Last updated: 21 June 2026
This Privacy Policy explains how TravelOne collects, uses, stores and shares personal data when you use our website, embedded travel marketplace, AI-powered travel concierge, booking services, customer support pages, emails, booking confirmations, vouchers and related services, together referred to as the “Service”.
This Privacy Policy should be read together with our Terms & Conditions, Cookie Policy, FAQ and any booking-specific terms shown to you before or after completing a booking.
1. Who we are
TravelOne operates through a group structure consisting of:
TravelOne Inc.
12 Horseshoe Road
Cos Cob, CT 06807
United States
Delaware C Corporation
and
TravelOne International AB
Krojvägen 7
141 31 Huddinge
Sweden
Swedish organisation number: 559069-5416
VAT number: SE559069541601
TravelOne International AB is a Swedish subsidiary wholly owned by TravelOne Inc.
In this Privacy Policy, “TravelOne”, “we”, “us” or “our” refers to the applicable TravelOne group company that provides the Service, acts as contracting entity, acts as Merchant of Record or is otherwise responsible for processing your personal data.
For customers whose contracting entity is TravelOne International AB, TravelOne International AB acts as the data controller for the processing of personal data described in this Privacy Policy.
For customers whose contracting entity is TravelOne Inc., TravelOne Inc. acts as the data controller for the processing of personal data described in this Privacy Policy, unless otherwise specified.
For customers located in the United States, the contracting entity and Merchant of Record will normally be TravelOne Inc., unless otherwise stated during the booking process.
For customers located in the European Union, the European Economic Area, the United Kingdom, Switzerland and other non-US markets, the contracting entity and Merchant of Record will normally be TravelOne International AB, unless otherwise stated during the booking process.
The applicable contracting entity and Merchant of Record may be shown during checkout, in the booking confirmation, payment receipt, invoice, voucher or other booking-related documentation.
2. Personal data we collect
Depending on how you use the Service, we may collect the following categories of personal data.
Contact and identity information
This may include name, email address, telephone number, country, language, lead guest name, traveller names and other details you provide when making a booking or contacting support.
Booking and travel information
This may include destination, event or ticket-related context, travel dates, number of travellers, number of rooms, hotel preferences, selected hotel, room type, meal plan, cancellation terms, booking status, TravelOne booking reference, supplier booking reference and other information needed to manage your booking.
Payment and transaction information
Payments may be handled by third-party payment providers such as Stripe.
We may receive limited payment-related information such as transaction status, amount, currency, payment confirmation, refund status, tax-related information, fraud-prevention signals and payment reference.
We do not normally store full payment card details.
AI concierge and support communication
If you use our AI-powered travel concierge or contact customer support, we may process the content of your messages, questions, preferences, booking context and related support history so we can assist you.
You should not enter sensitive personal information into the AI concierge unless it is necessary for your request.
Technical, usage and analytics data
We may collect information such as IP address, browser type, device type, operating system, referring website, pages viewed, date and time of visits, session data, cookies, interaction data, search activity, booking funnel events and similar technical information.
This may include events such as when the TravelOne widget opens, when a search starts, when search results are displayed, when a hotel is clicked, when filters are used, when checkout starts, when payment starts and when a booking is completed.
Marketing and communication data
If you subscribe to marketing or otherwise communicate with us, we may process your email address, communication preferences, responses and engagement with our emails.
3. How we collect personal data
We may collect personal data:
directly from you when you use the Service, make a booking, contact support, interact with the AI-powered travel concierge or otherwise communicate with us;
from partner websites where TravelOne is embedded into or linked from the partner website;
from travel suppliers, accommodation providers, transport providers, activity providers, travel technology providers or booking systems;
from payment providers;
through cookies, analytics tools and similar technologies;
from customer support interactions and booking-related communications.
Where a partner website shares booking, event or ticket-related context with TravelOne, such data should only be shared where permitted by applicable law and in accordance with that partner’s own privacy policy, cookie policy and consent settings.
4. Why we use personal data
We use personal data for the following purposes.
To provide the Service
We use personal data to show relevant travel options, process bookings, issue booking confirmations and vouchers, manage customer support, handle booking changes, cancellations and refunds, and provide service-related communication.
To process payments and prevent fraud
We use payment and transaction-related data to process bookings, confirm payments, manage refunds, prevent fraud, handle chargebacks and comply with accounting, tax and legal obligations.
