Travel OS
FeaturesPricingSign in
Get started
← Back to Travel OS

Privacy Policy

Travel OS
Effective date: June 25, 2026
Last updated: June 25, 2026

Our Promise to You

Travel OS exists to make travel less stressful. We take that responsibility seriously — and that includes how we handle your data. This policy is written in plain English because we believe you deserve to understand exactly what happens to your information.

The short version: we collect only what we need to organize your travel, we never sell your data, we never store your emails, and you can delete everything at any time. The longer version is below.

1. Who We Are

Travel OS is a travel itinerary management application that automatically organizes your travel bookings. When you connect your email inbox, Travel OS scans for booking confirmation emails and extracts structured travel information — flights, hotels, transfers, restaurants, activities — to build a clear, organized timeline of your trips.

For questions about this policy, contact us at sanaysheth@gmail.com. We respond to all privacy inquiries within 24 hours.

2. Information We Collect

2.1 Account Information

When you sign in with Google or Microsoft, your authentication provider shares your email address, name, and profile picture with us. We use this information solely to:

  • · Create and maintain your Travel OS account
  • · Display your name and profile picture within the app
  • · Contact you about your account when necessary

We do not collect your Google or Microsoft account password. Authentication is handled entirely by Google and Microsoft — we never see your credentials.

2.2 Gmail and Outlook Data

This is the most sensitive data we handle, and we want to be completely transparent about it.

What we access:

When you explicitly connect your Gmail or Outlook account, Travel OS requests permission to read your inbox. We use this access to search for travel booking confirmation emails from airlines, hotels, car rental services, restaurants, tour operators, and travel booking platforms.

What we extract:

From matching booking confirmation emails, we extract only structured travel data:

  • · Event type (flight, hotel, restaurant, transfer, activity, tour, rail)
  • · Event title and vendor name
  • · Dates and times
  • · Location information
  • · Confirmation and booking reference numbers
  • · Passenger or guest names as they appear on bookings

What we store:

Only the structured travel data listed above is stored in your Travel OS account. We store this information to display your itinerary and provide the Travel OS service.

What we never do with your email data:

  • · We never store the raw content of your emails. Email content is processed temporarily in memory for data extraction and is immediately discarded after processing. It is never written to disk or retained in our database.
  • · We never read, access, or process emails unrelated to travel bookings. Our inbox search is specifically targeted at booking confirmation emails from travel-related senders.
  • · We never allow Travel OS employees, contractors, or any human to read your email content. All email processing is fully automated.
  • · We never use your email data for advertising, marketing profiling, or any purpose unrelated to building your travel itinerary.
  • · We never share, sell, or transfer your email data to third parties, except as required to perform the extraction service (see Section 4 — Service Providers).
  • · We never retain Gmail or Outlook data after your account is deleted or after you disconnect the integration.

Your control:

You can disconnect Gmail or Outlook at any time from Settings → Integrations. When you disconnect, we immediately lose access to your inbox. We cannot perform any further scans until you explicitly reconnect.

2.3 Trip and Event Data

Travel information extracted from your emails, plus any information you manually enter (trip names, destinations, notes, attached documents), is stored in your Travel OS account. This data is used solely to display and manage your travel itinerary.

2.4 Usage Analytics

We collect anonymized, aggregated data about how the app is used — which pages are visited and which features are used — through Vercel Analytics. This data cannot be traced back to you individually and is used only to understand how to improve the product.

We do not use cookies for tracking or advertising. We do not use third-party advertising networks.

3. How We Use Your Information

We use the information we collect to:

  • · Provide the Travel OS service — building, displaying, and organizing your travel itinerary
  • · Scan your inbox for travel booking confirmations when you explicitly request a scan
  • · Detect scheduling conflicts and surface relevant travel information
  • · Respond to your support requests and inquiries
  • · Improve and develop the Travel OS product based on anonymized usage patterns
  • · Comply with legal obligations

We do not use your information for:

  • · Advertising or marketing to you on behalf of third parties
  • · Selling insights about your travel patterns
  • · Any purpose you would not reasonably expect given the nature of a travel itinerary app

4. Service Providers

To operate Travel OS, we work with a small number of carefully selected infrastructure providers. Each provider receives only the data necessary to perform their specific function.

Supabase — supabase.com

Database and authentication infrastructure. Your account information, trip data, and event details are stored on Supabase's servers in the United States. Supabase is SOC 2 Type 2 certified.

OpenAI — openai.com

We use OpenAI's API to analyze travel confirmation email content and extract structured booking information. When you trigger an inbox scan, the content of matching booking confirmation emails is sent to OpenAI's API for processing. OpenAI processes this content to identify and extract travel data. Raw email content is not retained by Travel OS after processing, and is subject to OpenAI's data retention policies during processing. We do not use OpenAI for any purpose other than travel data extraction.

Google — google.com

We use Google for Sign in with Google authentication and Gmail API access. Our use of Google API data is described in detail in Section 6 of this policy.

