Privacy Policy

1. Data controller

[Your Company Name Ltd] (“Jaunt”) is the data controller for your personal data. We are registered with the Information Commissioner’s Office (ICO) under registration number [XXXXXXX].

Contact: [support@yourdomain.com]

2. What we collect

3. Sub-processors

We use the following sub-processors to deliver Jaunt. Each is bound by data-protection terms compliant with GDPR Article 28. We process data in the UK and the EEA wherever possible; the United States transfers below are covered by either the EU-US Data Privacy Framework or Standard Contractual Clauses.

• Cloudflare, Inc. (US, processing in EU) — backend hosting (Workers, D1, KV) and DNS. Edge logs may contain request metadata. Subject to Cloudflare’s Privacy Policy.
• Vercel, Inc. (US, processing in EU) — frontend hosting. May collect IP addresses and request metadata in server logs.
• Duffel Technology Limited (UK) — receives passenger details (name, DOB, contact) to issue airline tickets. Duffel passes this to the operating airline.
• LiteAPI (operated by Nuitée Travel SAS, France) — hotel inventory search and booking. Receives stay dates, guest names, and contact details when you confirm a hotel reservation.
• Stripe Payments UK Ltd (UK) — processes card payments. We never see or store card numbers (we use Stripe Checkout, putting us in the lowest PCI scope). When you complete a booking we send Stripe your email address, the booking amount + currency, and a booking reference; Stripe creates a customer record for you so it can match returning visitors. We also offer Stripe Link— Stripe’s optional one-click wallet — alongside cards. If you choose Link, Stripe stores your saved card and recognises you on any Stripe-powered site that you opt in to (this is Stripe’s service, not ours). Link uses a small functional cookie set by Stripe; it is not an advertising cookie and is exempt from PECR consent under the “strictly necessary” exemption. You can delete your Link wallet at any time via link.com. The Stripe customer record we created is removed when you delete your Jaunt account (we issue a Stripe API delete on your customer ID). Subject to Stripe’s Privacy Policy and Stripe Link Terms.
• Resend, Inc. (US) — transactional email delivery (login links, booking confirmations, flight alerts). Email address + message body only.
• AeroDataBox (operated by RapidAPI / RapidQube Ltd) — flight status lookups. Sends only the flight number and date; never your personal data.
• Mapbox, Inc. (US) — geocoding and map tiles for trip planning. Receives only the place names you search for; never your account identifiers.
• Anthropic PBC(US) — the “Claude” AI model that parses forwarded booking emails into structured trip data. Only the contents of forwarded emails are sent for parsing; outputs are stored against your account in our D1 database. Anthropic does not train on this data per our zero-retention agreement.
• Meta Platforms, Inc. (Ireland, EU) — WhatsApp Business Cloud API for delivering flight alerts to recipients you invite. Phone number + message body only.
• Airlines — receive passenger data as required for ticketing and check-in. Each airline has its own privacy policy.
• Third-party AI clients you authorise (e.g. Anthropic Claude, OpenAI ChatGPT, Cursor, custom MCP clients) — when you connect Jaunt to an AI assistant via our Model Context Protocol (MCP) endpoint, that assistant operator becomes its owndata controller for the conversations you have with it. Jaunt sends only the data the assistant requests via the OAuth scopes you granted (see Section 12). We have no contract with the AI provider; their privacy policy applies separately. You can revoke any client’s access in one click from Settings → Connected apps.

We do not sell your personal data. We do not share data with advertising networks or data brokers. We do not use any analytics SDKs that track you across sites.

4. Data retention

• Account data: retained while your account is active. Deleted within 30 days of account closure.
• Booking records: retained for 6 years from the booking date (HMRC requirement for financial records).
• Flight tracking data: retained while your account is active.
• Notification logs: retained for 12 months, then automatically deleted.

5a. If someone added you as a recipient

Jaunt sends WhatsApp and email flight notifications to people that one of our users has added as a “recipient” (typically family, partners, or meeting hosts). If you’ve started receiving these and want to stop, you have three independent ways to opt out / unsubscribe at any time:

• Reply STOPto any WhatsApp message — Meta’s platform honours this automatically and we will not send to that number again.
• Click the unsubscribe link at the bottom of any email we send.
• Ask the Jaunt user who added you to remove your contact details. They can do this from their /recipients page in seconds.

We do not market to recipients outside of the flight-status updates the Jaunt user has set up — this is the “legitimate interest” legal basis listed in the data table above. PECR consent for direct marketing applies separately and is not what these alerts use.

5. Your rights (UK GDPR)

You have the right to:

• Access — request a copy of all personal data we hold about you
• Rectification — correct inaccurate data
• Erasure — request deletion of your data (subject to legal retention periods)
• Data portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interest
• Withdraw consent — where processing is based on consent

To exercise any of these rights, email [support@yourdomain.com]. We will respond within 30 days.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk.

