Privacy Policy

Trenova (“Trenova”, “we”, “us”, or “our”) respects your privacy. The party responsible for your personal data (the data controller) is identified in the Data Controllersection below. This Privacy Policy describes how we handle personal data when you use our website and services (the “Service”).

Your use of the Service is also governed by our Terms of Use and our Refund & Cancellation Policy (billing, cancellation, and refunds where applicable).

The data controller for personal data processed in connection with the Service is:

• Trading / service name: Trenova
• Country: Israel
• Address (correspondence): Tel Aviv, Israel (we do not publish a street address on this page; for postal or formal notices, contact us first at contact@trenova.ai).
• Registered legal entity: Where the Service is operated through a separately registered company or other legal entity under local law, we will list that name and registration details here when we publish them, or provide them on request to the contact address above for legitimate legal, regulatory, or contracting purposes.

We collect data in two broad categories:

Information you provide — for example your email address and account details, and trip preferences or other inputs you enter into the planner.

Information collected automatically — for example your IP address, device and browser information, and usage data such as pages visited and features used.

Payment information — if you subscribe to a paid plan, card or bank payment details are collected and processed by Paddle.com Market Limited(“Paddle”), our Merchant of Record. Paddle acts as an independent data controller for the payment transaction. We do not store your full card number, full card authentication data (such as CVV/CVC), or equivalent primary payment credentials on our own systems. We may receive limited information from the provider (for example payment status, billing period, last four digits of a card where shown in your account, and subscription or transaction identifiers) so we can operate your subscription and comply with accounting rules.

• We do not require you to provide more than is reasonably needed to operate the Service.
• You can request a summary of the personal data we hold about you (see Your Rights below).

We use your data to:

• generate personalised travel itineraries;
• maintain, secure, and improve the Service;
• manage paid subscriptions and billing through third-party payment processors (we do not store your full payment card or bank credentials — see Data We Collect);
• communicate with you about your account and the Service; and
• diagnose and resolve technical issues.

Where the EU General Data Protection Regulation (GDPR) applies, we process personal data only when we have a valid legal basis under Article 6. The main bases we rely on are:

• Contract — processing necessary to provide the Service you request: for example creating and maintaining your account, generating itineraries, delivering features you use, and communicating with you about the Service.
• Legitimate interests — processing that is necessary for our legitimate interests, where those interests are not overridden by your rights: for example operating, securing, and improving the Service, troubleshooting, fraud prevention, and aggregated or pseudonymous analytics to understand how the Service is used. Where required, we balance these interests against your privacy rights; you may have the right to object to certain processing (see Your Rights).
• Legal obligation — processing we must carry out to comply with applicable law: for example tax, accounting, and financial record-keeping related to payments, and responding to lawful requests from public authorities.
• Consent — where we rely on consent, we ask for it separately (for example for non-essential cookies or marketing communications, if and when we offer them). You may withdraw consent at any time without affecting processing that was lawful before withdrawal; withdrawal may limit certain features (see Cookies).

If more than one basis could apply to the same activity, we identify the primary basis at the time of processing. For questions about which basis applies to your data, contact us (see Data Protection Contact).

Your trip criteria may be processed by AI systems and third-party AI providers to generate your itinerary. We aim to send only what is needed for that purpose.

For how this relates to automated decisions under privacy law, see No Automated Decision-Making below.

We use artificial intelligence to help produce itineraries and related content, as described under AI Processing above. For the avoidance of doubt:

• The Service does not use AI to make a decision with legal or similarly significant effects about you based solely on automated processing within the meaning of Article 22 of the GDPR (or equivalent rules).
• AI-generated itineraries, suggestions, rankings, and text are suggestions and planning aids only. They are not legally binding on you or on us, do not replace professional advice, and do not determine your rights (for example visa eligibility or admission to a country), contractual outcomes with third parties, or suitability for insurance, employment, credit, or other regulated decisions.
• You are expected to use your own judgment and to verify facts with authoritative sources before you travel or commit money, consistent with our AI Disclaimer and Description of Service in the Terms of Use.