Microsoft — microsoft.com

We use Microsoft for Sign in with Microsoft authentication and Outlook API access.

Vercel — vercel.com

Hosting and deployment infrastructure for the Travel OS application.

We do not work with advertising networks, data brokers, or analytics companies beyond those listed above.

5. Data Sharing

We do not sell, rent, or trade your personal information.

We share your information only in the following limited circumstances:

Service Providers: As described in Section 4, we share data with infrastructure providers who help us operate Travel OS. These providers are contractually obligated to use your data only to provide their services to us and not for their own purposes.

Legal Requirements: We may disclose your information if required to do so by law, court order, or other legal process, or if we believe disclosure is necessary to protect the rights, property, or safety of Travel OS, our users, or the public.

Business Transfers: If Travel OS is acquired by or merged with another company, your information may be transferred as part of that transaction. We will notify you by posting a prominent notice in the app and sending an email to your registered address before any such transfer occurs.

With Your Consent: We may share your information for any other purpose with your explicit consent.

6. Google API Services — Limited Use Disclosure

Travel OS's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Scope requested: https://www.googleapis.com/auth/gmail.readonly

This scope allows Travel OS to read Gmail messages and their content. We request this scope because it is the minimum scope necessary to access the body content of booking confirmation emails, which is required to extract structured travel information.

Limited Use compliance:

  • · Travel OS uses Gmail data solely to extract travel booking information for display in the user's Travel OS itinerary. We do not use Gmail data for any other purpose.
  • · We do not use Gmail data to develop, improve, or train generalized AI or machine learning models.
  • · We do not use Gmail data for advertising or to serve advertisements.
  • · We do not allow humans to read Gmail data except: (a) if we obtain the user's affirmative agreement to view specific messages, (b) as necessary for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) as otherwise permitted under the Google API Services User Data Policy.
  • · We do not transfer Gmail data to third parties except to our service providers (OpenAI for extraction processing and Supabase for storage) as necessary to provide the Travel OS service, and only in compliance with the Google API Services User Data Policy.
  • · We do not sell Gmail data.

7. Data Security

We implement industry-standard security measures to protect your information:

  • · Encryption in transit: All data transmitted between your browser and Travel OS is encrypted using HTTPS/TLS
  • · Encryption at rest: Your data is stored in encrypted databases
  • · Row-level security: Our database enforces strict access controls — you can only access your own data, never another user's
  • · Token security: Gmail and Outlook access tokens are stored securely with automatic expiry and refresh rotation
  • · Minimal data collection: We collect only the data necessary to provide the service, reducing the risk surface

If you discover a security vulnerability in Travel OS, please contact us immediately at sanaysheth@gmail.com. We take security reports seriously and will respond within 24 hours.

8. Your Rights and Controls

You have meaningful control over your data at all times.

Access your data

Export all your trips and events as a JSON file from Settings → Data → Export your data.

Delete your account

Permanently delete your account and all associated data from Settings → Data → Delete account. All personal data is deleted within 30 days of account deletion.

Disconnect inbox access

Disconnect Gmail or Outlook at any time from Settings → Integrations. This immediately revokes our ability to access your inbox.

Correct your data

Edit or delete any trip or event directly within the Travel OS app.

Request data deletion

Email sanaysheth@gmail.com with the subject line "Data Deletion Request" and we will delete your account and all associated data within 30 days.

Request a copy of your data

Email sanaysheth@gmail.com with the subject line "Data Access Request" and we will provide a complete export of all personal data we hold about you within 30 days.

9. Data Retention

Account data: We retain your account information and trip data for as long as your account is active. If you delete your account, all personal data is permanently deleted within 30 days.

Email access tokens: Gmail and Outlook access tokens are retained until you disconnect the integration or delete your account, whichever comes first. Tokens are automatically refreshed and rotated for security.

Raw email content: Never retained. Email content is processed in memory and discarded immediately after extraction.

Analytics data: Anonymized usage analytics are retained for up to 2 years to track product improvements over time.

10. International Data Transfers

Travel OS is operated in the United States. Our service providers store and process data in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country.

By using Travel OS, you consent to the transfer of your information to the United States as described in this policy.

11. Children's Privacy

Travel OS is not directed at or intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at sanaysheth@gmail.com and we will delete that information promptly.

12. Changes to This Policy

We will notify you of material changes to this Privacy Policy by posting a prominent notice in the Travel OS app at least 14 days before changes take effect, and sending an email to your registered address for significant changes.

Your continued use of Travel OS after changes take effect constitutes your acceptance of the updated policy. If you do not agree with changes to this policy, you may delete your account at any time.

13. Contact Us

Email: sanaysheth@gmail.com
Response time: Within 24 hours
Website: https://travel-os-ochre.vercel.app

For data deletion or access requests, please include "Data Deletion Request" or "Data Access Request" in your subject line.