Privacy Policy

This Privacy Policy describes how TrenT Fly ("we", "our") collects, uses, stores, and protects the personal data of users ("you", "Data Subject") in compliance with the Brazilian General Data Protection Law (Lei n. 13.709/2018 — LGPD), the European General Data Protection Regulation (GDPR), and other applicable regulations.

1. Personal Data Collected

We collect the following personal data in the context of providing our services:

1.1. Data provided directly by you

• Identification data: full name, email address.
• Contact data: mobile phone number (for WhatsApp integration).
• Account data: login credentials (email and encrypted password).
• Travel preferences: destinations of interest, preferred dates, flight class, favorite airlines, departure airports.

1.2. Data collected automatically

• Search history: flight searches performed on the Platform, including origins, destinations, dates, and applied filters.
• Browsing data: IP address, browser type, operating system, pages visited, time on site.
• Approximate location: country and region inferred from IP address or phone prefix, to customize language and currency.
• WhatsApp interaction data: messages exchanged with the AI assistant for service delivery purposes.

1.3. Payment data

• Payment information (credit card, bank details) is processed directly by our payment partners (Stripe and Mercado Pago). TrenT Fly does not store complete credit card data on its servers.

2. Purpose of Processing

We use your personal data for the following purposes:

• Service delivery: search for flights, generate personalized itineraries, send price alerts, and provide assistance via WhatsApp.
• Personalization: adapt search results, suggestions, and recommendations based on your preferences and history.
• Account management: create and maintain your account, process subscriptions and payments.
• Communication: send service notifications, updates, price alerts, and relevant information.
• Service improvement: analyze usage patterns to enhance the Platform, fix errors, and develop new features.
• Security: prevent fraud, protect Platform integrity, and ensure data security.
• Legal compliance: meet legal, regulatory, or judicial requirements.

3. Legal Basis for Processing

The processing of your personal data is based on the following legal grounds under LGPD (art. 7) and GDPR (art. 6):

• Performance of contract (LGPD art. 7, V / GDPR art. 6(1)(b)): processing is necessary for the delivery of contracted services.
• Consent (LGPD art. 7, I / GDPR art. 6(1)(a)): for sending marketing communications and promotional offers. You may revoke your consent at any time.
• Legitimate interest (LGPD art. 7, IX / GDPR art. 6(1)(f)): for service improvement, usage analysis, and fraud prevention.
• Legal obligation (LGPD art. 7, II / GDPR art. 6(1)(c)): when necessary to meet legal or regulatory requirements.

4. Data Sharing

TrenT Fly does not sell, rent, or trade your personal data.

Your data may be shared with the following partners:

• Payment processors: Stripe, Inc. (USA) and Mercado Pago (Brazil), exclusively for secure financial transaction processing.
• Messaging provider: Meta Platforms, Inc. (USA), through WhatsApp Business API, for sending price alerts and user support.
• Artificial intelligence provider: Google LLC (USA), through Google Gemini API, for natural language processing in searches and generation of personalized suggestions. Google does not use this data to train its models.
• Infrastructure providers: Railway (USA) for hosting and Supabase, Inc. (USA) for PostgreSQL database.
• Legal obligation: when required by law, court order, or competent authority.

5. Cookies and Similar Technologies

• Essential cookies: necessary for Platform operation, session maintenance, and authentication.
• Preference cookies: store your choices such as language, theme, and preferred currency.
• Analytics cookies: help us understand how the Platform is used to improve the User experience.

6. Your Rights as a Data Subject

In compliance with LGPD (art. 18) and GDPR (Chapter III), you have the following rights:

• Access: confirm whether we process your data and obtain access to it.
• Correction: request correction of inaccurate or outdated data.
• Deletion: request deletion of unnecessary data or data processed on the basis of consent.
• Portability: request your data in a structured, machine-readable format.
• Withdrawal of consent: revoke consent at any time.
• Restriction (GDPR art. 18): request restriction of processing in certain circumstances.
• Complaint: file a complaint with the ANPD (Brazil) or your local DPA (EU).

To exercise your rights, contact us at [email protected]. We will respond within 15 business days.

7. Data Retention

• Account data: retained while the account is active. After closure, up to 5 years for legal compliance.
• Search history: up to 2 years for personalization.
• Payment data: per applicable tax obligations (up to 5 years).
• WhatsApp conversations: up to 1 year after the last interaction.
• Access logs: 6 months, per Brazilian Internet Framework (Lei n. 12.965/2014).

8. International Data Transfer

The following providers process data outside of Brazil, in compliance with LGPD (art. 33) and GDPR (art. 46):

• Google LLC (USA) — Natural language processing via Gemini API.
• Meta Platforms, Inc. (USA) — Message delivery via WhatsApp Business API.
• Stripe, Inc. (USA) — Payment processing.
• Supabase, Inc. (USA) — PostgreSQL database.
• Railway Corp. (USA) — Application hosting.

9. Use of Artificial Intelligence

TrenT Fly uses artificial intelligence to enhance the User experience. In compliance with the EU AI Act (Art. 50):

• Purpose: AI interprets natural language searches, generates itinerary suggestions, summarizes travel information, and personalizes recommendations.
• Provider: Natural language processing is performed by Google Gemini API. Messages are processed to generate responses and are not stored by Google for model training.
• AI-generated content: Itineraries, suggestions, and recommendations are generated by AI and may contain inaccuracies. Such content is identified on the Platform and should be verified by the User.
• Automated decisions: AI does not make binding decisions about the User. All purchase decisions are made exclusively by the User.

10. Data Security

We adopt appropriate technical and organizational measures to protect your personal data against unauthorized access, destruction, loss, or alteration. For more details, see our Security Policy.

11. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Federative Republic of Brazil. The courts of the State of Sao Paulo, Brazil, shall have jurisdiction over any disputes arising from this Policy, without prejudice to any other jurisdiction provided by applicable consumer protection legislation.

12. Contact

• General email: [email protected]
• Privacy email: [email protected]
• Website: apptrent.com.br