We may share your data with:

• service providers who help us operate the Service (for example hosting and infrastructure);
• Payment processors — when you pay for a subscription, payment collection, authentication, and related fraud checks are handled by Paddle.com Market Limited, our Merchant of Record. They receive the payment details you enter at checkout; their processing is governed by their own privacy policies and terms. We do not store full payment credentials on our infrastructure and only receive the limited billing and status information we need to provide paid features and meet legal record-keeping obligations; and
• legal authorities when required by applicable law.

We do not sell your personal data to third parties.

We retain your personal data for as long as necessary to provide the Service and meet our legal obligations. You may request deletion of your data or close your account at any time (see Account Closure, Deletion of Your Data, and Data Protection Contact).

Under the Israeli Privacy Protection Law 5741-1981 and, where applicable, the EU General Data Protection Regulation (GDPR), the UK GDPR, and similar laws, you may have some or all of the following rights. Which rights apply depends on your situation and the law governing the processing.

• Access. Obtain confirmation as to whether we process your personal data and receive a copy of that data, together with certain prescribed information about the processing.
• Rectification. Have inaccurate personal data corrected and incomplete data completed, having regard to the purposes of the processing.
• Erasure (“right to be forgotten”). Request deletion of your personal data where grounds under applicable law are met, subject to exceptions (for example legal retention — see Deletion of Your Data).
• Restriction of processing. Request that we limit how we use your data in certain cases (for example while a dispute about accuracy is resolved), where the GDPR or equivalent rules apply.
• Data portability. Where the GDPR (or equivalent) applies and the legal conditions are met, receive the personal data you provided to us in a structured, commonly used, machine-readable format, and where technically feasible have it transmitted to another controller.
• Object. Where the GDPR (or equivalent) applies, object to processing based on legitimate interests (including profiling within that scope), unless we demonstrate compelling legitimate grounds. You may also have specific rights to object to direct marketing if we ever send it.
• Withdraw consent. Where we rely on consent, withdraw it at any time without affecting the lawfulness of processing before withdrawal; some features may stop working if consent was required for them (see Cookies).
• Automated decisions. For how we treat AI outputs and human oversight, see No Automated Decision-Making — we do not make decisions with legal or similarly significant effects about you based solely on automated processing within the meaning of Article 22 GDPR.
• Lodge a complaint. You may lodge a complaint with a data protection supervisory authority. In Israel, the relevant regulator is the Privacy Protection Authority. In the EEA, you may typically contact the supervisory authority in the member state of your habitual residence, place of work, or the place of the alleged infringement. In the United Kingdom, the Information Commissioner's Office (ICO) handles many privacy complaints. Exercising these rights is without prejudice to any other remedies you may have.

To exercise any of these rights, email contact@trenova.ai from the address associated with your account (or describe your account clearly). We may ask you to verify your identity before we disclose or change data, to protect your privacy and security. We aim to respond within 30 days. For account closure or deletion, see Account Closure and Deletion of Your Data below for what happens next and realistic timeframes.

When you request deletion via your account settings, your account is deactivated immediately and permanently erased after 30 days. Sign back in within that window to restore everything.

You may request to close your account and stop using the Service at any time. Email contact@trenova.ai from the address associated with your account, state clearly that you want your account closed, and ask us to delete the personal data linked to that account (or describe a narrower scope if you prefer). We may ask you to confirm your identity before we act. A request that closes your account is treated as a request to erase the personal data we hold for that account, subject to the exceptions noted under Deletion of Your Data.

What happens afterward. After we verify your request, we remove or disable sign-in access for your account, then delete or anonymise personal data tied to your profile, itineraries, saved trips, and other service records according to the timeframes, backup retention, and legal retention rules described in Deletion of Your Data. You will not be able to use the same account again unless you create a new one. If you sign in with Google, you can also remove this app from your Google account security settings; that affects future OAuth access but does not by itself delete records we already hold—email us if you want data erased on our systems.

If you have an active paid subscription, cancelling or closing your account does not override billing rules in our Terms of Use and Refund Policy (for example amounts already owed or records we must keep for tax and accounting).

How to request deletion. Email contact@trenova.ai from the address associated with your account (or describe your account clearly enough for us to locate it). We may ask you to confirm your identity before we act on the request. If you are closing your entire account, see Account Closure above; the same erasure process applies.

