Privacy Policy

3.1. Contract Performance (Article 6(1)(b) GDPR)

We process your data to provide our travel planning services, including creating and managing your travel plans, generating itineraries, and processing your requests. This includes data necessary to perform our contract with you.

3.2. Legitimate Interests (Article 6(1)(f) GDPR)

We process data for our legitimate business interests, including:

• Improving our services and user experience
• Ensuring service security and preventing fraud
• Analyzing usage patterns to enhance our AI travel planning capabilities
• Communicating important service updates

3.3. Consent (Article 6(1)(a) GDPR)

We process certain data based on your explicit consent, such as:

• Newsletter subscriptions
• Marketing communications (if applicable)
• Optional features that require additional data processing

You may withdraw your consent at any time by contacting us or using the unsubscribe options provided.

3.4. Legal Obligations (Article 6(1)(c) GDPR)

We may process data to comply with legal obligations, including tax requirements, accounting regulations, and responding to lawful requests from authorities.

4.1. Travel Planning Data

• Travel Plans: Trip titles, descriptions, travel preferences, destinations, dates, budgets, and travel requirements
• Filters and Preferences: Selected filters (flights, stays, food, hiking, beach, rail, photo spots, city walks, etc.)
• Itinerary Information: Generated travel itineraries, activities, accommodations, transportation details
• Pricing Information: Travel costs, currency, payment modes, pricing breakdowns

4.2. Organizer and Traveler Information

• Primary Organizer Data: Name, email address, contact information, and other details provided during finalization
• Secondary Organizers: Names, email addresses, and contact information of additional organizers
• Traveler Emails: Email addresses of travelers included in the travel plan
• Payment Information: Payment mode preferences (pay-as-you-go, etc.)

4.3. Technical Data

• IP Address: Your Internet Protocol address when accessing our service
• Browser Information: Browser type, version, and settings
• Device Information: Device type, operating system, screen resolution
• Usage Data: Pages visited, time spent, actions taken, features used
• Log Data: Server logs, error logs, access timestamps

4.4. Communication Data

• Email Addresses: Provided for newsletter subscriptions, travel notifications, and service communications
• AI Communication Emails: Email addresses used for AI-generated travel notifications and updates sent from iris@tixace.com
• Contact Information: Any contact details you provide when reaching out to us
• Correspondence: Messages, inquiries, feedback, and support requests sent to hello@tixace.com or iris@tixace.com

4.5. Preferences and Settings

• Theme Preferences: Light/dark mode selections stored in local storage
• User Preferences: Customized settings and preferences for the service

4.6. Additional Trip Data

• Trip Names: Names of additional trips created
• Trip Details: Additional trip information, itineraries, and pricing

5.1. Service Provision

• Creating and managing your travel plans
• Generating personalized travel itineraries using AI technology (Iris)
• Processing travel requests and preferences
• Managing travel finalizations and organizer information
• Providing additional trip options and recommendations
• Calculating and displaying travel pricing information

5.2. Communication

• Sending travel notifications and updates from our AI assistant (Iris) via iris@tixace.com
• Responding to your inquiries and support requests sent to hello@tixace.com
• Handling AI-related inquiries and communications via iris@tixace.com
• Sending newsletter content (with your consent)
• Providing important service announcements

5.3. Service Improvement

• Analyzing usage patterns to improve our AI travel planning capabilities
• Enhancing user experience and service features
• Conducting research and development
• Testing and optimizing service performance

5.4. Legal Compliance

• Complying with applicable laws and regulations
• Responding to lawful requests from authorities
• Protecting our legal rights and interests
• Enforcing our terms and conditions

5.5. Security and Fraud Prevention

• Detecting and preventing fraud, abuse, and security threats
• Ensuring service security and integrity
• Monitoring for suspicious activities

6.1. Storage Location

Your personal data is stored using MongoDB Atlas, a cloud-based database service. MongoDB Atlas may store data in data centers located within the European Economic Area (EEA) or in other locations as configured. We ensure that appropriate safeguards are in place for any international transfers (see Section 11).

We implement appropriate technical and organizational measures to protect your data during storage and transmission.

6.2. Data Retention Periods

We retain your personal data for the following periods:

• Active Travel Plans: Retained while the travel plan is active and for a period of 3 years after the last activity or finalization
• Newsletter Subscriptions: Retained until you unsubscribe or request deletion
• Communication Records: Retained for 3 years from the date of last communication
• Technical Logs: Retained for 12 months for security and debugging purposes
• Legal Compliance Data: Retained as required by applicable laws (e.g., accounting records may be retained for 8 years under Hungarian law)

After the retention period expires, we will securely delete or anonymize your personal data, unless we are required to retain it for legal compliance purposes.

