Privacy Policy

Last updated: 2026-04-16

1. Information We Collect

1.1 Information you provide directly

• Quote & booking requests: Name, email address, phone number, departure and destination cities, travel dates, cabin preference, number of passengers, and any special requests (dietary, wheelchair, frequent-flyer numbers).
• Account & newsletter: Email address and communication preferences when you subscribe to our newsletter or deal alerts.
• Payment information: Credit or debit card details, billing address, and cardholder name. Card details are processed by our PCI-DSS-compliant payment processor and are never stored on our servers — we retain only the last four digits and card type for your records.
• Communications: Content of emails, phone calls (which may be recorded for quality and training purposes), live chat transcripts, and social media messages you send us.
• Corporate accounts: Company name, corporate travel policies, traveler lists, and billing contacts for corporate travel management clients.

1.2 Information collected automatically

• Device & browser data: IP address, browser type and version, operating system, device type, screen resolution, and language settings.
• Usage data: Pages viewed, time spent on pages, referral URLs, click patterns, and search queries on the Site.
• Cookies & similar technologies: We use cookies, pixels, and local storage as described in Section 8 below.
• Geolocation: Approximate geographic location derived from your IP address (city/region level, not precise GPS coordinates).

1.3 Information from third parties

• Airlines & booking systems: Booking confirmations, ticket numbers, fare rules, and schedule changes from Sabre, Amadeus, Travelport, and airline direct systems.
• Analytics providers: Aggregated and anonymized usage data from Google Analytics 4 and Google Tag Manager.

2. How We Use Your Information

We use the personal information we collect for the following purposes:

• Service delivery: Prepare and deliver personalized flight quotes, issue tickets with airlines under your name, manage itinerary changes, and provide post-booking support.
• Communications: Respond to your inquiries, send booking confirmations and e-tickets, notify you of schedule changes or cancellations, and provide travel alerts.
• Marketing (with consent): Send newsletter emails, deal alerts, fare drop notifications, and promotional offers. You may opt out at any time (see Section 6).
• Site improvement: Analyze usage patterns to improve the Site, personalize content, optimize performance, and develop new features.
• Fraud prevention & security: Detect and prevent fraudulent transactions, verify identity for high-value bookings, and protect the security of our systems.
• Legal compliance: Comply with applicable laws, tax record-keeping, airline industry reporting requirements, US Department of Transportation regulations, and respond to lawful requests from government authorities.

3. How We Share Your Information

We do not sell your personal information to third parties. We share your information only in the following circumstances:

• Airlines & travel suppliers: We share your name, passport details (when required), contact information, and travel preferences with airlines, global distribution systems (Sabre, Amadeus, Travelport), hotels, and ground transportation providers as necessary to fulfill your booking.
• Payment processors: Credit card details are transmitted directly to our PCI-DSS-compliant payment processor for authorization and settlement.
• Service providers: We use carefully selected third-party providers for email delivery (Resend), analytics (Google Analytics 4), cloud hosting (Vercel, Supabase), customer support tools, and marketing automation. These providers are contractually bound to use your data only on our behalf and in accordance with this Privacy Policy.
• Legal requirements: We may disclose information when required by law, subpoena, court order, or government regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Site before your information becomes subject to a different privacy policy.

4. Children's Privacy

The Site is not directed to children under the age of 16 (or 13 in jurisdictions where that is the applicable threshold under the Children's Online Privacy Protection Act, “COPPA”). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at legal@bookmybusinessclass.com and we will promptly delete it.

5. Data Retention

• Booking records: 7 years from the date of travel, as required by US travel industry regulations, airline industry reporting, and tax record-keeping requirements.
• Quote requests (unconverted): 2 years from the date of request, then automatically deleted.
• Newsletter subscribers: Until you unsubscribe, plus 30 days for suppression-list retention to prevent re-enrollment.
• Analytics data: 26 months (Google Analytics 4 default retention period).
• Payment records: Transaction records retained for 7 years; full card numbers are never stored on our systems.

You may request earlier deletion by emailing legal@bookmybusinessclass.comwith the subject line “Data Deletion Request.” We will respond within 30 days.

6. Your Rights and Choices

6.1 All users

• Access & correction: You may request a copy of the personal information we hold about you and ask us to correct any inaccuracies.
• Deletion: You may request deletion of your personal information, subject to our legal retention obligations.
• Marketing opt-out: Every marketing email contains an “Unsubscribe” link. You may also email us at legal@bookmybusinessclass.com with the subject “Unsubscribe.” Opt-out requests are processed within 10 business days. Opting out of marketing does not affect transactional communications related to active bookings.
• Do Not Track: The Site does not currently respond to browser “Do Not Track” (DNT) signals. We do not engage in cross-site behavioral tracking for advertising purposes.