Timeframe. We aim to send an initial response within 30 days of receipt, in line with Your Rights above. Once we have verified your request and any identity checks are complete, we aim to complete deletion of your personal data from our live production systems within 30 days, unless applicable law requires a different schedule or we notify you of a justified extension where permitted (for example if the request is unusually complex).

What happens after deletion. Erasure removes your personal data from active databases and application layers we control so that it is no longer used to provide the Service. Residual copies may persist for a limited period in encrypted backups and similar disaster-recovery stores until those snapshots age out according to our backup rotation (typically within about 90 days); those copies are not used for operational purposes during that window except for restore integrity and security monitoring. Where we use subprocessors, we instruct them to delete or return personal data in line with our agreements, subject to their own technical and legal constraints.

We may defer or limit deletion where we must retain certain information to comply with legal obligations (for example tax or accounting records), to establish, exercise, or defend legal claims, or to address misuse or security incidents. Aggregated or de-identified data that does not identify you may be retained.

We use reasonable technical and organisational safeguards designed to protect your data. No method of transmission over the internet or electronic storage is fully secure.

We and our service providers may use cookies and similar technologies (for example pixels or local storage) on the Service. This section describes the types of cookies we refer to, what they are for, and how you can limit them.

We group cookies into these categories:

• Essential cookies — required for core operation and security. These include, for example, cookies used to keep you signed in, maintain your session, route requests securely, and prevent abuse. Without them, parts of the Service may not work.
• Functional cookies — remember settings or choices you make (for example display preferences or planner UI state) so the Service works as you expect when you return. Where applicable law treats these as non-essential, we will ask for consent before enabling them.
• Analytics cookies — help us understand usage at a population or statistical level, such as which features are used and how the Service performs. They are not required for core sign-in or itinerary features. If we deploy them, we will aim to rely on aggregation, anonymisation, or pseudonymisation (and provider settings such as shortened IP addresses and limited retention) where practicable, so that reporting supports improvement without unnecessary identification of individuals.
• Affiliate / partner cookies— set by our travel-affiliate partners when you choose “Accept all” in the cookie banner. They allow our partners to attribute flight bookings you make after clicking through our site, so we can earn a small commission. They are not used to show you ads on Trenova.

What we use today. We use cookies that are essentialfor authentication and related session management. With your consent (the “Accept all” choice in the cookie banner), we also load TravelPayouts (Aviasales B.V.) Drive — an affiliate-attribution script that lets our flight-search partner credit Trenova when you book through links on our site. We do not currently use third-party advertising or audience analytics cookies such as Google Analytics on the Service. If we add analytics, marketing, or other non-essential cookies (including typical implementations of Google Analytics that are not strictly necessary), we will update this Privacy Policy in advance and, where the law requires it, obtain your consent before those cookies are set or read.

Future analytics. Where we introduce product or audience analytics (whether via cookies or similar technologies), we will configure tools toward aggregate or anonymised insights and data minimisation where feasible — for example reduced retention periods, IP truncation or masking offered by the provider, and avoiding unnecessary cross-site tracking — in addition to consent or other lawful bases where required.

The Service relies on vendors that process personal data on our instructions or configuration (“processors” / “sub-processors”), and on vendors that act as independent controllers for their own purposes (for example Paddle at checkout). Each has its own privacy policy for data they receive directly from you or from us.

Infrastructure and data stores.

• Render Services, Inc. (United States) — hosts our production web application and related operational services (for example scheduled jobs) in the region we configure for deployment. Privacy notice.
• PostgreSQL — our primary application database (accounts, subscriptions, itineraries, idempotency metadata, and similar records) runs as a managed service tied to our hosting setup, typically provisioned alongside the web tier on Render or another PostgreSQL-compatible host we configure per environment.
• Upstash, Inc. (United States / EU regions, depending on configuration) — managed Redis over HTTPS for low-latency shared caching when UPSTASH_REDIS_REST_URL is configured; may hold short-lived cached strings (for example derived destination photo URLs), not your password. If Upstash is not configured, equivalent logic falls back to in-memory storage on the app server. Privacy notice.

Authentication and sessions.

• Google LLC (United States) — Sign in with Google (OAuth 2.0) via Auth.js / NextAuth.js libraries running on our servers. Google receives authentication requests and profile basics (such as email and name) needed to create your session. Privacy notice.

Maps, places, and routing.