6. Cookies

Jaunt uses only essential cookiesrequired for authentication (session tokens). We do not use analytics cookies, tracking pixels, or third-party advertising cookies. The Stripe checkout page (when you book) sets a small functional cookie for Stripe Link recognition — that’s oncheckout.stripe.com, not jaunt.com, and is governed by Stripe’s privacy policy. It’s functional only (autofill the next time you pay) and is not used for advertising.

6a. Affiliate & airline-redirect click tracking

When a flight result on /exploreredirects you to an airline’s own website (e.g. Ryanair, Wizz Air) or an affiliate partner (currently Travelpayouts, Aviasales for legacy paths), we log the click. For each click we record:

• Vendor and click source — which redirect path fired (e.g.airline-direct-fr) and where in the UI the click originated (search results, “no directs surfaced” banner, etc.)
• Carrier IATA, origin/destination IATA, and departure dateof the flight you clicked — used to compute aggregate route demand
• Countryderived by Cloudflare’s edge from your IP address (e.g. “GB”, “FR”). We never see or store the IP itself — Cloudflare resolves the country at the edge and forwards only the two-letter code to our worker
• Timestampand, if you’re signed in, your user ID; otherwise the click is anonymous
• Outcome(initially null) — flipped to “booked”, “refunded”, or “expired” if and when our affiliate partner reports back. For airline-direct clicks (no affiliate marker) the outcome stays null

Purpose and lawful basis: we rely on legitimate interest(UK GDPR Art. 6(1)(f)) to (1) demonstrate our user demand to airline partners when negotiating future direct-booking agreements, (2) improve our routing and ranking of flight options based on which carriers actually serve a route, and (3) reconcile our view of click volume against vendor dashboards. We have completed a balancing test; you can request the test memo via the contact details below.

Retention: click rows with structured route + carrier data are kept for 24 months, after which they are either deleted or aggregated into anonymous monthly route-volume summaries that no longer identify individuals.

Your right to object:you can object to this processing at any time via the contact email in section 1; we’ll stop logging your clicks immediately. Doing so won’t affect your access to flight search — the click tracking is purely for analytics and partnership pitches.

7. International transfers

Some of our sub-processors (Cloudflare, Vercel, Resend, Mapbox, Anthropic) are US-incorporated, though Cloudflare and Vercel deliver our services from EU edge locations where possible. These transfers are protected by Standard Contractual Clauses (SCCs) approved by the UK ICO, the EU-US Data Privacy Framework where the provider is certified, or both.

8. Security

We use industry-standard security measures including encryption in transit (TLS), encrypted databases, and secure authentication (magic link — no passwords stored). Access to personal data is restricted to authorised personnel only.

12. AI agent access (MCP / Connectors)

Jaunt exposes a Model Context Protocol (MCP) endpoint at api.usejaunt.com/mcpthat lets you connect AI assistants (Claude, ChatGPT, Cursor, etc.) to your Jaunt account. This is opt-in and uses OAuth 2.1 with PKCE — the same security model as “Sign in with Google”. We never share your password with any AI client.

Scopes. When you connect an AI client, we ask you to approve a granular consent screen showing exactly which scopes the client is requesting. Three scopes exist:

• mcp.read— the client can see your trips, flights, recipients (names + flight numbers only), country-day counts, year-in-review stats, and travel preferences. It cannot see your saved payment methods, magic-link tokens, or session cookies.
• mcp.write— the client can add or remove flights, save preferences, drop planning pins, and update recipient contact details. It cannot delete your account or change your email.
• mcp.book— the client can run real bookings (flights via Duffel, hotels via LiteAPI) on your behalf. We require an explicit two-step confirmation: the agent shows price + cancellation terms, then a second tool call (with a one-time confirmation token) actually charges Stripe and issues the ticket. Granting mcp.bookis therefore nota blanket spend authorisation; it’s the technical ability to call the booking API once you confirm in chat.

Audit log. Every MCP tool call is recorded against your account with timestamp, client name, tool name, arguments, and result status. You can view or export this log from Settings → Connected apps → Activity. Logs are retained for 12 months.

Revocation. Revoking an AI client invalidates its OAuth token immediately. Any in-flight tool calls fail; subsequent calls return 401 Unauthorized. We send no further data to that client.

What the AI provider sees.When the agent calls an MCP tool, the request and response travel through the AI provider’s infrastructure (e.g. Anthropic’s servers if you use Claude). They become a data controller for that conversation under their own privacy policy. We have no zero-retention agreement with third-party AI clients you connect — only with the Anthropic Haiku model we use server-side to parse forwarded booking emails. If data minimisation matters to you, prefer narrower scopes and shorter conversations.

9. Changes to this policy

We may update this privacy policy from time to time. Material changes will be communicated via email or in-app notification. The “last updated” date at the top reflects the most recent revision.