Privacy Policy

1. INTRODUCTION

Voyagr Travel Inc. (“Voyagr,” “we,” “our,” or “us”) values your privacy and is committed to handling personal data with the highest standards of transparency, accountability, and compliance. This Privacy Policy provides a detailed explanation of how we collect, use, disclose, and safeguard personal data when you access or use our website and services at https://voyagr.travel (the “Platform”). It also outlines your rights under international data protection frameworks, including, but not limited to, the General Data Protection Regulation (GDPR), the California Consumer Privacy Act, and California Privacy Rights Act (CCPA/CPRA), Brazil’s LGPD, Canada’s PIPEDA, Singapore’s PDPA, and other applicable global privacy laws.

1.1. DEFINITIONS AND EXPLANATIONS

For the purposes of this Privacy Policy, the following terms shall have the meanings set out below. These definitions are intended to clarify the scope and interpretation of the Policy.

• I.

  • “Platform” refers to the Voyagr website (voyagr.travel), associated applications, software, and related services provided by Voyagr, whether accessed through desktop, mobile, or third-party integrations.

• II.

  • “Voyagr,” “we,” “us,” or “our” refers to the entity operating the Platform, including its subsidiaries, affiliates, and authorized representatives responsible for providing services to Travel Agents/Advisors and managing the Platform.

• III.

  • “Travel Agent/Advisor” or “Agent” means any professional individual or entity that registers, verifies, and uses the Platform to facilitate bookings, manage traveler data, and access Supplier services. Only verified Agents are permitted to use the Platform.

• IV.

  • “Traveler” refers to any individual whose personal or travel-related data is entered into the Platform by a Travel Agent/Advisor for the purpose of making travel bookings or related services. Travelers are not direct contractual users of the Platform; their relationship is mediated through the Agent/Advisor.

• V.

  • “Supplier” refers to third-party providers of travel services, including but not limited to airlines, hotels, rental car companies, tour operators, cruise lines, and other travel-related businesses that fulfill bookings made via the Platform.

• VI.

  • “Personal Data” or “Personal Information” means any information that directly or indirectly identifies an individual, such as full name, contact details, government-issued documents, payment information, IP address, or online identifiers, as defined under applicable privacy and data protection laws (including GDPR, CCPA, LGPD, and others).

• VII.

  • “Processing” means any operation or set of operations performed on Personal Data, whether automated or not, including collection, recording, organization, structuring, storage, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, restriction, erasure, or destruction.

• VIII.

  • “Controller” means the natural or legal person, agency, or other body that determines the purposes and means of Processing Personal Data. For Travel Agent–entered Traveler data, the Travel Agent/Advisor acts as the primary Controller, while Voyagr functions as a Processor. For Agent account data, Voyagr acts as the Controller.

• IX.

  • “Processor” refers to any natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of a Controller. In certain contexts, Voyagr acts as a Processor for Traveler data entered by Agents/Advisors.

• X.

  • “Cookies and Tracking Technologies” means small files, scripts, or tools placed on a User’s device to enable functionality, collect usage data, track preferences, or deliver targeted advertising. This includes first-party cookies, third-party cookies, pixels, and beacons.

• XI.

  • “Sensitive Personal Data” refers to special categories of data defined under applicable law, which may include health information, racial or ethnic origin, political opinions, religious beliefs, union membership, genetic or biometric data, sexual orientation, or criminal records. Voyagr does not intentionally collect or process such categories unless strictly necessary and permitted by law.

• XII.

  • “Consent” refers to a freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, through a statement or clear affirmative action, signify agreement to the Processing of their Personal Data.

• XIII.

  • “Anonymization” and “Pseudonymization” refer to techniques used to protect Personal Data. Anonymization irreversibly removes identifiers such that the data cannot be linked back to an individual, while pseudonymization replaces identifiers with artificial identifiers but still allows re-identification under controlled conditions.

1.2. Scope of this Policy

This Privacy Policy governs the collection, use, disclosure, and protection of personal information across all interactions with Voyagr Travel Inc. (“Voyagr,” “we,” “our,” or “us”) and our platform, accessible through voyagr.travel (the “Platform”). This Policy applies to everyone who is going to use or visit our website and/or obtain our services in any way.

• I. Travel Agents/Advisors

  • Individuals who register for an account, undergo verification, and utilize the Platform’s tools and services, including the CRM and booking engine.

• II. Travelers (End Customers)

  • Personal and booking-related information entered into the Platform by verified agents/advisors for the purpose of reserving, purchasing, or managing travel products and services.

