Privacy Policy

1. Introduction

This Privacy Policy describes how RonRyne LLC ("RonRyne", "bAI", "we", "us", or "our") collects, uses, discloses, and safeguards personal information when you visit our websites, use our mobile and web applications, interact with our AI Features (e.g., Rayne and Zara), or otherwise engage with the bAI Services (collectively, the "Services").

This Policy is incorporated into and forms part of our Terms of Service. By using the Services, you consent to the collection and use of your information as described here.

2. Information We Collect

2.1 Information You Provide

• Account information: name, email address, password (hashed), phone number, profile photo.
• Family / household composition: number of adults, number of children, ages of children traveling, accessibility requirements, dietary restrictions.
• Travel preferences: destinations, dates, budget, interests, themes (e.g., adventure, relaxation), preferred airlines, hotel brand preferences, room preferences.
• Address information: street address, city, state, country (when collected for events, billing, or legal compliance).
• Booking and inquiry data: packages viewed, inquiries submitted, terms accepted, bookings created, hold windows, confirmation codes, cancellation reasons.
• Payment information: last four digits of payment card, billing zip code, transaction reference numbers. Full payment credentials are processed by our third-party processor and are not stored by RonRyne.
• Communications: chat conversations with our AI Features, messages exchanged with Travel Agents through the Services, support tickets, feedback, and survey responses.
• User Content: reviews, ratings, photos, and other content you submit.
• Travel Agent profile data (Travel Agents only): agency name, license numbers, specialties, business website, social handles, target client income range, average bookings per month.

2.2 Information Collected Automatically

• Device and browser: IP address, device identifier, operating system, browser type and version, language, time zone.
• Usage data: pages visited, features used, search queries, clicks, scroll depth, time on page, referring URL.
• Approximate location: derived from IP address and (with your permission) precise geolocation when you grant browser location access.
• Cookies and similar technologies: see Section 7.

2.3 Information from Third Parties

• Authentication providers: if you sign in via email provider, OAuth, or magic link, we receive identity-confirmation data from the provider.
• Travel partners: Travel Agents and inventory providers may share booking confirmations, hotel availability, pricing, and review data with us.
• Analytics and advertising partners: aggregated usage information from analytics providers we use to improve the Services.

3. How We Use Information

We use personal information to:

• Provide, maintain, and improve the Services;
• Generate AI recommendations, trip plans, package matches, and conversational responses tailored to your stated preferences;
• Facilitate Inquiries, Bookings, payments, holds, and confirmations;
• Communicate with you about your account, Bookings, transactional notices, and (with your consent) marketing;
• Provide customer support, respond to inquiries, and resolve disputes;
• Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms;
• Conduct research and analytics to understand how users engage with the Services and to improve AI model quality;
• Comply with legal obligations and enforce our agreements.

We will not use your personal information for purposes materially different from those described here or for which we have a separate lawful basis without first notifying you.

4. AI Processing of Your Data

AI Features process your conversation history, profile, and travel preferences to generate recommendations and itineraries. Conversation transcripts may be retained to improve service quality and to debug issues. We do not use your conversation content to train large public foundation models (e.g., third-party LLM providers) without an explicit opt-in.

Where AI Features are powered by third-party model providers, your prompts and other inputs may be transmitted to those providers under their no-training, zero-data-retention enterprise terms.

5. Disclosure of Information

We share personal information with:

• Travel Agents you transact with: we share the information needed for the Travel Agent to respond to your Inquiry or service your Booking — typically your name, email, dates, travelers, room preferences, and any messages you send. Travel Agents are independent and handle the data they receive under their own privacy practices.
• Service providers: hosting (Google Cloud, Supabase), authentication (Supabase Auth), analytics, email (transactional and marketing), payment processing (e.g., Stripe, Razorpay), customer support tooling, and similar processors. These providers receive only the information needed to perform their function and are bound by contractual confidentiality and security obligations.
• Travel suppliers: when you complete a Booking, we forward the necessary information (name, dates, traveler counts, room preferences) to the hotel, airline, cruise line, tour operator, or other supplier responsible for delivering the travel product.
• Legal and safety reasons: we may disclose information when required by law, subpoena, or court order; to protect the rights, property, or safety of RonRyne, our users, or others; or in connection with an investigation of suspected illegal activity.
• Business transfers: in the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of our assets, your information may be transferred as part of the transaction. We will provide notice and material choices where required by law.

