Privacy Policy

Effective Date: 21 February 2026

SVG
SVG

Apyia, Inc. ("Apyia," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your information when you use our Services.

1. Information We Collect

Information you provide:

  • Name and email address (if you create an account)
  • Travel preferences, saved trips, or favorites
  • Communications with us

Information collected automatically:

  • Device type, operating system, and app version
  • Usage data and interaction events
  • Approximate location (city or country level)
  • Referral and click data related to affiliate links
  • IP address, browser type, and referral URLs

Payment & Contribution Information:

  • Contributions: When you make account contributions, payment information (credit/debit card or bank account details) is collected and processed by our PCI-compliant payment processor (Stripe). Apyia does not store full card numbers or bank credentials for contributions.
  • Travel Bucks Redemptions: When you request a redemption of Travel Bucks to your bank account, Apyia collects and securely stores your bank account information directly in our systems. This data is encrypted at rest, and access is strictly limited to authorized Apyia personnel for the sole purpose of processing your redemption.

We do not collect passport numbers or government ID details.

2. How We Use Your Information

We use collected information to:

  • Operate and improve the Services
  • Personalize travel recommendations
  • Track affiliate referrals and performance
  • Communicate updates, support, and service messages
  • Maintain security and prevent misuse
  • Fulfill legal and regulatory obligations

3. Affiliate and Third-Party Tracking

When you click a booking link within our Services, you will be redirected to a third-party travel provider's website. Those providers may use cookies or similar tracking technologies to record referrals and complete your booking. These technologies are governed by the provider's own privacy policies.

We do not control third-party tracking technologies and are not responsible for how those providers collect or use your data.

4. Sharing Your Information

We may share limited information with:

  • Affiliate partners (referral identifiers only)
  • Analytics providers supporting platform operations
  • Service providers supporting platform operations
  • Legal or regulatory authorities when required by law

We do not sell or rent your personal information.

5. Data Security

We use reasonable administrative and technical safeguards to protect your information, including encryption, secure server storage, and access controls. However, no method of transmission or storage is completely secure. By using our Services, you acknowledge the inherent risk of data transmission over the internet.

6. Data Retention

We retain personal information only as long as necessary to provide the Services, comply with legal obligations, or resolve disputes.

7. Your Rights — GDPR (EU/EEA Residents)

If you are located in the European Union or European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right to Access
  • Right to Rectification
  • Right to Erasure
  • Right to Restriction
  • Right to Data Portability
  • Right to Object
  • Right to Withdraw Consent

To exercise these rights, contact us at support@apyia.co. We will respond within 30 days, as required by law.

8. Your Rights — CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

  • Right to Know what personal information we collect and how it is used
  • Right to Delete your personal information
  • Right to Opt-Out of Sale (we do not sell your data)
  • Right to Non-Discrimination for exercising your rights

To make a CCPA request, email support@apyia.co with the subject line "CCPA Request." We will verify your identity and respond within 45 days.

9. Children's Privacy

The Services are not intended for children under the age of 13 (or 16 in some jurisdictions). We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will delete it promptly.

10. International Users

If you access the Services from outside the United States, your information may be processed in the United States or other jurisdictions where our service providers operate. By using the Services, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Continued use of the Services after changes become effective constitutes acceptance of the updated policy. We will notify you of material changes via email or a notice within the platform.

12. Contact Us

For privacy questions or to make a request, contact us at: support@apyia.co