Privacy
What we collect, how we protect it, and your rights.
Last updated February 5, 2026
We never sell your data
No advertising, no data brokers, no third-party marketing. Ever.
No tracking pixels or ad cookies
One session cookie to keep you logged in. That's it.
Your data is yours
Each account's data is completely separate. No other accounts can access it.
Export your data anytime
Account administrators can export customer data, reservations, and commissions to Excel.
You control the data. We process it.
You're the data controller. We store and protect it on your behalf.
Stripe handles payments
We never see your credit card number. Stripe processes everything.
What We Collect
Data you enter about your clients and your business. We collect only what's needed to run the platform.
Client contact data
Names, email addresses, phone numbers, nicknames, and physical addresses you enter for your clients.
Personal dates and relationships
Birthdays, anniversaries, and other important dates you choose to record, including family member names and relationships.
Reservations and travel details
Booking numbers, travel dates, destinations, suppliers, stateroom details, celebrations, and related travel information.
Financial and commission data
Reservation costs, commission amounts and percentages, agent splits, payment records, and remittance details.
Uploaded documents
Remittance statements (PDFs) uploaded for commission reconciliation.
Your account
Email address for authentication (passkey login), workspace settings, and a session cookie to keep you logged in.
Free-text notes are for operational context — trip preferences, conversation summaries, follow-up reminders. Do not enter passport numbers, Social Security numbers, payment card numbers, or medical information in notes fields.
What We Don't Collect
Your Role and Ours
You (the travel agency)
You're the data controller. You decide what client information to enter and how to use it. You're responsible for having a lawful basis to collect your clients' personal information.
Us (Kindra AI)
We're the data processor. We store and protect that information on your behalf, according to your instructions and our Terms of Service.
What this means in practice
- We process your clients' data only to provide the services you subscribed to
- We never independently contact your clients
- We don't share data between agencies — each workspace is isolated at the database level
- If one of your clients contacts us about their data, we'll direct them to you
- We provide tools to help you fulfill your obligations: data export, customer management, and deletion
Third-Party Data Processors
We share data only with service providers who help us operate the platform. No advertising networks, no data brokers.
| Provider | What they may process | Why |
|---|---|---|
| Stripe | Subscription billing data | Payment processing |
| Anthropic | Service data as needed for platform features | Data processing and analysis |
| Service data as needed for platform features | Data processing and analysis | |
| Honeybadger | Error context (may include request data) | Application error monitoring |
| monday.com | Board and project data (when connected) | monday.com integration features |
Anthropic and Google process service data in real-time and do not retain your data for their own training purposes.
How Long We Keep Your Data
- While you're a customer — all your data is retained for the duration of your subscription.
- If you cancel — your data remains available for 30 days so you can export everything. After that, it's permanently deleted.
- Financial records — commission and payment data may be retained longer as required for tax and legal compliance.
- Error monitoring — Honeybadger retains error data for 30 days.
Account administrators can export all data at any time — not just when leaving. Your data is always accessible to you.
Your Rights
Depending on your location, you may have the following rights under applicable data protection laws (GDPR, UK GDPR, CCPA, and other US state privacy laws).
- Right to access — Request all data we hold about your agency and clients.
- Right to correction — Update any inaccurate information.
- Right to deletion — Request deletion of your data, subject to legal retention requirements for financial records.
- Right to data portability — Export your data in standard formats (Excel).
- Right to restrict processing — Limit how we use your data.
- Right to object — Object to processing of your personal information.
- Right to withdraw consent — If processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at support@kindra.ai. We respond to every request personally.
Cookies
We use a single cookie called _kindra_ai_session. It's strictly necessary for the website to function.
- What it does — Keeps you logged in as you navigate between pages. Contains a random session ID, not personal information.
- Duration — Expires after 14 days of inactivity.
- Secure — Encrypted and transmitted over HTTPS only.
- Private — We don't use it to track you across other websites.
- Essential — Without it, you can't log in. Blocking it prevents access to Kindra AI.
That's it. No analytics cookies, no marketing cookies, no third-party cookies. One cookie to keep you logged in.
Legal Foundations
Legal bases for processing (GDPR / UK GDPR)
- Contract performance — Providing the travel agency platform you subscribed to: storing data, generating reports, processing remittances.
- Legitimate interest — Application monitoring, security, and service improvement.
- Legal obligation — Retaining financial records for tax and accounting compliance.
- Consent — Marketing communications. We only send these when you've opted in.
For Canadian users: we may process your information where you have given express consent, or where consent can be implied. You may withdraw consent at any time by contacting us.
US state privacy rights
If you are a resident of California or other US states with privacy laws, you have additional rights including the right to know what personal information we collect, request its deletion, and opt out of any sale (we don't sell data, so there's nothing to opt out of).
Categories of personal information we've collected in the past 12 months:
- Identifiers — Email addresses, names, phone numbers, physical addresses. Yes.
- California Customer Records — Names, addresses, phone numbers, financial information (commission data). Yes.
- Commercial information — Reservation costs, commission records, payment data. Yes.
- Internet or network activity — We don't track browsing behavior. No.
Do-Not-Track
We don't track your browsing activity, so Do-Not-Track signals don't change our behavior. There is nothing to stop tracking because we don't track.
Children
Kindra AI is a business tool for travel professionals. It is not intended for use by anyone under 18.
International data transfers
Our services and service providers are based in the United States. If you access Kindra AI from outside the US, your data is transferred to and processed in the United States. All data is encrypted in transit and at rest.
Changes to this policy
We may update this policy from time to time. The "last updated" date at the top of the page will always reflect the most recent version.
monday.com Integration
When you connect your monday.com account, we access your board and project data through OAuth authentication. We act as a third-party service provider to monday.com.
- What we access — Board data, project information, and team details from your monday.com account, only when you explicitly connect it.
- How we use it — To provide project analytics and insights within your monday.com workspace.
- How to disconnect — Disconnecting the integration immediately stops data access.
Data processing follows both this privacy policy and monday.com's privacy policy.
Questions?
Need a copy of your data? Have a privacy concern? We respond to every request personally.
support@kindra.ai