Privacy Policy
Last updated: April 2026
1. Data collected
We collect: name, email address, date of birth, passport number (encrypted), phone number, airline loyalty program credentials (encrypted), miles balances, booking history, and search history. We collect only what is necessary to provide our service.
2. How we use it
Your data is used to: pre-fill airline booking forms, search award flight availability on your behalf, calculate savings compared to cash prices, send booking confirmations, and deliver route alert notifications. We do not use your data for advertising.
3. Data storage
All data is stored on Supabase (PostgreSQL) hosted in the Mumbai region. Passport numbers and airline login credentials are encrypted at rest using AES-256-GCM encryption with a 256-bit key. Encryption keys are stored as environment variables and never committed to code.
4. Data sharing
We never sell, rent, or trade your personal data. We share data only as necessary with: airline websites during booking sessions (your travel details for form pre-fill), Stripe (payment processing), and Resend (transactional emails). No data is shared with advertisers or data brokers.
5. Data retention
Booking records are retained for 7 years as required by financial record-keeping regulations. Credentials, passport data, and personal profile information are deleted within 30 days of account closure. You may request immediate deletion of your credentials and personal data at any time.
6. Your rights
You have the right to access, correct, or delete your personal data at any time. You can delete your stored credentials from your account settings. To request a full data export or account deletion, email privacy@getscrip.app. We will respond within 30 days.
7. Cookies
We use essential cookies only for authentication (Clerk session cookies). We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
8. Contact
For privacy inquiries, email privacy@getscrip.app.