Generally, we collect four (4) types of information about you: (A) information and content you give us directly; (B) information we obtain automatically when you use our Service; (C) demographic information; and (D) information we get about you from other sources. When we talk about “Personal Information” in this Privacy Policy, we are talking about any information collected in accordance with this section. Please see below for more information on each category.

Information and Content You Give Us Directly
1. Personal Information. Personal information, such as your name, address, e-mail address, username, password, phone number, and any other information you directly provide us on or through the Service.
2. Email Correspondences. Records and copies of your email messages together with your email address and our responses, if you choose to correspond with us through email.
3. Transaction Information. We or service providers working on our behalf may collect information and details about any purchase or transactions made on the Service. This includes payment information, such as your credit or debit card number and other card information; other account and authentication information; and billing, shipping, and contact details. We do not collect or store payment card information ourselves; rather we rely on third party payment processors (e.g., Stripe) or third party app store or distribution platforms (like the Apple App Store, Google Play or the Amazon Appstore) where the App is made available (each, an “App Provider”) to store and process this information as part of the Service.
4. Travel Information. We may collect airline account, booking and itinerary information and details about your flight(s), such as price paid, account number, ecredit balance, ticket number, confirmation number, origin and destination location, dates of travel, and any other information relevant to your airline account and/or booking that you (or the airline on your behalf) directly provide us on or through the Service.
Information We Obtain Automatically When You Use Our Service
1. Activity Information. Details of your visits to our Service, including the types of content you view or engage with; the features you use; the actions you take; the people or accounts you interact with; the time, frequency, and duration of your activities; and other information about your use of and actions on the Service.
2. Equipment Information. Information about your computer and internet connection, including your device or computer operating system, IP address, browser type, and browser language.
3. Location Information. Information about the location of your device, including GPS location, for purposes of enhancing or facilitating the Service. For example, we may use information about the location of the device you are using to help us understand how the Service and functionality are being used and to deliver more relevant advertising. If you do not want to share your location, you can disable location sharing in the settings on your device.
4. Cookies, Pixel Tags/Web Beacons, and Other Technologies. Cookies, pixel tags, web beacons, clear GIFs, javascript, entity tags, HTML5 local storage, resettable device identifiers, or other similar technologies (collectively, the “Technologies”) may be used by us, as well as third parties that provide the content, advertising, or other functionality on the Service to automatically collect information through your use of the Service. Please see Section 8 for more information on the technologies we may use for this automatic data collection.
Demographic Information

We may collect demographic, statistical, or other aggregate information that is about you, but individually does not identify you. Some of this information may be derived from Personal Information, but it is not Personal Information and cannot be tied back to you. Examples of such aggregate information include gender, age, and race.

Information We Get About You from Other Sources

We may receive information about you from other sources and add it to our information, including from third-party services and organizations who have the right to provide us with such information. We protect this information according to the

practices described in this Privacy Policy, plus any additional restrictions imposed by the source of the data. These sources may include: online and offline data providers, from which we obtain demographic, interest-based, and online advertising related data; publicly-available sources such as open government databases or social networks; and service providers who provide us with information, and updates to that information, based on their relationship with you. By gathering additional information about you, we can correct inaccurate information, enhance the security of your transactions, and give you product or service recommendations and special offers that are more likely to interest you.

We may use the information we collect about you in a variety of ways, to provide our Service, for administrative purposes, and to market and advertise our Service and products.

We Use Your Personal Information to Provide Our Service
We may use your Personal Information to:
1. provide the Service and its content to you.
2. respond to comments, questions, and provide customer service.
3. fulfill any other purpose for which you provide Personal Information.
4. communicate with you about an account.
5. inform you about important changes to, or other news about, the Service or any of its features or content.
We Use Your Information for Administrative Purposes
We may use your Personal Information to:
1. operate, maintain, improve, personalize, and analyze the Service.
2. monitor and analyze trends, usage, and activities for marketing or advertising purposes.
3. detect, prevent, or investigate security breaches, fraud, and other unauthorized or illegal activity.
4. carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
5. maintain appropriate records for internal administrative purposes.
6. allow you to participate in interactive features on the Service.
7. develop, improve, train, and analyze our predictive and non-predictive models, both experimental and underlying the Service.
We Use Your Information to Market and Advertise Our Service and Products.
We may use your Personal Information to:
1. send promotional communications, such as information about features, newsletters, offers, promotions, contests, and events.
2. share information across Service and devices to provide a more tailored and consistent experience on the Service.
3. develop, test, and improve new products or services, including by conducting surveys and research and testing and troubleshooting new products and features.