• III. Website Visitors

  • Individuals who browse, interact with, or otherwise access voyagr.travel, whether or not they register for an account.

1.3. Global Reach Of Policy

The Platform is designed to serve users worldwide, subject to applicable laws and regulations in each jurisdiction. Access to the Platform is restricted to verified travel agents or advisors. Only applicants who successfully complete our verification process, which may include identity and professional credentials checks, will be permitted to create and use an account.

1.4. Third-Party Integration and Data Handling

Because Voyagr operates as a multi-supplier booking engine, interactions may also involve third-party suppliers, payment processors, and service providers. This Privacy Policy applies to information collected and processed directly by Voyagr; however, the terms and conditions of suppliers or partners may govern certain aspects of cancellations, refunds, or use of traveler data. Users are encouraged to review the privacy policies of relevant third-party providers when booking or integrating services through the Platform.

1.5. Limitations

This Policy does not extend to websites, applications, or services operated by third parties that may be linked to or from the Platform. We disclaim responsibility for the data practices of such external services.

1.6. Acknowledgement

By accessing or using the Platform, all users (agents, advisors, travelers, and visitors) acknowledge the applicability of this Privacy Policy and consent to the practices described herein, subject to rights granted under global privacy laws such as the GDPR, CCPA, and other applicable regulations.

2. INFORMATION COLLECTION

We collect and process different categories of personal and non-personal information depending on the nature of the interaction with our Platform. The information falls into the following categories:

2.1. Information Collected from Travel Agents

When registering and using the Platform.

• I. Identification and Contact Information

  • i. Full Name

  • ii. Business Name

  • iii. Professional Credentials

  • iv. Physical Address

  • v. Email Address

  • vi. Telephone Number.

• II. Account and Authentication Data

  • i. Username

  • ii. Password

  • iii. Documentation Required For Verification.

• III. Financial and Transactional Details

  • i. Preferred payment methods,

  • ii. banking details for commission payments

  • iii. billing information necessary to process subscription or service fees.

2.2. Information Entered About Travelers (by Verified Agents/Advisors)

Travel agents/advisors may input traveler details necessary to facilitate bookings. This may include:

• I. Personal Identification

  • i. Full Name

  • ii. Nationality

  • iii. Date Of Birth.

• II. Contact Information

  • i. Email Address

  • ii. Phone Number

  • iii. Residential Or Mailing Address.

• III. Government and Travel Documentation

  • i. Passport Number

  • ii. Visa Details Or Other Travel Documents Required To Comply With Airline, Hotel, Or Destination Regulations.

• IV. Financial Information

  • i. Credit/Debit Card Details Or Other Financial Data Used To Process Reservations.

2.3. Automatically Collected Technical and Usage Information

When users interact with the Platform, we automatically collect data through cookies, logs, and analytics tools.

• I. Device and Network Identifiers

  • i. IP Addresses

  • ii. Browser Type And Version

  • iii. Operating System

  • iv. Unique Device Identifiers.

• II. Session Data

  • i. Cookies

  • ii. Web Beacons

  • iii. Session Tokens And Analytics Related To Usage Patterns.

  • III. Activity Logs: Access times, page views, search queries, clicks, and error reports to monitor performance and security.

2.4. Sensitive Data

Voyagr does not intentionally collect sensitive personal data such as health-related information, racial or ethnic origin, political opinions, religious beliefs, genetic or biometric identifiers, sexual orientation, or legal/medical records. Traveler data is strictly limited to the categories necessary for the processing of

travel bookings, in accordance with relevant privacy laws.

2.5. Third-Party Sources

In limited circumstances, we may obtain additional information from third-party sources, such as fraud prevention databases, payment processors, or identity verification services, to protect the integrity of the Platform and comply with regulatory obligations.

3. REASONS FOR DATA COLLECTION AND PROCESSING

We collect and process personal information for the following purposes, in line with applicable privacy and data protection laws:

3.1. Account Verification

• I. Authenticate the identity of travel agents/advisors, confirm professional eligibility, and maintain the integrity of the Platform.

• II. Prevent unauthorized access, fraudulent accounts, or misuse of the system.

3.2. Travel Service Facilitation

• I. Process and manage traveler bookings across suppliers such as airlines, hotels, car rental agencies, and tour operators.

• II. Transmit traveler information to suppliers where required for reservations, confirmations, modifications, or cancellations.

3.3 CRM Management

• I. Enable agents to create, store, and manage traveler profiles, including travel history, preferences, and communication records.