To personalize the user experience
We may use travel dates, destination, event context, preferences, previous interactions and search behaviour to provide more relevant accommodation, transport, activity or travel recommendations.
To operate the AI concierge
We may use information you provide to the AI concierge to answer your questions, assist with travel planning, suggest options and
help you navigate the booking process.
To communicate with you
We may send booking confirmations, vouchers, service messages, support responses, cancellation information, refund updates, security notices and other important information.
To improve and develop the Service
We may use analytics, usage data, customer feedback and aggregated data to improve functionality, performance, design, conversion, mobile experience, support flows and supplier integrations.
To send marketing, where permitted
We may use your contact details to send newsletters, offers or promotional information where we have your consent or another lawful basis. You may opt out of marketing communications at any time.
To comply with legal obligations
We may process data to comply with applicable laws, regulations, tax rules, accounting requirements, court orders, authority requests, consumer protection obligations and contractual obligations.
5. Legal bases for processing
Where the GDPR, UK GDPR or similar data protection laws apply, we rely on one or more of the following legal bases:
Contract: where processing is necessary to provide the Service, take steps at your request before entering into a contract, complete a booking, issue confirmations or provide customer support.
Legal obligation: where processing is necessary for tax, accounting, consumer protection, regulatory compliance or other legal obligations.
Legitimate interests: where processing is necessary to operate, secure, improve and promote the Service, prevent fraud, protect against misuse, manage supplier and partner relationships, and support our business operations, provided that your rights and interests do not override those interests.
Consent: where required, for example for certain cookies, marketing communications or optional processing.
Vital interests or public interest: only where relevant under applicable law.
6. How we share personal data
We may share personal data with the following categories of recipients.
Travel suppliers and service providers
This may include hotels, accommodation providers, transport providers, activity providers, travel technology providers and booking systems where sharing is necessary to complete or manage your booking.
Payment providers
We may share payment-related information with payment providers such as Stripe in order to process payments, refunds, fraud checks and transaction confirmations.
Technology and infrastructure providers
We may use hosting providers, email providers, analytics providers, customer support tools, database providers, security providers and other technical service providers to operate, secure, monitor and improve the Service.
AI service providers
We may use third-party AI service providers to operate parts of the AI-powered travel concierge. Such providers process data on our behalf under contractual safeguards and data processing agreements where required.
TravelOne group companies
TravelOne Inc. and TravelOne International AB may share personal data with each other where necessary to provide the Service, process bookings, manage payments, issue confirmations and vouchers, provide support, handle cancellations and refunds, comply with legal obligations, prevent fraud and improve the platform.
Where TravelOne International AB acts as the contracting entity and Merchant of Record, booking and customer data may be shared with TravelOne Inc. where TravelOne Inc. holds supplier, distribution or technology agreements needed to source, arrange or fulfil the booking.
TravelOne Inc. may then share the necessary booking data with third-party travel suppliers, bed banks, travel technology platforms, accommodation providers or other service providers where required to complete or manage the booking.
Partner websites
permitted by applicable law and the partner’s own privacy policy, cookie policy and consent settings.
Where TravelOne is embedded into or linked from a partner website, we may share limited information with the partner for reporting, attribution, support, revenue-share calculation, technical troubleshooting and service improvement.
Privacy by design and by default
TravelOne applies privacy by design and privacy by default principles when sharing personal data.
This means that we aim to share only the personal data that is necessary for the relevant purpose, limit access to personal data to recipients who need it, use appropriate contractual, technical and organisational safeguards, and use aggregated or anonymised data where reasonably possible for analytics, reporting and service improvement.
Where the Service is embedded into or linked from a partner website, TravelOne aims to process and share only the data necessary to provide the Service, support the booking flow, measure performance, prevent fraud, comply with legal obligations and improve the platform.Where TravelOne is embedded into or linked from a partner website, that partner may share booking, event or ticket-related context with TravelOne where required, obtained consent.
Professional advisers and authorities
We may share personal data with accountants, lawyers, auditors, insurers, banks, courts, regulators, tax authorities, law enforcement or other authorities where necessary.
Business transfers
If TravelOne is involved in a merger, acquisition, restructuring, financing, sale of assets or similar transaction, personal data may be transferred as part of that transaction, subject to appropriate safeguards.
