Waivoo

Loading your travel experience...

Waivoo

Waivoo

Privacy Policy

Last updated: March 15, 2026

1. Introduction

Waivoo ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you use our AI travel concierge service.

2. Data We Collect

Account Information

  • Name, email address, and phone number (optional)
  • Google account data (when using Google Sign-In)
  • Account preferences and travel preferences

Conversation Data

  • Messages you send to the AI concierge
  • AI-generated responses and itineraries
  • Search queries for hotels, flights, and activities

Payment Data

  • Payment processing is handled entirely by Stripe. We do not store credit card numbers or full payment details on our servers. We only store your Stripe customer ID and subscription status.

Usage Data

  • Token usage (input and output tokens consumed per session)
  • Session metadata (timestamps, response times)
  • IP address and browser user agent

3. How We Use Your Data

  • To provide and improve the AI travel concierge service
  • To manage your subscription and process payments via Stripe
  • To enforce token usage limits associated with your subscription plan
  • To send service-related communications (e.g., billing receipts, security alerts)
  • To analyze aggregated, anonymized usage patterns to improve our AI models

4. Data Sharing

We share your data only with:

  • Stripe — for payment processing
  • Google — for OAuth authentication (when using Google Sign-In)
  • AI Providers — conversation content is sent to Google Gemini for processing
  • Third-party APIs — hotel and flight search queries are sent to travel data providers

We do not sell your personal data to third parties. We do not share your data for advertising purposes.

5. Data Retention

Your conversation history and trip data are retained as long as your account is active. You can delete individual trips from the session interface. If you close your account, we will delete your personal data within 30 days, except where required by law.

6. Your Rights (GDPR)

If you are located in the European Economic Area, you have the right to:

  • Access and receive a copy of your personal data
  • Rectify inaccurate personal data
  • Request deletion of your personal data
  • Restrict or object to processing of your data
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@waivoo.com.

7. Security

We implement appropriate technical and organizational measures to protect your data, including encrypted connections (HTTPS/TLS), secure token storage, and access controls. However, no method of transmission over the internet is 100% secure.

8. Cookies

We use essential cookies for authentication (access tokens stored as cookies for middleware authentication). We do not use third-party tracking cookies. See our Cookie section in Terms of Service for more details.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice on our website.

10. Contact

For privacy-related questions, please contact us at privacy@waivoo.com.