UrTravelPro ← Back to home

This Privacy Policy describes how Pride Travelers, LLC d/b/a UrTravelPro ("Company," "we," "us," or "our") collects, uses, shares, and protects information when you use the UrTravelPro Platform and its applications, including UrTravelPro Books, UrTravelPro Marketing, and UrTravelPro Compass (each, an "App"; collectively, the "Service").

By using the Service, you agree to the practices described in this policy. This policy is part of, and incorporated into, our Terms of Service.

Contents

  1. Information We Collect
  2. How We Use Information
  3. When We Share Information
  4. Third-Party Service Providers
  5. Books — App-Specific Privacy
  6. Marketing — App-Specific Privacy
  7. Compass — App-Specific Privacy
  8. Trips — App-Specific Privacy
  9. Data Retention
  10. Data Security
  11. Your Rights (GDPR, CCPA, CPRA)
  12. Children's Privacy
  13. International Transfers
  14. Cookies & Tracking
  15. Changes to This Policy
  16. Contact

1. Information We Collect

1.1 Account information

When you create an UrTravelPro account or sign in via Single Sign-On (SSO), we collect:

1.2 Information you provide through the Service

As you use each App, you provide additional information. The categories depend on the App; see Sections 5, 6, and 7 for App-specific detail. In general, you may provide:

1.3 Information collected automatically

When you use the Service, we automatically collect:

1.4 Information from third-party services you connect

Some features require you to connect a third-party service. When you do, we receive only what is necessary to provide the feature. For example:

2. How We Use Information

We use the information we collect to:

We do not sell your personal information. We do not use your User Data to train third-party AI models.

3. When We Share Information

We share information only in the limited circumstances described below.

3.1 Third-party service providers

We share data with service providers that help us operate the Service, under contracts that require them to protect your data and use it only for our purposes. See Section 4 for the list.

3.2 Within your organization

Other members of your organization who have access to the same App may see User Data your organization has entered, subject to role-based permissions inside the App.

3.3 Legal compliance

We may disclose information if required by law, regulation, legal process, or governmental request, or to investigate or prevent fraud, security incidents, or violations of our Terms.

3.4 Business transfers

If we are involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will provide notice through the Service before your information becomes subject to a different privacy policy.

3.5 With your consent

We may share information for any other purpose with your explicit consent.

4. Third-Party Service Providers

The Service uses the following service providers. Each is contractually bound to protect your data. Their links lead to their own privacy policies, which we encourage you to review.

Provider Purpose Data shared
Stripe, Inc. Subscription billing and payment processing for all Apps Customer name, email, billing address, subscription metadata; payment card data is collected directly by Stripe (we never see or store it)
Plaid Inc. Bank feed connections in Books (optional) Bank account identifiers, transaction history, balances; bank login credentials go directly to Plaid and never to us
Stripe Connect Per-agency payment processing for Trips Direct Invoices. Funds settle to the agency's own connected Stripe account; we receive only an application fee. Cardholder name, email, billing address, payment-card data (collected directly by Stripe — we never see or store the card number), charge metadata. The agency owner completes Stripe's onboarding identity verification directly with Stripe.
Cloudflare Object storage (R2) for encrypted attachments, content delivery, edge security, DNS, and custom hostname provisioning for agency-branded portals Uploaded attachments (encrypted at rest before upload), published content, request metadata, DNS records for custom hostnames
Postmark / Brevo Transactional email delivery (password resets, account invitations, billing, security notices, support replies, Trips agent and client portal notifications) Recipient email, sender email, message content as needed to deliver the email
Amazon Web Services (SES) Fallback transactional email delivery Recipient email, sender email, message content as needed to deliver the email
Google (Gmail API) Optional in Trips. If an agent connects their own Gmail mailbox, we send outbound client emails through their mailbox via OAuth so deliverability stays on their domain. Agent's Gmail email address and refresh/access tokens (stored encrypted), and the contents of emails the agent sends or receives through Trips. Tokens are scoped to send and modify; we do not request broader Gmail access. Agents can revoke at any time from Google Account settings or from inside Trips.
Google reCAPTCHA v3 Bot detection on public form submissions in Trips and on certain inquiry / contact-sales forms Submitter IP address, user-agent, and Google-issued reCAPTCHA token; Google scores the submission for likelihood of being automated
ClamAV (self-hosted) Virus scanning on uploaded attachments before they are stored File contents in memory only, for the duration of the scan; no data is transmitted to any third party
SMS / email infrastructure providers Outbound email and SMS for the Marketing App; suppression handling; carrier 10DLC registration Recipient phone or email, sender identity, message content, unsubscribe / suppression records

5. Books — App-Specific Privacy

5.1 What Books collects

Inside Books, you enter or import:

5.2 Bank feed data (Plaid)

If you choose to connect a bank feed, Plaid retrieves data from your financial institution on your behalf using a secure access token. We receive from Plaid:

The bank feed connection is read-only — we cannot move money or modify anything at your bank. You can disconnect a bank feed at any time from the Banking page, which revokes our access at Plaid. Transactions previously imported into your books remain in your books because they form part of your accounting records.