6.3. Data Deletion

You may request deletion of your personal data at any time by contacting us. We will delete your data within 30 days of your request, unless we are required to retain it for legal compliance or legitimate business purposes.

7.1. Service Providers

We may share data with trusted third-party service providers who assist us in operating our service:

• MongoDB Atlas: Cloud database hosting service
• Hosting Providers: Cloud infrastructure and hosting services
• Barion Payment Services: Payment processing service (see Section 7.5 for details)
• Email Service Providers: Services for sending emails and newsletters, including AI-generated emails from iris@tixace.com
• Analytics Providers: Services for analyzing usage patterns (if applicable)

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

Note on AI Services: Our AI travel planning assistant (Iris) is developed and operated by Tixace. It is not a third-party service. All AI-generated communications are sent from iris@tixace.com.

7.2. Legal Requirements

We may disclose your data if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of our users or others.

7.3. Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of any such transfer and ensure your rights are protected.

7.4. With Your Consent

We may share your data with other parties when you have explicitly consented to such sharing.

7.5. Payment Processing - Barion

When you make payments through our Service, we use Barion Payment Services ("Barion") to process payments. Barion is a Hungarian payment service provider authorized by the Magyar Nemzeti Bank (Central Bank of Hungary).

We share the following data with Barion for payment processing:

• Payment amount and currency
• Transaction identifiers
• Email address (for payment confirmations)
• Payment method information (credit card, bank transfer, etc.)
• Billing information necessary for transaction processing

Important: We do not store or have access to your full payment card details. All payment card information is handled directly by Barion and is subject to Barion's privacy policy and security measures. Payment card data is processed in accordance with PCI DSS standards.

Barion may share certain transaction data with banks, card networks, and other financial institutions as necessary to process payments. Barion's processing of your payment data is governed by:

• Barion's Terms and Conditions and Privacy Policy
• Hungarian financial services regulations
• European Union payment services regulations (PSD2)
• PCI DSS security standards

For more information about how Barion processes your payment data, please review Barion's privacy policy available at www.barion.com.

8.1. Right of Access (Article 15 GDPR)

You have the right to obtain confirmation as to whether we process your personal data and to access your personal data, including copies of the data we hold about you.

8.2. Right to Rectification (Article 16 GDPR)

You have the right to have inaccurate or incomplete personal data corrected or completed.

8.3. Right to Erasure ("Right to be Forgotten") (Article 17 GDPR)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Deletion is required for legal compliance

8.4. Right to Restrict Processing (Article 18 GDPR)

You have the right to restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

8.5. Right to Data Portability (Article 20 GDPR)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

8.6. Right to Object (Article 21 GDPR)

You have the right to object to processing of your personal data based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

8.7. Right to Withdraw Consent

When processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

8.8. Right to Lodge a Complaint

You have the right to lodge a complaint with the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) or your local supervisory authority if you believe your data protection rights have been violated (see Section 15).

9.1. Local Storage

We use browser local storage to store your preferences, such as:

• Theme Preferences: Your light/dark mode selection (stored as "tixace-theme")
• User Preferences: Other settings and preferences for service functionality

Local storage data is stored only on your device and is not transmitted to our servers except as part of normal service functionality. You can clear local storage through your browser settings.

9.2. Cookies

Currently, we use minimal cookies. If we implement cookies in the future, we will update this policy and provide appropriate cookie consent mechanisms in accordance with GDPR and EU ePrivacy Directive requirements.

9.3. Tracking and Analytics

We may use analytics tools to understand how our service is used. Any tracking will be disclosed in this section and will comply with applicable privacy laws. We do not currently use third-party tracking or advertising cookies.

11.1. MongoDB Atlas

MongoDB Atlas may store data in data centers located outside the EEA. We ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• MongoDB Atlas compliance with GDPR and other applicable data protection laws
• Data processing agreements that protect your rights

11.2. Adequacy Decisions

We may transfer data to countries that have been deemed adequate by the European Commission, where no additional safeguards are required.

11.3. Your Rights

When we transfer your data internationally, you retain all the rights described in Section 8, and we ensure that your data receives an adequate level of protection.