App Privacy Policy

Scope of This Policy

This Privacy Policy applies exclusively to the Travel by Fresnaye mobile application ("App"), available on the Apple App Store (iOS) and Google Play Store (Android). It is operated by Travel by Fresnaye, a division of Fresnaye & Company LLC.

This policy satisfies the Apple App Store Connect privacy policy requirement and is linked from the App's store listing. It also governs in-app access via the app drawer's Privacy Policy link.

For the privacy policy governing the travelbyfresnaye.com website, see the Website Privacy Policy. For general Terms of Service, see App Terms of Service.

Data We Collect

When you create an account and use the App, we collect the following personal information:

Account & Identity

Data Type	Purpose	Notes
Email address	Account creation, login, advisor communication	Required for account
Password	Authentication	Stored as a salted hash — never stored in plaintext
Full name	Booking personalization, advisor correspondence
Phone number	Advisor contact, travel alerts	Optional

Travel Profile

Data Type	Purpose	Notes
Passport details	Required for international booking submissions	Encrypted at rest; not accessed by app client — server-side only
Dietary preferences	Communicated to hotels and tour operators on your behalf	Optional
Loyalty program numbers	Applying frequent flyer and hotel points to bookings	Optional; stored in your profile
Trip location data	Destination information for itinerary display and weather	Based on your booked trips — no device GPS tracking

Usage & Technical Data

App version, device model, operating system version
Session activity and feature interactions (used for crash reporting and App improvement)
Error logs and diagnostic data

We do not collect device GPS location. Location data in the App is limited to the destinations and cities associated with your booked trips, which you provide directly or which your advisor enters on your behalf.

Data Stored on Your Device

The App stores the following data locally on your device:

iOS

Authentication token — stored in the iOS Keychain (Secure Enclave protected), used to maintain your signed-in session. It is never written to unencrypted storage or transmitted to third parties.
Cached itinerary and trip data — stored temporarily to enable offline viewing. This data is cleared on sign-out and account deletion.

Android

Authentication token — stored in Android's EncryptedSharedPreferences, backed by the Android Keystore system.
Cached trip data — stored in the app's private encrypted data directory, inaccessible to other applications.

The App does not write personal data to your device's Photos, Files, or general storage without your explicit action (e.g., downloading a document you request).

Third-Party Services

The App integrates the following third-party services to deliver its functionality. Each service receives only the minimum data necessary for its purpose:

Service	Purpose	Data Shared
Fresnaye C2 Identity (Synology)Server-side	Staff and advisor SSO authentication into the advisor portal	Staff credentials only — not used for client app authentication
OpenWeatherMap	Destination weather forecasts displayed on your trip detail screens	City name / destination only — no personal information transmitted
Microsoft Graph (Azure)Server-side	Sending advisor emails to clients (booking confirmations, trip updates) via booking@fresnaye.com	Your email address and message content — processed server-side; not accessed by the app client directly
Anthropic Claude APIServer-side only	Parsing forwarded travel confirmation emails to auto-import trip details into your itinerary	Email content you choose to forward for import — processed server-side only. Email content is not stored by Anthropic beyond the API request lifecycle per their zero-data-retention API policy.

Regarding Claude API email import: When you use the trip import feature, the email content you submit is sent to Anthropic's API server-side for parsing. This processing occurs on our backend — the App itself does not have direct API access. Anthropic processes this data subject to their Privacy Policy.

We do not integrate advertising SDKs, social media tracking pixels, or third-party analytics platforms that profile you for advertising purposes.

Payment Data

Payment card information associated with your Travel by Fresnaye account is stored in encrypted form on our servers and is accessible only to authorized Fresnaye & Company administrators for billing purposes.

The mobile App does not access, display, or transmit payment card numbers. If payment functionality is added to the App in a future release, this policy will be updated accordingly and you will be notified.

Any future in-app payment processing will be handled through PCI-DSS-compliant processors, and card numbers will never be stored on your device.

How We Use Your Data

Display your trip itineraries, booking details, and destination information
Facilitate communication between you and your travel advisor
Submit your traveler information (including passport details) to hotels, airlines, and tour operators when required for a booking
Show destination weather forecasts via OpenWeatherMap using your trip city data
Auto-import trip details from forwarded travel confirmation emails (when you initiate this feature)
Send you booking confirmations and itinerary updates via advisor email
Diagnose technical issues and improve App stability through crash and error reporting
Authenticate your session securely on each App launch

We do not use your personal data for targeted advertising. We do not sell your data to any third party.

Data Retention

We retain your personal data for as long as your account is active, plus the period required to fulfill legal, tax, and contractual obligations (generally seven years for booking records). When you delete your account, your personal data is deleted from our active systems within 30 days, subject to the exceptions below:

Booking records involving completed international travel may be retained longer where required by applicable regulations
Anonymized or aggregated usage data that cannot identify you may be retained indefinitely for product improvement
Data retained pursuant to a legal hold or regulatory requirement

Authentication tokens stored on your device are invalidated immediately upon sign-out or account deletion.

Your Privacy Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

Access — Request a copy of the personal data we hold about you
Correction — Update or correct inaccurate information in your profile
Deletion — Request deletion of your account and personal data (see Account Deletion below)
Portability — Receive your profile data in a portable format
Opt-out of marketing — Unsubscribe from non-transactional communications at any time

EU and UK residents have additional rights under GDPR and UK GDPR. California residents have rights under the CCPA. To exercise any right, contact us at booking@fresnaye.com.

Account Deletion

You may delete your Travel by Fresnaye account directly within the App at any time:

Navigate to Settings → Account → Delete Account
Confirm your intent — deletion is permanent and cannot be undone
Your account, profile, and associated personal data will be removed from our active systems within 30 days
Authentication tokens on your device are invalidated immediately upon deletion
Any active or upcoming bookings will be flagged for advisor review before deletion is finalized — you will be notified if there are pending matters requiring attention

You may also request account deletion by emailing booking@fresnaye.com from the address associated with your account. Deletion requests submitted by email are processed within 30 days.

Certain records may be retained after deletion as required by applicable law (see Data Retention above).

Children's Privacy

The App is intended for users aged 18 and older. We do not knowingly collect personal information from children under 13. When booking travel that includes minors, only the information necessary to complete the booking (e.g., name, date of birth for airline tickets) is collected, and it is handled by the adult account holder.

If you believe a child under 13 has created an account or submitted personal information, please contact us immediately and we will delete it promptly.

Security

We apply industry-standard security measures to protect your data:

All data transmitted between the App and our servers uses TLS 1.2 or higher encryption
Authentication tokens are stored in the iOS Secure Enclave (Keychain) or Android Keystore — not in plain app storage
Passwords are stored as salted hashes and are never retrievable in plaintext
Passport details and sensitive travel documents are encrypted at rest on our servers and are not accessible via the app client layer
Access to personal data within Fresnaye & Company systems is restricted to personnel with a legitimate need

No system is perfectly secure. If you suspect unauthorized access to your account, please contact us immediately and change your password.

Policy Changes

We may update this policy as the App evolves. Material changes will be communicated via an in-app notification and/or email prior to the change taking effect. The updated policy will reflect a new effective date at the top of this page.

Continued use of the App following the effective date of a material change constitutes acceptance of the updated policy.

Contact Us

For privacy questions, data requests, or account deletion assistance:

Email: booking@fresnaye.com
Washington, DC: 1235 Pennsylvania Ave SE, Suite 1205, Washington, DC 20003
London, UK: 128 City Road, London EC1V 2NX (Company No. 17056956)

We respond to all privacy-related requests within 30 days.