Your banking credentials are entered directly into Plaid's interface and are never seen, transmitted to, or stored by UrTravelPro Books.

5.3 Encryption at rest for Books

Uploaded attachments in Books are encrypted at rest using AES-256-GCM with per-organization keys derived via HKDF from a master key held in our secret store. The keys are accessible only to our platform infrastructure for the purpose of serving them back to authorized users; they are never exposed to third parties.

6. Marketing — App-Specific Privacy

6.1 What Marketing collects

You upload, create, or manage:

6.2 Consent and compliance data

To support your compliance with CAN-SPAM, CASL, GDPR, TCPA, and 10DLC, we record:

Suppression records are retained indefinitely so we can continue honoring an opt-out even after a contact is deleted. This is a legal requirement of anti-spam laws and is not subject to deletion on contact request.

6.3 Tracking inside marketing messages

Marketing emails may include open-tracking pixels and click-tracking redirects. These collect:

Recipients of your marketing messages are subject to this tracking when they open or click. As the sender, you are responsible for disclosing this in your privacy policy and complying with applicable law.

6.4 SMS-specific data

SMS dispatch through Marketing also collects:

7. Compass — App-Specific Privacy

7.1 What Compass collects

You publish and manage:

7.2 Visitor analytics on your published Compass content

When a reader visits content you publish through Compass, we may collect aggregate analytics (page view counts, referrer, country-level location, device class) to provide you with reporting and to operate the Service. We do not collect personally identifying information about your readers unless they submit it through a form you offer them.

Trips — App-Specific Privacy

What Trips collects from your agency staff

Inside Trips, your agency creates and manages records about your travelers. The data you enter is your data, controlled by your agency; we process it on your behalf to provide the Service.

Traveler identity

Identity fields — name, email, phone, address, and date of birth — are owned by UrTravelPro Core and shared across the apps you use; Trips references them by an internal identifier rather than duplicating them locally.

Travel-specific information

Trips stores travel-specific details you enter for each traveler, including:

Sensitive documents and attachments

Passport scans, travel documents, and other files uploaded into Trips are encrypted at rest using AES-256-GCM with per-organization keys derived via HKDF from a master key held in our secret store. Every upload, view, download, and deletion writes an entry to an append-only audit log that captures the action, the user, their IP address, user agent, and timestamp. Files are stored in Cloudflare R2 object storage and are scanned for malware by ClamAV before they are accepted.

Forms, signatures, and form submissions

When a traveler fills out a form your agency shared with them, Trips records the responses, the submitter's email address (if captured), the submitter's IP address, the submitter's user agent, and the time of submission. If a form includes an electronic signature field, the typed name or drawn signature image is captured together with the signer's IP address, user agent, and signing timestamp as an audit trail; once a submission is signed, the responses are locked and become a tamper-evident record. Files attached to form submissions follow the same encryption-at-rest and audit-logging rules as other Trips attachments.

Payments and invoicing (Direct Invoices)

If your agency uses Trips Direct Invoices to accept planning-fee payments from travelers, payments are processed by Stripe through your agency's own connected Stripe account; funds settle to your bank account, not ours. We do not see or store the card number or full payment details. For receipt and reconciliation we store only the card brand, the last four digits, the charge amount, the Stripe charge identifier, and our platform application fee. Tax-relevant payout information goes directly between Stripe and your agency.

Outbound email through your Gmail (optional)

If an agent connects their own Gmail mailbox in Trips, outbound client emails are sent through the agent's mailbox using Gmail's API. We store the agent's encrypted OAuth tokens and the email content needed to send and thread messages back into the trip record. An agent can disconnect at any time from inside Trips or from their Google Account; disconnection revokes our access and stops further sending.

Client portal and custom agency domains

Each agency has a branded client portal where travelers sign in to view their own trips, invoices, files, and messages. Travelers see only the trips they are linked to, and within a trip see only the items your agency has explicitly marked client-visible.