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising as defined under applicable U.S. state laws.

6. Choices and Rights

6.1 Account and Marketing

You can review and update most of your account and profile data at any time from your account dashboard or, for agents, your agent profile. You can opt out of marketing emails by clicking the unsubscribe link in any marketing message. Transactional messages (Booking confirmations, security alerts) cannot be unsubscribed from while you have an active account.

6.2 California Residents

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), California residents have rights to (a) know the categories and specific pieces of personal information we have collected; (b) request deletion of personal information; (c) request correction of inaccurate personal information; (d) opt out of the sale or sharing of personal information (we do not sell or share); and (e) non-discrimination for exercising these rights. To exercise any of these rights, contact us at [email protected]. We may verify your request before fulfilling it.

6.3 Other U.S. State Residents

Residents of Colorado, Connecticut, Utah, Virginia, and other states with comprehensive privacy laws may have similar rights. Contact [email protected] to exercise them.

6.4 European and UK Residents

If you are in the European Economic Area, the UK, or Switzerland, you may have rights under the GDPR or UK GDPR, including rights to access, rectify, erase, restrict processing of, port, and object to the processing of your personal data, as well as the right to withdraw consent and to lodge a complaint with your local data protection authority. We typically rely on the legal bases of contract performance, legitimate interests, and (where applicable) consent.

7. Cookies and Tracking

We use cookies and similar technologies to:

• Keep you signed in (essential cookies);
• Remember preferences such as recent searches, language, and currency;
• Measure usage and performance (e.g., page-load times, error rates);
• Detect fraud and abuse.

Most browsers let you control cookies through their settings. Note that disabling essential cookies may break the Services (you may not be able to sign in). We honor Global Privacy Control (GPC) signals for opt-out preferences where required by law.

8. Children

The Services are not directed to children under 13 and we do not knowingly collect personal information directly from children under 13. Family travel planning often includes information about minors (e.g., children's ages or accessibility needs); that information is provided by the adult account holder and is treated as part of the account holder's data. If you believe we have collected information from a child under 13 directly, contact [email protected] and we will delete it.

9. Data Retention

We retain personal information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods vary by data type. When information is no longer needed, we delete or anonymize it.

10. Security

We use administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, or disclosure. These include TLS encryption in transit, encryption at rest for sensitive fields, access controls, audit logging, and regular security reviews. No system is perfectly secure; we cannot guarantee absolute security. If we become aware of a security incident affecting your information, we will notify you in accordance with applicable law.

11. International Transfers

We are headquartered in the United States and primarily process personal information there. Where we transfer personal information from outside the U.S., we rely on appropriate transfer mechanisms (e.g., standard contractual clauses) where required by applicable law. By using the Services, you understand that your information may be transferred to and processed in the U.S. and other countries whose data-protection laws may differ from those of your country of residence.

12. Third-Party Links and Services

The Services may link to third-party websites or services that we do not operate. This Policy does not apply to those third parties. We encourage you to review their privacy notices before providing any information.

13. Changes to This Policy

We may update this Policy from time to time. If a change is material, we will provide notice (for example, by email to your account address, by an in-product banner, or by updating the effective date above). Your continued use of the Services after the effective date of an update constitutes acceptance of the updated Policy.

14. Contact

Privacy questions or rights requests: [email protected].

Data Protection Officer / EU Representative (where applicable): contact us at the same email and we will route accordingly.

Postal mail:
RonRyne LLC
Attn: Privacy
2233 Carbondale Way
Dublin, CA 94568
United States