We offer features within the service that allows you to integrate your Google and Microsoft account with our Service. This optional integration requires your explicit consent and authorization. The integration allows us to view basic details about your Google and/ or Microsoft account as well as access to your email inbox for use in a read-on capacity. Specifically, we may collect and use information such as email metadata (e.g., sender and recipient addresses, subject lines, timestamps) and email content for emails anticipated to be airline booking correspondence relevant to the service. The purpose of which is to enhance user experience by removing the need to manually forward emails to us for the service to work.

We want to assure you that:

i. our automated integration accesses emails to the extent necessary and authorized by you. Our access is strictly read-only, and we do not have the ability to send emails from your account. We only access emails firmly believed to be relevant to the service.

ii. We do not share email data obtained through Gmail or Microsoft Graph integrations with third parties, except as necessary to provide the Service or as outlined in this Privacy Policy.

iii. We do not share email data obtained through Gmail or Microsoft Graph integrations with third parties, except as necessary to provide the Service or as outlined in this Privacy Policy.

iv. You can revoke our access to your email account at any time through your email provider's settings, after which we will no longer access your email data.

v. We explicitly affirm that Google Workspace APIs are not used to develop, improve, or train generalized AI and/or ML models.

We may use WhatsApp to communicate with you regarding the service. By providing your phone number and explicitly opting in, you consent to receive communications from us via WhatsApp, which may include customer support exchanges, notifications about your account, service updates, and promotional messages, if you have agreed to receive such marketing communications.

When communicating with us through WhatsApp, we may collect information such as your phone number, message content, timestamps, and any other information you choose to provide to us. This information is used to provide and improve our Service, respond to your inquiries, and send updates or marketing communications in accordance with your preferences.

We prioritize the security of your information and use reasonable measures to protect data transmitted via WhatsApp. We do not share your WhatsApp data with third parties except as necessary to operate our Service or as required by law.

You have the right to manage your communication preferences with us, including opting out of receiving messages via WhatsApp. To opt out, please change your preferences in the 'account' page, or follow any opt-out instructions provided in the messages.

We may share or disclose aggregated or anonymized information about our users to third parties for a variety of business purposes without any restrictions, including to provide our Service and/or to protect us or others. We may share or disclose information in the event of a major business transaction such as a merger, sale, or asset transfer. The following circumstances describe in additional detail the ways we may share or disclose your Personal Information that we collect or that you provide under this Privacy Policy:

We Disclose Your Information to Provide Our Service
1. Subsidiaries and Affiliates. We may share your Personal Information with our parent companies, subsidiaries, joint ventures, and affiliated companies for purposes of management and analysis, decision-making, and other business purposes, consistent with this Privacy Policy. Legal basis: Art. 6(1)b GDPR (situation similar to contract).
2. Service Providers. We may share your Personal Information with our third-party service providers, contractors, and any other similar third parties that help us provide our Service. This may include service providers that help us with generative AI services, analytics services or support services, website hosting, email and postal delivery, location mapping, product and service delivery. Service providers are bound by contractual obligations to keep Personal Information confidential and use it only for the purposes for which we disclose it to them. Legal basis: Art. 6(1)a GDPR (consent); Art. 6(1)b GDPR (situation similar to contract).
3. Advertising/Marketing Service Providers. We may share your Personal Information with marketing service providers to assess, develop, and provide you with promotions and special offers that may interest you, administer contests, sweepstakes, events, or for other promotional purposes. Legal basis: Art. 6(1)f GDPR (legitimate interest).
4. Consent or to Fulfill the Purpose that Information was Provided. We may share your Personal Information to fulfill the purpose for which you provide that information, with your consent, or for any other purpose disclosed by us when you provide the information. Such purposes may include sharing your Personal Information with airlines for the purpose of providing you the Service. Legal basis: Art. 6(1)a GDPR (consent); Art. 6(1)b GDPR (situation similar to contract).
5. Improvement of Analytics and Research Studies. We may share your Personal Information with research associates and other third-party research organizations to assess, develop, improve, train, and exchange predictive/generative modeling and data analytics for purposes of improving outcomes. For example, we may use your Personal Information as a part of a data set that will be used to improve the accuracy of our product outcomes predictive/generative modeling algorithms or in connection with various Company product studies. Legal basis: Art. 6(1)f GDPR (legitimate interest).
We May Disclose Your Information in the Event of a Merger, Sale or Other Asset Transfers

If we become involved in a merger, acquisition, financing due diligence, divestiture, restructuring, reorganization, bankruptcy, dissolution, sale, or transfer of some or all of

our assets (whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding), or transition of Service to another provider, your Personal Information may be sold or transferred to business entities or people involved in such process. Legal basis: Art. 6(1)f GDPR (legitimate interest).