Portal accounts use email and password. A new traveler receives an invitation email containing a one-time, time-limited claim link that lets them set their password on first use; the same mechanism is used when a traveler asks to reset a forgotten password. Once a password is set, the traveler signs in with email and password on subsequent visits. We store passwords hashed (never in plain text). Portal sign-in events (timestamp, IP address, user agent) are logged for security and to support audit requests. If your agency wires a custom domain (for example, portal.your-agency.com) to the portal, sign-in cookies are scoped to that domain; cross-host handoff between the canonical Trips host and the custom host is performed using a short-lived, single-use, HMAC-signed token.

Cross-app data flows inside the UrTravelPro Platform

Because Trips is part of the UrTravelPro Platform, certain data may flow between Trips and the other Apps your agency uses, for example: commission line items recorded on a Trips invoice may be posted to Books as a deposit transaction; Compass guides may be embedded into Trips emails; consenting travelers may be added to an audience in Marketing. These flows are initiated by your agency staff and are described in the help center; we do not sell or share traveler data with anyone outside the UrTravelPro Platform.

Children

Trips is built for travel agencies serving adult clients. Agencies may record minor travelers' names and travel-relevant information on the parent's record when planning family travel; agencies remain responsible for the lawful collection and handling of any minor's information they enter. See Section 11 for our overall position on children's information.

8. Data Retention

We retain your information for as long as your account is active and as long as needed to provide the Service. Specific retention behaviors:

9. Data Security

We use commercially reasonable administrative, technical, and physical safeguards designed to protect your information. These include:

No system is perfectly secure. We cannot guarantee that information will never be accessed, disclosed, altered, or destroyed by breach. In the event of a data incident affecting your information, we will notify you in accordance with applicable law.

10. Your Rights (GDPR, CCPA, CPRA, and other privacy laws)

10.1 Universal rights

Regardless of where you live, you may:

10.2 European Economic Area, United Kingdom, and Switzerland

The Service is operated from the United States and is not offered to, marketed to, or designed for use by residents of the European Economic Area, the United Kingdom, or Switzerland. The Service is not built to comply with the GDPR, the UK GDPR, the Swiss Federal Act on Data Protection (FADP), or any equivalent regional regime, and our customers agree under our Terms of Service (§10.1) not to use the Service to process personal data of EEA, UK, or Swiss residents.

If you believe a customer of ours has uploaded your personal data into the Service and you are an EEA, UK, or Swiss resident, contact [email protected]. We will, where we can identify the customer, forward your request to them and assist with deletion. Because the upload by the customer violates our Terms in this scenario, the customer — not us — is the party responsible for your data and any legal exposure arising from it.

10.3 If you are a California resident (CCPA / CPRA)

You have the right to:

To exercise these rights, contact [email protected]. We will verify your identity before fulfilling the request.

10.4 If you are a contact of one of our customers

If your personal information was uploaded to the Service by one of our customers (for example, as a contact in their Marketing audience, or as a payee in their Books records), we act as a "service provider" or "data processor" with respect to your data. Your rights run primarily against that customer — they decide whether your information is collected and retained. If you reach us directly and we can identify the customer, we will forward your request to them.

11. Children's Privacy

The Service is intended for use by businesses and adults. We do not knowingly collect personal information from children under 13 (or under 16 in jurisdictions where that threshold applies). If we learn that we have collected information from a child without parental consent, we will delete it. Contact [email protected] if you believe we hold information about a child.

12. Where We Process Data

Our infrastructure is operated in the United States. The Service is intended for use by US-based travel businesses serving US-based clients, and is not offered to residents of the European Economic Area, the United Kingdom, or Switzerland (see Section 10.2 and our Terms of Service §10.1). If, despite these restrictions, your information is processed by us, it will be stored and processed in the United States and in other countries where our service providers (listed in Section 4) operate.

13. Cookies & Tracking

We use essential cookies to authenticate sessions, remember your preferences, and protect against abuse. We may also use limited analytics cookies to understand how the Service is used in aggregate. We do not use cookies for cross-site advertising. You can control cookies through your browser settings, but disabling essential cookies will prevent you from signing in.

Our marketing site (urtravelpro.com) and each App may use additional analytics consistent with this section. A separate Cookie Policy may be published in the future with specific cookie names and purposes.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The updated effective date will appear at the top of this page when changes are made. Material changes will be communicated through the Service or via email to the account owner. Continued use of the Service after an update constitutes acceptance of the updated Privacy Policy.

15. Contact

For questions about this Privacy Policy or to exercise your privacy rights, contact us at:

Pride Travelers, LLC
d/b/a UrTravelPro
1559 Oak Hill Trail
Kissimmee, FL 34747
[email protected]