6.2 California residents (CCPA / CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, the business purpose, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions (e.g., completing a transaction, legal compliance).
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt Out of Sale/Sharing: We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond what is necessary to provide our services.

To exercise your California privacy rights, email legal@bookmybusinessclass.comwith the subject “CCPA Request” or call +1 (866) 699-4488. We will verify your identity before processing your request and respond within 45 days.

Categories of personal information collected in the past 12 months: Identifiers (name, email, phone, IP address); commercial information (booking history, fare quotes); internet activity (pages viewed, search queries); geolocation data (approximate, from IP); professional information (corporate account data). We have not sold any personal information in the preceding 12 months.

6.3 Other US state privacy laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with consumer privacy legislation may exercise rights similar to those described above. Contact us at legal@bookmybusinessclass.comwith the subject “Privacy Request — [Your State]” and we will respond in accordance with applicable law.

6.4 European Economic Area, UK & Swiss residents (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and UK-GDPR:

• Legal basis: We process your data based on (a) contractual necessity (to fulfill your booking), (b) legitimate interests (to improve our services and prevent fraud), and (c) consent (for marketing communications).
• Data portability: You may request a copy of your data in a structured, machine-readable format.
• Right to object: You may object to processing based on legitimate interests at any time.
• Right to restrict processing: You may request that we restrict processing while a complaint is resolved.
• Supervisory authority: You have the right to lodge a complaint with your local data protection authority.
• International transfers: Your data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office as the legal mechanism for such transfers.

To exercise your GDPR rights, email legal@bookmybusinessclass.comwith the subject “GDPR Request.” We will respond within 30 days.

7. Marketing and Electronic Communications

• Opt-in: We send marketing emails only to users who have explicitly consented by subscribing to our newsletter, requesting deal alerts, or checking a marketing consent box during the quote process.
• CAN-SPAM compliance: Every marketing email includes our physical mailing address, a clear “Unsubscribe” link, and an accurate subject line. We honor opt-out requests within 10 business days.
• CASL compliance: For Canadian recipients, we obtain express consent before sending commercial electronic messages and include a functioning unsubscribe mechanism.
• Frequency: Newsletter subscribers receive no more than 2-3 emails per week. Deal alert subscribers may receive additional time-sensitive fare notifications.
• Transactional emails: Booking confirmations, e-tickets, schedule change alerts, and payment receipts are transactional messages and are not affected by marketing opt-out.

8. Cookies and Tracking Technologies

We use the following categories of cookies and similar technologies:

We do not use third-party advertising cookies, retargeting pixels, or social media tracking pixels. You can disable cookies in your browser settings without losing core Site functionality. For more information about cookies, visit allaboutcookies.org.

9. Data Security

• All data in transit is encrypted using TLS 1.3.
• Data at rest is encrypted on SOC2-certified infrastructure (Supabase / AWS).
• Payment card data is handled exclusively by our PCI-DSS Level 1 compliant payment processor and is never stored on our servers.
• Database access is restricted by role-based access controls with multi-factor authentication.
• We conduct regular security assessments and maintain an incident response plan.
• Employee access to personal data is limited to staff who require it for their job functions and is subject to confidentiality obligations.

While we implement industry-standard safeguards, no method of electronic transmission or storage is 100% secure. If you have reason to believe your information has been compromised, please contact us immediately at legal@bookmybusinessclass.com.

10. International Data Transfers

Elite Travel Technologies LLC is based in the United States. If you access the Site from outside the United States, your information will be transferred to, stored, and processed in the United States where data protection laws may differ from those of your jurisdiction. For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) as the legal mechanism. Your information may also be processed by our support teams. By using the Site, you consent to the transfer of your information to the United States.

11. Third-Party Links

The Site may contain links to third-party websites, including airline sites, hotel booking platforms, and travel resources. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policy of every site you visit. A link from our Site does not constitute an endorsement of that site's privacy practices.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email to active customers and a prominent notice on the Site at least 30 days before they take effect. The “Last updated” date at the top of this page always reflects the most recent revision. Your continued use of the Site after changes become effective constitutes acceptance of the revised Privacy Policy.

13. Contact Us