1. Overview
Skolara ("we," "us," or "our") operates ItinerarME. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. By using the Service, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
From travel agents (account holders):
- Email address and name (used for authentication)
- Agency logo (uploaded voluntarily)
- Business settings and preferences
- Google OAuth tokens (if you connect Google Calendar/Gmail)
From client data entered by agents:
- Client names, email addresses, and trip details
- Booking confirmation numbers and travel dates
- Payment card authorizations (cardholder name, last 4 digits, expiry — card numbers are encrypted and deleted after single use)
Automatically collected:
- Log data (IP addresses, browser type, pages visited)
- Itinerary view counts when clients open shared links
3. Payment Card Data
We take card data security seriously. Our approach:
- CVV/security codes are never collected. We explicitly do not request or store CVV numbers at any point.
- Card numbers are encrypted with AES-256-GCM before storage and are only accessible to the authorized agent.
- Card numbers are permanently and irrevocably deleted from our servers the moment an authorized agent views them. They cannot be retrieved again.
- Card last-4 digits and expiry dates are retained as part of the signed authorization record.
- Signed authorization records are retained as legal documentation of client consent.
4. How We Use Your Information
- To provide and operate the Service
- To send transactional emails (itinerary delivery, card authorization requests) on behalf of agents
- To generate AI-assisted itinerary content using trip and booking data you provide
- To communicate with you about your account, billing, and service updates
- To detect and prevent fraud or misuse
We do not sell your data or your clients' data to third parties. We do not use client data for advertising.
5. Data Sharing and Third Parties
We share data only as necessary to operate the Service:
- Supabase — database and file storage hosting (United States)
- Vercel — application hosting and infrastructure (United States)
- Resend — transactional email delivery
- Anthropic — AI itinerary generation (trip/booking data is sent to the API; Anthropic's privacy policy applies)
- Google — if you connect Google Calendar or Gmail, Google's privacy policy applies to those integrations
- Stripe — subscription billing (payment card data for billing is handled entirely by Stripe and never touches our servers)
6. Data Retention
- Account data is retained until you delete your account
- Encrypted card numbers are deleted immediately after agent reveal (one-time)
- Card authorization records (excluding the card number) are retained as long as your account is active
- Upon account deletion, all personal data is deleted within 30 days
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Export your data in a portable format
- Object to or restrict certain processing
To exercise these rights, contact us at support@skolara.dev.
8. Security
We implement industry-standard security measures including encryption in transit (TLS), AES-256-GCM encryption for sensitive data at rest, row-level security on our database, and access controls. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
9. Cookies
We use cookies solely for authentication session management. We do not use advertising or tracking cookies. You can disable cookies in your browser, but this will prevent you from logging in.
10. Children's Privacy
The Service is not directed to individuals under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will notify account holders of material changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.
© 2026 Skolara · Terms of Service