• II. Support personalized service offerings and efficient customer relationship management.

3.4 Payment Processing and Services Communication

• I. Securely process agent subscription fees, traveler payments, and supplier charges through authorized payment providers.

• II. Calculate and distribute commissions, generate invoices, and maintain financial records.

• III. Provide customer support, respond to inquiries, and resolve issues.

• IV. Send confirmations, alerts, updates regarding bookings, service announcements, or changes to our policies.

• V. Deliver relevant marketing communications (subject to consent, where required by law).

3.6 Platform Optimization and Security

• I. Monitor and analyze usage patterns in order to enhance functionality, user experience, and system performance.

• II. Test new features, conduct troubleshooting, and protect against errors, abuse, or unauthorized activities.

• III. Detect, investigate, and prevent fraudulent transactions or security threats.

3.7 Regulatory Compliance

• I. Meet obligations under tax, audit, financial reporting, anti-money laundering (AML), counterterrorist financing (CTF), and other applicable legal requirements.

• II. Cooperate with regulators, law enforcement, or courts when legally required.

3.8 Legitimate Business Purposes

Operate, maintain, and improve our business operations in a lawful manner consistent with user rights and expectations.

4. COOKIES, TRACKING TECHNOLOGIES, AND SIMILAR TOOLS

We use cookies, pixels, scripts, and other tracking technologies to enhance user experience, ensure platform functionality, and support lawful business purposes. These technologies may be deployed directly by Voyagr (first-party) or by trusted partners (third-party).

4.1 Types of Cookies We Use

• I. Strictly Necessary Cookies (Essential Cookies)

  • Required for secure login, session management, fraud detection, and basic platform operation. Disabling these may impair core functions.

• II. Performance & Analytics Cookies

  • Collect anonymized data on traffic, browsing behavior, usage frequency, device types, feature performance, and error logs to improve user experience and service reliability.

• III. Functionality Cookies

  • Remember agent preferences (e.g., language, currency, booking filters), reduce repetitive inputs, and personalize platform interactions.

• IV. Tracking Pixels / Beacons

  • Monitor engagement with emails, campaigns, and platform updates to optimize communication strategies.

• V. Session Storage & Local Storage

  • Used by the application to maintain temporary records of user interactions for seamless browsing and booking.

4.2. Purposes of Using Cookies and Trackers

• I. Maintain secure authentication and user sessions.

• II. Enable efficient operation of booking features and CRM tools.

• III. Monitor system health, detect errors, and improve navigation.

• IV. Conduct statistical research and performance analytics.

• V. Deliver personalized, relevant content and advertisements.

• VI. Safeguard against misuse, fraud, or unauthorized activity.

4.3 User Choices and Control

• I. Users may manage or disable cookies at any time via browser settings (e.g., Chrome, Safari, Firefox, Edge).

• II. Some cookies are essential; disabling them may restrict Platform access.

• III. Where legally required (e.g., EU/EEA, UK), users will see a cookie consent banner allowing them to accept, reject, or customize cookie preferences.

• IV. Users may also exercise opt-out rights for marketing trackers by contacting us directly at hello@voyagr.travel.

5. CHILDREN’S DATA AND AGE RESTRICTIONS

Voyagr’s Platform and services are intended solely for licensed and verified travel professionals. We do not knowingly solicit, collect, or store personal data from children under the age of 16 years (or the minimum age required by applicable law in certain jurisdictions, such as 13 in the United States under COPPA).

5.1. Platform Restrictions

Registration requires verification as a travel agent or advisor; minors are not eligible to create accounts or access services. The Platform is business-oriented, not consumer-facing, and contains no features designed to target children.

5.2. Safeguards and Actions if Children’s Data is Collected

If we become aware that data from a child has been provided (directly or indirectly), we will take immediate steps to delete such information from our systems. Where applicable, we will notify the travel agent or advisor who input the information and remind them of their responsibility to secure lawful consent when entering traveler data.

5.3. Responsibilities of Travel Agents and Advisors

• I. Agents are prohibited from submitting children’s personal data unless it is strictly necessary for a travel booking (e.g., flights for minors).

• II. In such cases, agents must obtain lawful parental/guardian consent and remain the data controller for such information. Voyagr will act solely as a processor.

• III. Any misuse, such as entering children’s data without proper authority, may lead to account suspension or termination.

