytics | Anonymous usage patterns, page views, demographics | Google data centers |
| Email service provider | Transactional and marketing emails | Email address, name, communication preferences | [Provider location] |
| Sentry (if applicable) | Error tracking and monitoring | Error logs, stack traces, performance data | [Sentry data centers] |
Each of these providers:
We execute Data Processing Agreements (DPAs) with service providers that handle personal data.
We may disclose your information if required by law or if we believe such action is necessary to:
a) Comply with legal obligations, including:
b) Protect our rights, property, or safety, including:
c) Protect the safety of our users and the public, including:
We will notify you of legal requests for your information unless:
If Travos.ai is involved in a merger, acquisition, bankruptcy, reorganization, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. In such cases:
We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. For example:
This information does not constitute personal data and is not subject to this Privacy Policy.
We may share your information with third parties when you explicitly consent to such sharing, such as:
We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Active account data | Duration of account + 30 days | To provide Services and allow for account reactivation |
| Deployed pods and configurations | Duration of subscription + 30 days | To maintain your Services |
| Backups | 90 days after deletion | Disaster recovery and business continuity |
| Payment records and invoices | 7 years | Tax compliance, financial auditing, legal requirements |
| Support communications | 3 years | Customer service quality and dispute resolution |
| Usage logs and metrics | 90 days | Security, troubleshooting, capacity planning |
| Security and audit logs | 1 year | Security investigations, compliance, fraud prevention |
| Aggregated analytics | Indefinitely | Anonymized data for product improvement |
| Crash/error reports | 1 year | Product improvement and bug fixes |
When you close your account or cancel your subscription:
Immediate (0-7 days):
Within 30 days:
Within 90 days:
Retained as required:
You may request earlier deletion of your data by contacting us at privacy@travos.ai. We will comply with deletion requests within 30 days, except for:
We take the security of your personal information seriously and implement industry-standard security measures to protect it.
Encryption:
Access Controls:
Infrastructure Security:
Application Security:
Personnel:
Policies and Procedures:
Monitoring and Auditing:
While we implement robust security measures, security is a shared responsibility. You are responsible for:
In the event of a data breach that affects your personal information:
Within 72 Hours:
Notification Will Include:
Your Rights:
No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You acknowledge and accept the inherent security risks of internet-based services.
Your personal information and Customer Data are processed and stored on Amazon Web Services (AWS) infrastructure located in the United States (US East - N. Virginia region).
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your personal data will be transferred to the United States, which may not provide the same level of data protection as your home jurisdiction.
We rely on the following mechanisms to ensure adequate protection for international data transfers:
We use the European Commission's Standard Contractual Clauses (also known as Model Clauses) approved for transfers of personal data to third countries. SCCs are contractual commitments between us and our service providers to protect your data according to European standards.
Our key service providers maintain compliance with international data protection standards:
In addition to SCCs, we implement supplementary technical and organizational measures, including:
By using our Services and providing your information, you consent to the transfer of your information to the United States and other countries where we or our service providers operate. If you do not consent to such transfers, please do not use our Services.
For users in the United Kingdom, we comply with the UK GDPR and UK data protection laws. We use the UK International Data Transfer Agreement or International Data Transfer Addendum to the European Commission's Standard Contractual Clauses as appropriate.
If you have questions or concerns about how your data is transferred or protected, please contact us at privacy@travos.ai.
We respect your rights regarding your personal information. Your rights vary depending on your location.
Regardless of your location, you have the following rights:
Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Deletion: Request deletion of your personal information (subject to certain legal exceptions).
Data Portability: Receive your data in a structured, commonly used, machine-readable format (e.g., JSON, CSV).
Withdraw Consent: Withdraw consent for processing based on consent (does not affect lawfulness of processing before withdrawal).
If you are in the European Economic Area or United Kingdom, you have these additional rights under GDPR:
Restrict Processing: Request that we limit how we use your data in certain circumstances:
Object to Processing: Object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.
Automated Decision-Making: Right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you. (Note: We do not currently use automated decision-making for such purposes.)
Lodge a Complaint: File a complaint with your local data protection authority (supervisory authority) if you believe we have violated your privacy rights.
Relevant supervisory authorities include:
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know: Request disclosure of:
Right to Delete: Request deletion of your personal information (subject to certain exceptions).
Right to Opt-Out of Sale: Opt-out of the "sale" of your personal information. Note: We do not sell personal information.
Right to Correct: Request correction of inaccurate personal information.
Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information (we do not collect sensitive personal information as defined by CCPA).
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights (e.g., by denying Services, charging different prices, or providing different quality of service).
If you are in other jurisdictions with specific data protection laws, you may have additional rights. Please contact us at privacy@travos.ai to inquire about rights specific to your location.
