Beta

Every feature is free during beta. No credit card, no catch.

Skip to content
RewardZ Travel
Back to home
Last updated May 3, 2026

Privacy policy.

What we collect, why, who we share it with, and the rights you have under GDPR and CCPA.

This Privacy Policy explains what RewardZ Travel("we," "us," "our") collects, why, who we share it with, and the rights you have. By using https://rewardztravel.com(the "Site") you agree to this policy. If you do not agree, do not use the Site.

1. Who we are

RewardZ Travel is a travel content and tools website headquartered in the United States. We are operated by an individual proprietor; we do not have a separate corporate entity. For privacy questions, email hello@rewardztravel.com.

2. Information we collect

Information you provide directly

  • Account information: email, password (hashed by our auth provider; we never see plaintext), display name, optional username, optional home airport.
  • Wallet data (optional): loyalty program names, point balances, account numbers (if you choose to enter them), expiration dates, and notes you manually enter. Stored encrypted at rest in Supabase. Visible only to you.
  • Newsletter signup: email address, a hashed IP fingerprint, browser user-agent, and timestamp, collected only when you affirmatively consent to subscribe.
  • Advisor chat history:if you use our AI Advisor, we save the message thread (your inputs + the model's responses) so you can resume past conversations. Visible only to you. You can delete any conversation at any time from the chat UI.
  • Billing information: if you upgrade to a paid tier, our payment processor Stripe collects your payment method. We never see or store your card number, CVV, or full billing address. We store the Stripe customer ID and subscription state needed to enforce tier access.
  • Gmail (only if you connect it, advanced users): if you authorize Gmail in your wallet, we use the read-onlygmail.readonlyscope to find Chase / Amex / Citi / Capital One statement emails and parse balances. We never read other emails, never write or send anything, and never store the email contents themselves, only the OAuth refresh token (encrypted at rest) and the parsed numeric balance. Disconnect any time on the wallet page. Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
  • Email forwarding alias (advanced, opt-in): if you generate a forwarding alias and forward statements there, the message body is parsed in-memory by our inbound webhook and only the parsed numeric balance is stored, the original message is not retained.
  • Contact messages: when you email us or submit a contact form, we receive whatever you send.

Information collected automatically

  • Analytics: if you consent to analytics cookies, we collect aggregated, non-identifying usage data (pages visited, referrer, device type, country) to understand what content is useful. We use Vercel Analytics; we do not use Google Analytics and we do not run third-party advertising trackers.
  • Affiliate clicks: when you click an affiliate link, the destination network (CJ, Impact, Travelpayouts) sets its own cookie or tracking parameter to attribute a referral. We log the click event ourselves only as an aggregate count for our own reporting (no personally identifying info attached).
  • Server logs: our hosting provider (Vercel) logs IP addresses and request metadata for security and abuse monitoring. Logs are retained for 30 days and not joined back to accounts.
  • Essential cookies: auth session cookies (set by our auth provider Supabase) and a CSRF protection cookie. These are required for the site to function.

Information we do not collect

  • We do not collect your Social Security Number.
  • We do not collect biometric data.
  • We do not collect precise geolocation.
  • We do not track you across the open web with advertising cookies. We do not sell your data to data brokers.

3. How we use your information

  • To operate the Site and your account.
  • To answer your AI Advisor questions and save chat history.
  • To send the newsletter (only if you consented).
  • To process payments for paid tiers (via Stripe).
  • To prevent fraud, abuse, and quota evasion.
  • To comply with legal obligations and respond to lawful requests.
  • To improve the product (analytics on aggregate usage; we never read individual users' chat history for product improvement without explicit permission).

4. Who we share data with

We use the following third-party processors. Each is bound by its own privacy policy:

  • Vercel, hosting + edge runtime + analytics.
  • Supabase, database, authentication, file storage. US-based.
  • Anthropic. AI inference for the Advisor. We send the conversation messages to Anthropic's Claude API to generate responses. Anthropic's API does not retain your prompts for model training (per their commercial terms).
  • Resend, transactional and newsletter email delivery.
  • Stripe, payment processing for paid tiers. Stripe is PCI-DSS Level 1 certified.
  • Affiliate networks(CJ Affiliate, Impact, Travelpayouts, Amazon Associates), when you click an affiliate link, the destination network sets its own tracking; that data flow is governed by the destination's privacy policy, not ours.

We do not sell or rent your personal information to anyone. We disclose data only when required by law (subpoena, court order) or to enforce our terms.

5. Data retention

  • Account data: retained while your account is active. Deleted within 30 days of account deletion request.
  • Wallet entries: retained while your account is active. Deleted with your account.
  • Advisor chat history: retained while your account is active. Free-tier history is capped to the most recent 7 days; paid tiers retain indefinitely. You can delete any conversation manually any time.
  • Newsletter subscriptions: retained for CAN-SPAM audit (consent timestamp + IP hash) even after unsubscribe. Email content itself is not retained.
  • Server logs: 30 days.
  • Analytics: aggregated indefinitely (not joined to your identity).

6. Your rights

If you are in the European Economic Area (GDPR)

You have the right to: access your personal data, correct inaccurate data, delete your data, restrict or object to processing, data portability (export), and to lodge a complaint with a supervisory authority. Email us at hello@rewardztravel.com to exercise any right; we will respond within 30 days.

If you are in California (CCPA / CPRA)

California residents have the right to know what personal information we collect (described above), to request deletion, to correct inaccuracies, to opt-out of any sale or sharing of personal information, and to be free from discrimination for exercising these rights. We do not sell your personal information. We do not share personal information with cross-context behavioral advertisers. To exercise any right, see the Do Not Sell My Personal Information page or email us.

Everywhere else

You can delete your account at any time at /account. Deletion removes all account-linked data within 30 days.

7. Children

The Site is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, email us and we will delete it.

8. Security

We use industry-standard practices: TLS encryption in transit, encryption at rest, hashed passwords, parameterized queries, row-level-security on user-private tables. No system is perfectly secure. If you discover a vulnerability, email hello@rewardztravel.com.

9. International transfers

Our processors operate primarily in the United States. If you access the Site from outside the US, you understand your information is transferred to and processed in the US. We rely on standard contractual clauses with our EU-active sub-processors where applicable.

10. Changes to this policy

We may update this Privacy Policy. We'll change the "Last updated" date at the top, and for material changes we'll email registered users.

11. Contact

Privacy questions: hello@rewardztravel.com
Mailing address:
RewardZ Travel
9811 W. Charleston Blvd, Ste 2-416
Las Vegas, NV 89117

Security disclosures: hello@rewardztravel.com