We Disclose Your Information to Protect Us or Others

1. When Required by Law. We may share your Personal Information to comply with any court order, law, or legal process, including to respond to any government or regulatory request. Legal basis: Art. 6(1)c GDPR (legal obligation).
2. To Enforce Our Rights. We may share your Personal Information to enforce or apply this Privacy Policy, our Terms of Service, and other agreements, including for billing and collection purposes. Legal basis: Art. 6(1)b GDPR (situation similar to contract).
3. To Protect Lawful Interests. We may share your personal information if we believe disclosure will help us protect the rights, property, or safety of Company, our users, partners, agents, and others. This may include exchanging information with other companies and organizations for fraud protection, and spam and malware prevention. Legal basis: Art. 6(1)b GDPR (situation similar to contract); Art. 6(1)f GDPR (legitimate interest).

Personal Information that you post on or through the public areas of the Service (e.g., blog comments, forums, chat rooms, bulletin boards, and discussion groups) are generally accessible to, and may be collected and used by, others which may result in unsolicited messages or other contact from others. Users of the Service are encouraged to exercise caution when providing personal information about themselves in public or interactive areas.

You have certain choices and rights with respect to your privacy. For example, you may be able to opt out of receiving marketing messages from us, make choices regarding cookies, and exercise other privacy rights under applicable law.

Mechanisms to Control Your Information

1. Cookies and Other Tracking Technologies. You may be able to set your browser to reject cookies and certain other technologies by adjusting the appropriate settings in your browser. Each browser is different, but many common browsers have preferences that may be adjusted to allow you to either accept or reject cookies and certain other technologies before they are set or installed, or allow you to remove or reject the use or installation of certain technologies altogether. We recommend that you refer to the “Help” menu in your browser to learn how to modify your browser settings. If you disable or refuse cookies, please note that some parts of the Service may become inaccessible or may not function properly.
2. Communications from Company. If you do not wish to have your contact information used by Company to promote our own or third-party products or services, you can opt-out by: (1) informing us of your preference at the time you sign up for your Service account (if applicable), or complete any other form on or through the Service which we collect your data; (2) modifying your user preferences in your account profile by checking or unchecking the relevant boxes; (3) following the opt-out instructions at the bottom of the promotional emails we send you; or (4) sending us an email stating your request. Please note that we may also send you non-promotional communications, however you will not be able to opt-out of these communications (e.g., transactional communications, including emails about your account; communications regarding our Service; and communications about updates to this Privacy Policy and the Terms of Service).
3. “Do Not Track”. "Do Not Track" (“DNT”) is a privacy preference you can set in certain web browsers. When you turn on this preference, it sends a signal or message to the websites you visit indicating that you do not wish to be tracked. Please note that we currently do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from data partners and other advertising partners that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.

Accessing and Correcting Your Information
In accordance with applicable law, you may have the right to:
1. Access Personal Information. You may access Personal Information about you, including: (1) confirming whether we are processing your Personal Information; (2) obtaining access to or a copy of your Personal Information; and (3) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company (the "right of data portability").
2. Request Correction of Personal Information. You may request correction of your Personal Information where it is inaccurate, incomplete, or improperly possessed.
3. Request Deletion/Erasure of Personal Information. You may request deletion/erasure of your Personal Information held by us about you. Please note: we cannot delete your Personal Information except by also deleting your account.
4. Restrict/Opt-out of Processing. You may request to restrict/opt-out of the processing of your Personal Information, including for the purpose(s) of: (1) targeted advertising; (2) sale or sharing of personal information; or (3) profiling to make decisions that have legal or other significant effects on you. [Note to pAiback: Do you currently have this opt-out functionality on the homepage?]
5. Withdraw Consent. You may have the right to withdraw consent where such consent is required to share or use Personal Information.
If you would like to exercise any of these rights, you may send us an email to request access to, correction of or removal of any Personal Information that you have provided to us. We will process such requests in accordance with applicable law.
The following are additional Consumer Privacy Rights:
1. Non-Discrimination. Residents have the right not to receive discriminatory treatment by covered businesses for the exercise of their rights conferred by the applicable privacy law.
2. Verification. To protect your privacy, we will take the following steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which may include asking you to answer questions regarding your account and use of our Service.
State Specific Privacy Rights

A number of states require us to provide residents of those states with additional information and rights. Please click [here] to see a list of those states and links to the state-specific disclosures