• Google LLC — Google Maps Platform (for example Places and, where enabled, Routes and related APIs) for destination autocomplete, geocoding, and routing features. Queries can include text you type and coarse location context. Privacy notice.
• Mapbox, Inc. (United States) — interactive map tiles, map rendering, and geocoding used in the itinerary experience. Privacy notice.

Artificial intelligence.

• Anthropic, PBC (United States) — Claude models for itinerary text and related structured outputs. Privacy notice.
• Google LLC — Gemini (Google AI / Generative Language API) for itinerary generation, caching, and supplemental enrichment flows where configured. Privacy notice.

Payments.

• Paddle.com Market Limited (United Kingdom / European Union) — Merchant of Record for paid subscriptions; independent controller for checkout data. Privacy notice.

Affiliate attribution and optional analytics (browser).

• Aviasales B.V.(TravelPayouts, Netherlands) — when you choose “Accept all” in the cookie banner, we load their Drive attribution script; the script URL is served from TravelPayouts infrastructure (for example emrldtp.cc) and may set partner cookies as described in their materials. Legal hub.
• Google LLC — Google Analytics 4 may load from Google Tag Manager / gtag only when a measurement ID is configured for that deployment andyou choose “Accept all”. Our default production configuration does not set a measurement ID, so GA4 is not active for typical production visitors unless we deliberately enable it and update this policy accordingly. Privacy notice.

Typography and public reference sources.

• Google LLC — Google Fonts(fonts.googleapis.com / fonts.gstatic.com); standard browser requests may include IP address and user-agent data under Google's policies. Privacy notice.
• Wikimedia Foundation, Inc. (United States) — Wikipedia and Wikimedia APIs we call server-side for destination imagery, summaries, and optional suggestion text; requests can include destination names or related query text. Privacy policy.

Abuse prevention (optional).

• Cloudflare, Inc. (United States) — Turnstile server-side verification at challenges.cloudflare.com when we enable CAPTCHA-style checks for high-risk traffic; sends a response token and related metadata needed to verify the challenge. Privacy policy.

Decorative assets (browser only).

• Unsplash (Unsplash, Inc., United States) — your browser may load curated stock image URLs from images.unsplash.com / plus.unsplash.com on select marketing or exploration pages. Privacy policy.
• Flag CDN — country flag icons served from flagcdn.com (open-source flag pack) as static images; standard HTTP requests only.

We may add or replace subprocessors with equivalent services as the product evolves. For material changes we update this section and, where required, notify you in line with Updates to this Privacy Policy.

We and our processors may process or store personal data in countries other than where you live, including countries outside the European Economic Area (EEA), the United Kingdom, or Switzerland — for example where our hosting, payment, AI, or authentication providers operate facilities.

Where the GDPR (or equivalent UK or Swiss rules) applies to a transfer to a country that has not received an adequacy decision, we implement appropriate safeguards under Chapter V of the GDPR. Depending on the transfer, those safeguards commonly include the Standard Contractual Clauses (SCCs) adopted by the European Commission (together with any required transfer impact assessment and supplementary measures where we assess they are needed), or the UK International Data Transfer Agreement / Addendum to the EU SCCs where applicable. Where an adequacy decision applies, we may rely on it; we may also use other lawful mechanisms recognised under applicable law when they fit the facts of the transfer.

We contractually require service providers who process personal data on our behalf to implement protections consistent with applicable law and, where relevant, to flow down appropriate safeguarding terms (including SCCs or equivalent commitments with sub-processors).

Trenova is not intended for users under 18. We do not knowingly collect personal data from anyone under 18. If you believe we have done so inadvertently, contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice before they take effect.

You can contact us regarding data protection matters at any time — including questions about this Privacy Policy, how we process your personal data, exercising your rights (access, correction, deletion, objection, or consent withdrawal where applicable), raising a concern, or correspondence from supervisory authorities. Use the address below; we treat messages clearly marked as data protection or privacy enquiries as priority correspondence.

Email: contact@trenova.ai

We have not appointed a separate Data Protection Officer (DPO) under Articles 37–39 GDPR or an EU/UK representative solely for privacy law purposes. Unless and until we publish a dedicated DPO or representative contact here, the email above is the correct channel for all data protection communications.

For any other privacy-related questions or requests not covered above: contact@trenova.ai