6. LEGAL BASIS FOR PROCESSING

Voyagr processes personal data strictly in accordance with applicable laws. Under the General Data Protection Regulation (GDPR – EU/UK), as well as comparable frameworks such as the California Consumer Privacy Act (CCPA/CPRA – USA), Brazil’s LGPD, and Canada’s PIPEDA, we rely on the lawful

bases provided below.

6.1. Contractual Necessity

We process personal data where it is necessary to enter into or perform a contract with travel agents/advisors. This includes authenticating agents, creating accounts, enabling bookings, transmitting traveler details to suppliers, and distributing commissions. Without such processing, we cannot deliver the services offered on our Platform

6.2. Consent and Vital Interests

Where required by law, we request explicit consent for specific activities such as marketing communications, promotional campaigns, or the use of cookies and tracking technologies in regions where prior consent is mandatory. Consent is voluntary and can be withdrawn at any time without affecting prior lawful processing, and agents remain responsible for securing traveler consent when providing traveler data to Voyagr. In rare circumstances, we may process personal data to protect the vital interests of travelers, for example, in urgent travel-related emergencies or where such processing is necessary to protect life or safety.

6.3. Legitimate Interests

We process certain data where necessary to pursue our legitimate business interests, provided such interests are not overridden by your fundamental rights and freedoms. Examples include improving platform performance, fraud detection, internal analytics, service optimization, and communication with

agents regarding platform updates or operational notices. We conduct balancing tests to ensure that legitimate interests are applied responsibly

6.4. Legal Obligations

• I. We may process personal data to comply with applicable laws, regulations, and lawful requests from authorities.

• II. This includes obligations relating to recordkeeping, tax and financial reporting, anti-money laundering (AML) and counter-terrorist financing (CTF) checks, and compliance with consumer protection or travel industry regulations.

• III. Where processing is mandatory to meet legal obligations, refusal may restrict access to our services.

7. DISCLOSURE OF DATA TO THIRD PARTIES

We disclose personal data only under controlled and limited circumstances, always ensuring compliance with applicable data protection laws. Such disclosures are necessary for the operation of the Platform, the fulfillment of bookings, or the satisfaction of legal obligations.

7.1. Travel Suppliers

We share traveler information with third-party suppliers who are essential to fulfilling travel services. These may include airlines, hotels, tour operators, ground transportation providers, and other relevant service providers. The information disclosed is limited to what is necessary for the supplier to complete

the requested booking or service.

7.2. Technology and Service Providers

We rely on trusted third-party vendors to support the technical and operational infrastructure of the platform. These providers include, but are not limited to:

• I. AWS: Secure hosting and cloud storage.

• II. Supabase: Database management and authentication services.

• III. Stripe: Secure payment processing and financial transactions.

• IV. Google Analytics: Usage tracking, website performance measurement, and reporting.

• V. Intercom: Customer support, live chat, and service communications.

• VI. Beehiiv: Email marketing and communications management.

• VII. Featurebase: Collection of user feedback and roadmap tracking for product development.

Each provider is contractually bound to process personal data only as necessary to perform services on our behalf and in compliance with applicable privacy standards.

7.3. Regulatory and Legal Authorities

We may disclose personal data when required to do so by law or legal process. This includes responding to lawful requests from courts, regulators, tax authorities, law enforcement agencies, or other government entities. We may also disclose data when necessary to protect our legal rights, investigate fraud, ensure compliance with contractual obligations, or respond to urgent security or safety concerns.

7.4. Restrictions on Data Sharing

We do not sell, rent, or trade personal information under any circumstances. Any disclosure to third parties is strictly limited to the purposes outlined in this Privacy Policy and is subject to appropriate safeguards, such as contractual obligations and data protection measures.

8. INTERNATIONAL DATA TRANSFERS

Personal data may be processed in multiple jurisdictions where we or our service providers operate, including regions outside your country of residence. To safeguard such transfers, we implement Standard Contractual Clauses (SCCs), rely on adequacy decisions, or apply other legally recognized safeguards to

ensure that data is handled in accordance with GDPR and comparable international data protection frameworks. By using the Platform, you acknowledge and agree that your personal information may be transferred to countries with different data protection laws; however, we take all necessary measures to

provide adequate protection, maintain security, and uphold your privacy rights in line with applicable regulations.

9. DATA RETENTION PRACTICES

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to meet applicable legal, regulatory, and operational requirements. Traveler information is generally retained until the completion of bookings, after which it may be stored for additional periods required for accounting, auditing, or legal compliance. Agent account data is preserved until the account is deactivated or terminated, unless longer retention is required by law or to resolve disputes. In certain cases, extended retention periods may apply to comply with tax obligations, financial reporting rules, or

regulatory inquiries. Once data is no longer required for active use, it is either securely deleted, anonymized for statistical purposes, or archived with restricted access to protect confidentiality.