To exercise any of your privacy rights:
1. Email Us:
2. Provide Verification Information:
3. We Will Respond:
To protect your privacy and security, we must verify your identity before fulfilling your request. We may:
We cannot fulfill requests if we cannot verify your identity.
In some cases, we may not be able to fulfill your request if:
We will explain the reasons if we cannot fulfill your request.
You may designate an authorized agent to make requests on your behalf. The authorized agent must:
We use cookies and similar tracking technologies to collect information about your browsing activities on our website.
Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit a website. Cookies allow the website to recognize your device and remember information about your visit.
We use the following types of cookies:
These cookies are necessary for the website and Services to function properly. They cannot be disabled.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
| Session cookies | Maintain your login state | Session (deleted when browser closes) | First-party |
| Authentication tokens | Secure authentication and session management | 30 days | First-party |
| CSRF protection | Prevent cross-site request forgery attacks | Session | First-party |
| Load balancing | Distribute traffic across servers | Session | First-party |
These cookies enable enhanced functionality and personalization, such as remembering your preferences.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
| Preferences | Remember your settings (theme, language) | 1 year | First-party |
| Dashboard state | Remember your dashboard layout and preferences | 90 days | First-party |
These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.
| Service | Purpose | Duration | Type |
|---|---|---|---|
| Google Analytics | Website traffic analysis, user behavior, demographics | Up to 2 years | Third-party |
Google Analytics collects:
Data sharing: Google Analytics data is processed by Google LLC. Google's privacy policy: https://policies.google.com/privacy
Third-party cookies are set by domains other than travos.ai. We use third-party cookies for:
When you first visit our website, you will see a cookie consent banner. You can choose to:
Essential cookies cannot be disabled as they are necessary for the website to function.
You can change your cookie preferences at any time by clicking the "Cookie Preferences" link in the footer of our website.
Most web browsers allow you to control cookies through their settings. You can typically:
Browser help links:
You can opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on: https://tools.google.com/dlpage/gaoptout
Some browsers offer a "Do Not Track" (DNT) signal. We currently do not respond to DNT signals because there is no universally accepted standard for how to interpret them. We respect your cookie preferences set through our cookie consent banner.
If you block or delete cookies:
In addition to cookies, we may use:
These technologies serve similar purposes to cookies (e.g., analytics, functionality).
We may update our use of cookies and tracking technologies. Any material changes will be reflected in this Privacy Policy and, where required, we will obtain your consent for new cookies.
Our Services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from children.
To use Travos.ai Services, you must be:
By using our Services, you represent and warrant that you meet these age requirements.
We do not knowingly collect, use, or disclose personal information from children under 18 years of age. Our Services are designed for adults and businesses.
If you are a parent or legal guardian and believe that your child under 18 has provided us with personal information without your consent, please contact us immediately at privacy@travos.ai with:
If we become aware that we have collected personal information from a child under 18 without parental consent:
We will respond to parental requests within 30 days.
We comply with applicable children's privacy laws, including:
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
When we make changes to this Privacy Policy:
a) Update Date: We will update the "Last Updated" date at the top of this policy.
b) Material Changes: For significant changes that reduce your rights or significantly change how we process your data, we will:
c) Minor Changes: For non-material changes (typo corrections, clarifications, additional details that don't change substance), we may update the policy without advance notice.
Examples of material changes include:
Your continued use of the Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.
If you do not agree to the updated Privacy Policy:
We may maintain historical versions of this Privacy Policy. You may request a copy of previous versions by contacting us at privacy@travos.ai.
If you are in the EEA or UK, you have the right to be informed about changes to how we process your personal data. We will ensure compliance with GDPR notification requirements.
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@travos.ai
Use this email for:
Email: dpo@travos.ai
If we are required to appoint a Data Protection Officer under GDPR or other regulations, you can contact them at this address.
Email: support@travos.ai
For general account support, technical issues, and non-privacy inquiries.
Email: legal@travos.ai
For legal inquiries, compliance questions, and law enforcement requests.
Email: security@travos.ai
To report security vulnerabilities or suspected data breaches.
Physical Address: [TO BE DETERMINED - will be added when company is incorporated]
For written correspondence, please send mail to the address above. Please allow additional time for postal mail responses.
We strive to respond to all inquiries promptly:
If you are in the EEA or UK and believe we have violated your privacy rights, you have the right to lodge a complaint with your local supervisory authority:
We encourage you to contact us first so we can address your concerns directly.
For the complete details, please read the full Privacy Policy above.
© 2026 Travos.ai. All rights reserved.
This Privacy Policy was last updated on January 12, 2026.