Sign in Get started
Legal

Privacy Policy

Last updated · June 3, 2026

1. Who we are

TRVL3 Ltd. is a company registered in Israel, headquartered in Tel Aviv, that operates the TRVL3 cloud tourism platform. We are the data controller for information about you as our customer (the agent), and a data processor for information about your end-customers.

2. What we collect

About you (the agent): name, email, phone, business details, tax ID, payment information. About your end-customers (processed on your behalf): contact details, traveler information including passport data, booking history, communications. Usage data: device, browser, IP address, pages visited, actions taken — used for security, debugging, and product improvement.

3. How we use it

To provide the service; to bill you; to send transactional emails and security alerts; to improve the platform; to comply with legal obligations; with your consent, to send marketing about new features.

4. Legal bases (GDPR)

We rely on (a) performance of contract for service delivery and billing; (b) legitimate interest for product improvement, security, and prevention of fraud; (c) legal obligation for tax and regulatory compliance; (d) consent for optional marketing.

5. Who we share data with

Travel suppliers (only data needed to fulfill a booking — e.g. traveler name and passport for a flight); payment processors; cloud infrastructure providers (AWS / Azure / GCP); analytics and error-monitoring vendors under strict DPAs. We do not sell your data. We do not share data with third parties for their own marketing.

6. International transfers

Some of our processors are located outside the EU/EEA. Where this is the case we rely on Standard Contractual Clauses and supplementary safeguards required under the GDPR.

7. Retention

Account data: for the life of the account plus 7 years to satisfy tax and audit requirements. End-customer data: per your retention configuration, with a default of 7 years post-last-booking. Logs: 90 days for diagnostic, 12 months for security audit.

8. Security

Encryption at rest (AES-256) and in transit (TLS 1.2+). Tenant data is logically isolated. Access controls follow the principle of least privilege. We undergo annual independent penetration testing and are SOC 2 Type II compliant.

9. Your rights

Under GDPR you have the rights of access, rectification, erasure, restriction, portability, and objection. You may exercise these rights in-app from your account settings or by emailing privacy@trvl3.com. We respond within 30 days.

10. Cookies

We use essential cookies (authentication, security, preferences) without consent. Analytics and product cookies are loaded only with your consent, which you can manage from the cookie banner or in your settings.

11. Changes

We will notify you at least 30 days before any material change to this policy by email and an in-app banner.

12. Contact

Data Protection Officer: privacy@trvl3.com · TRVL3 Ltd., 12 Rothschild Blvd, Tel Aviv 6688100, Israel.