10. DATA SECURITY SAFEGUARDS

We take the protection of personal data seriously and employ a combination of administrative, technical, and physical safeguards designed to maintain the confidentiality, integrity, and availability of information. These measures are continuously reviewed and updated in line with evolving security standards and

regulatory requirements.

10.1. Encryption of Data in Transit and at Rest

All personal data is encrypted both during transmission over networks (using protocols such as TLS/SSL) and while stored on our servers. This ensures that sensitive information cannot be intercepted or accessed by unauthorized third parties.

10.2. Access Controls and Role-Based Permissions

We implement strict access control policies. Only authorized personnel with clearly defined roles can access specific categories of data, minimizing the risk of misuse or accidental exposure.

10.3. Security Audits, Testing, and Monitoring

Our systems undergo regular security audits, penetration testing, and real-time monitoring to identify vulnerabilities and detect suspicious activity. Proactive monitoring helps prevent breaches before they occur.

10.4. Secure Payment Handling

All financial transactions are processed through PCI DSS-compliant providers, such as Stripe, ensuring industry-standard protections for credit card and payment information.

10.5. Incident Response and Breach Management

We maintain a documented incident response plan to act quickly in the event of a security breach. This includes containment, investigation, notification of affected users, and corrective actions to strengthen safeguards.

11. INDIVIDUAL RIGHTS

We respect the privacy rights of individuals across jurisdictions and provide mechanisms to ensure that users can exercise control over their personal data. The specific rights available depend on applicable laws and regulatory frameworks, but we strive to extend a consistent level of protection globally.

11.1 Rights Under GDPR (EU/UK)

Individuals within the European Union and the United Kingdom are entitled to a comprehensive set of

rights under the General Data Protection Regulation (GDPR), including:

• I. The right to access personal data we hold about you.

• II. The right to rectify or update inaccurate or incomplete data.

• III. The right to request erasure of personal data (“right to be forgotten”).

• IV. The right to restrict or object to processing under certain circumstances.

• V. The right to data portability, allowing you to obtain and reuse your data.

• VI. The right to withdraw consent where processing is based on consent.

• VII. The right to lodge a complaint with a relevant supervisory authority.

11.2 Rights Under CCPA/CPRA (California, USA)

California residents are entitled to additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

• I. The right to know what categories and specific pieces of personal data we collect, use, or disclose.

• II. The right to request deletion of personal information, subject to legal or contractual obligations.

• III. The right to opt out of the “sale” or “sharing” of personal data (note: we do not sell personal data).

• IV. The right to correct inaccurate information.

• V. The right to non-discrimination for exercising any privacy rights granted by law.

11.3 Rights Under Other Frameworks (LGPD, PIPEDA, PDPA, etc.)

Where applicable, we also recognize equivalent rights under other data protection frameworks, such as Brazil’s LGPD, Canada’s PIPEDA, and Singapore’s PDPA. This includes the right to transparency, correction, deletion, and objection, tailored to the local requirements of each framework.

11.4 Exercising Your Rights

To exercise your rights under any of the above frameworks, you may contact us at hello@voyagr.travel

12. RESPONSIBILITIES FOR END-CUSTOMER DATA

Travel agents are responsible for obtaining explicit consent from travelers before submitting personal data. Voyagr acts as a data processor with respect to traveler data, handling it only as instructed by travel agents. For GDPR purposes, travel agents are controllers of traveler data; Voyagr is the processor.

13. CHILDREN’S DATA

The Platform is intended strictly for professionals. We do not knowingly collect data from children under 16 years old. If such data is identified, it will be erased immediately.

14. ACCOUNT TERMINATION & DATA DELETION

Agents may close their account at any time; associated personal data will be deleted, anonymized, or retained only where legally required. End-customer bookings remain governed by supplier policies, including cancellations and refunds.

15. POLICY UPDATES

This Privacy Policy may be updated periodically to reflect changes in law, business operations, or technology. Updates will be communicated via email or in-app notification with a revised “last updated” date. Continued use of the Platform after updates indicates acceptance.

16. CONTACT & DATA PROTECTION QUERIES

For inquiries, complaints, or to exercise your privacy rights:

Voyagr Travel Inc.

12410 Milestone Center Drive, Suite 600

Germantown, MD 20876, USA

Phone: +1 (888) 886-8204

Email: hello@voyagr.travel