We do not sell personal data in the ordinary meaning of selling customer information for money. We do not share personal data with third parties for their independent advertising purposes unless we have disclosed this and, where required, obtained consent.
Professional advisers and authorities
We may share personal data with accountants, lawyers, auditors, insurers, banks, courts, regulators, tax authorities, law enforcement or other authorities where necessary.
Business transfers
If TravelOne is involved in a merger, acquisition, restructuring, financing, sale of assets or similar transaction, personal data may be transferred as part of that transaction, subject to appropriate safeguards.
We do not sell personal data in the ordinary meaning of selling customer information for money. We do not share personal data with third parties for their independent advertising purposes unless we have disclosed this and, where required, obtained consent.
7. AI-powered travel concierge
TravelOne may provide an AI-powered travel concierge to help users search, compare and understand travel options.
The AI concierge may process your questions, travel preferences, booking context and interaction history in order to respond to you. The AI concierge may also help explain hotel options, distances, cancellation terms, amenities, travel dates and other booking-related information.
The AI concierge is intended to assist you, but final booking decisions are made by you. Important booking details such as price, cancellation policy, dates, room type and supplier terms should always be reviewed before confirming a booking.
We do not intend to make decisions about you based solely on automated processing that produce legal or similarly significant effects, unless such processing is permitted by applicable law.
8. Cookies and analytics
We use cookies and similar technologies to operate the Service, remember preferences, secure the platform, understand usage, improve performance and measure booking funnel activity.
Some cookies are necessary for the Service to function. Other cookies, such as analytics or marketing cookies, may require your consent depending on your location.
We may use third-party analytics tools to understand how users interact with our website and Service.
For more information, please see our Cookie Policy.
9. International transfers
TravelOne may process and store personal data in the United States, the European Economic Area, the United Kingdom and other countries where we, our suppliers or our service providers operate.
Where personal data is transferred between TravelOne group companies, suppliers or service providers in different countries, including between the European Union and the United States, TravelOne will use appropriate safeguards where required by applicable data protection laws.
These safeguards may include adequacy decisions, standard contractual clauses, UK transfer safeguards, data processing agreements or other lawful transfer mechanisms.
10. Data retention
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy.
Retention periods may depend on the type of data, the nature of the booking, customer support needs, legal obligations, accounting requirements, tax rules, fraud prevention, dispute handling, chargeback periods and supplier requirements.
When personal data is no longer needed, we will delete, anonymize or securely retain it only where required or permitted by law.
11. Security
We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration or disclosure.
However, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security.
12. Your rights
Depending on your location and applicable law, you may have the right to:
request access to your personal data;
request correction of inaccurate or incomplete data;
request deletion of your personal data;
request restriction of processing;
object to certain processing;
request data portability;
withdraw consent where processing is based on consent;
object to direct marketing;
request information about automated decision-making;
lodge a complaint with a data protection authority.
If you are located in the European Union, you have the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data infringes the GDPR.
To exercise your rights, please contact us using the details below.
We may need to verify your identity before responding to your request. Some rights may be limited where we need to keep data for legal, accounting, fraud prevention, dispute resolution or booking-related reasons.
13. Marketing communications
You can unsubscribe from marketing communications at any time by using the unsubscribe link in our emails or by contacting us.
Even if you unsubscribe from marketing, we may still send service-related messages such as booking confirmations, vouchers, support messages, payment confirmations, cancellation updates, security notices and legal notices.
14. Children’s privacy
The Service is not intended for children. We do not knowingly collect personal data from children without appropriate consent. If you believe that a child has provided personal data to us, please contact us and we will take appropriate steps.
15. Third-party links and services
The Service may contain links to third-party websites or services, including hotels, travel suppliers, payment providers, partner websites or support resources.
We are not responsible for the privacy practices, content or security of third-party websites or services. You should review their privacy policies before providing personal data to them.
16. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be posted on our website with a new “Last updated” date.
If we make material changes, we may notify you by email, through the Service or by placing a prominent notice on our website.
17. Contact us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:
TravelOne Inc.
12 Horseshoe Road
Cos Cob, CT 06807
United States
Delaware C-Corp
TravelOne International AB
Email: support@travelone.ai
Web: www.travelone.ai/customer/support