Last updated: June 11, 2026
Privacy Policy
1. Who We Are
Arondo is an AI-powered travel management platform for professional travel agents, operated by Arondo (“Arondo,” “we,” “us”). We are reachable at arondo@arondoworld.com.
2. Data We Collect
Agent account data
When you create an account we collect your email address, full name, agency name, business phone, business address, and optional profile photo. We also store your Stripe Connect account identifiers (not card numbers) if you enable payment collection.
Client and traveler data you enter
As an agent, you store information about your clients and travelers: names, email addresses, phone numbers, zip codes, departure cities, room types, and travel dates. For group trips, child ages are stored to satisfy supplier booking requirements. This data is entered by you and is visible only to you — other agents cannot access your clients.
Payment records
We record payment amounts, dates, and statuses for trip accounting. We store card authorization metadata (card brand, last 4 digits, expiry month/year, cardholder name, billing address) when agents collect signed card authorization forms from clients. We do not store full card numbers (PAN), CVV/CVC, PINs, or any card track data. All payment processing is handled by Stripe.
Documents
Service agreements and signed card authorization forms are stored as document URLs (hosted on Supabase Storage). These documents are retained for 7 years to meet standard business and legal record-keeping requirements. Arondo tracks signature status and timestamp only — we do not store passport scans, government ID images, or any identity documents.
AI interaction data
When you use Airro AI features, we log structured metadata about each request — destination, trip length, party size, AI model used, token counts, and whether the output was accepted or edited. We do not log the full text of your queries or your clients’ personal information in our AI telemetry records. This data is used to improve the service and may be used for future model fine-tuning.
Usage and error data
We collect standard application usage data (page visits, feature interactions) and error logs to operate and improve the Service. Error reports are sent to Sentry (see Processors below) with personally identifiable information excluded.
3. How We Use Your Data
- To provide and operate the Arondo platform and its features
- To send transactional emails (payment confirmations, reminders, booking updates)
- To send onboarding and product emails (you can unsubscribe at any time)
- To process payments on your behalf via Stripe Connect
- To improve the AI features through aggregated, anonymized usage signals
- To comply with applicable laws and respond to lawful requests
We do not sell your data or your clients’ data to third parties.
4. Data Processors
We use the following sub-processors to operate the Service. Each processor has its own privacy policy governing how it handles data.
| Processor | Purpose | Data shared |
|---|---|---|
| Supabase | Database hosting and authentication | All structured data (agents, clients, trips, payments, documents) |
| Vercel | Application hosting and CDN | Server logs, request metadata |
| Stripe | Payment processing (Stripe Connect) | Payment amounts, Stripe account identifiers; Stripe tokenizes card data browser-side — Arondo never sees raw card numbers |
| Duffel | Flight search and booking | Traveler names, dates, flight selection when booking flights through the platform |
| Anthropic | AI processing (Airro features) | Trip destination, length, party size, and agent-provided context for AI requests. We do not send client PII to Anthropic. |
| Resend | Transactional and product email delivery | Recipient email address, email content for reminders, payment links, and onboarding emails |
| Sentry | Error monitoring and crash reporting | Stack traces and error context. Configured with sendDefaultPii: false — PII is excluded from error reports. |
5. Data Retention
- Service agreements and signed documents: 7 years from signing date
- Payment records and audit logs: 7 years (standard accounting retention)
- Booking confirmations: 7 years
- Client and trip data: Duration of your active account relationship; deleted on account closure upon request
- AI telemetry (airro_invocations): Retained indefinitely for model quality purposes
- Help and feedback data: 1 year
6. Data Security
All data is stored in Supabase (PostgreSQL) with Row-Level Security (RLS) enforced on every table. No agent can read another agent’s data through any application interface. Server-to-database communication is encrypted in transit. Access to production infrastructure is restricted to authorized personnel only.
7. Your Rights
You may request a copy of your data, correction of inaccurate data, or deletion of your account and associated data (subject to legal retention obligations) by emailing arondo@arondoworld.com. We will respond within 30 days. Certain data (payment records, signed documents) is subject to mandatory retention periods and cannot be deleted early.
8. Cookies
Arondo uses a session cookie (set by Supabase Auth) to maintain your login session. We do not use advertising or third-party tracking cookies.
9. Changes to This Policy
We may update this Privacy Policy. We will notify you by email at least 14 days before material changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.
10. Contact
Privacy questions or data requests: arondo@arondoworld.com