Your Right to Appeal

If you are dissatisfied with the refusal of Company to take action in accordance with the exercise of your rights in the “Accessing and Correcting Your Information” section above, you may request reconsideration by Company, by sending a written request for reconsideration to the mailing address found in the “Contact Information” section below. Within sixty (60) days of Company’s receipt of such written request for reconsideration, Company shall inform you in writing (at the address indicated in your initial written request) of any action taken or not taken in response to your request for reconsideration, including a written explanation of the reasons for the decision. In addition, if your request for reconsideration is denied, you have the right to appeal to the applicable supervisory authority in your jurisdiction of residence (see subsection (D) below and the state-specific privacy notices for more information).

Complaints to Data Protection Authority

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.

We have implemented safeguards reasonably designed to secure your Personal Information. Such safeguards include the implementation of various technical, physical, administrative and organizational security measures intended to reduce the risk of loss, misuse, unauthorized access, disclosure, or modification of your information. All information you provide to us is stored on our secure servers behind firewalls.

The safety and security of your information is also dependent on you. If we have given you (or where you have chosen) a password for access to certain parts of the Service, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

While we have employed security technologies and procedures to assist safeguarding your Personal Information, no system or network can be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information you provide to us. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Service.

If you provide Personal Information through the Service, you acknowledge and agree that such Personal Information may be transferred from your current location to the offices and servers of Company and the other third parties referenced in this Privacy Policy located in the Republic of Ireland or other countries, which may have data protection laws that are different from the laws where you live. We endeavor to safeguard your information consistent with the requirements of such laws, where applicable.

We keep your information for the length of time needed to carry out the purpose outlined in this Privacy Policy and to adhere to our policies on keeping records (unless a longer period is needed by law). Our records policies reflect applicable laws. We will retain and use your information to the extent necessary to manage your relationship with us, personalize and improve your overall customer experience, and to comply with our legal obligations. Where we retain data, we do so in accordance with our record retention policies and any limitation periods and records retention obligations that are imposed by applicable law.

Description of the Technologies

We as well as third parties that provide the content, advertising, or other functionality on the Service may use Technologies to automatically collect information through your use of the Service. The following describes some of these Technologies we may use for this automatic data collection:

Cookies. A cookie is a small data file stored on the hard drive of your computer either for (a) the duration of your visit on a website ("session cookies") or (b) for a fixed period ("persistent cookies"). Cookies contain information that can later be read by a web server. We may use cookies to provide you with a more personal and interactive experience on the Service.

Web Beacons. Web beacons are small files that are embedded in webpages, applications, and emails (also known as "clear gifs", "pixel tags", "web bugs", and "single-pixel gifs") that collect information about engagement on our Service. For example, web beacons allow us to track who has visited those webpages or opened an email, to test the effectiveness of our marketing, and for other related website statistics.

JavaScripts. JavaScripts are code snippets embedded in various parts of websites and applications that facilitate a variety of operations including accelerating the refresh speed of certain functionality or monitoring usage of various online components.

Entity Tags. Entity Tags are HTTP code mechanisms that allow portions of websites to be stored or "cached" within your browser and validates these caches when the website is opened, accelerating website performance since the web server does not need to send a full response if the content has not changed.

HTML5 Local Storage. HTML5 local storage allows data from websites to be stored or "cached" within your browser to store and retrieve data in HTML5 pages when the website is revisited.

Resettable Device Identifiers. Resettable device identifiers (also known as "advertising identifiers") are similar to cookies and are found on many mobile devices and tablets (for example, the "Identifier for Advertisers" or "IDFA" on Apple iOS devices and the "Google Advertising ID" on Android devices), and certain streaming media devices. Like cookies, resettable device identifiers are used to make online advertising more relevant.

Our Uses of the Technologies

We may also use these technologies for security purposes, to facilitate navigation, to display information more effectively, and to better serve you with more tailored information, as well as for website administration purposes, e.g., to gather statistical information about the usage of our websites in order to continually improve the design and functionality, to understand how users use our websites, and to assist us with resolving questions regarding use of the websites.

Mechanisms to Control Cookies and Other Technologies

You may be able to set your browser to reject cookies and certain other technologies by adjusting the appropriate settings in your browser. Each browser is different, but many common browsers have preferences that may be adjusted to allow you to either accept or reject cookies and certain other technologies before they are set or installed, or allow you to remove or reject the use or installation of certain technologies altogether. We recommend that you refer to the “Help” menu in your browser to learn how to modify your browser settings. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of the Service may become inaccessible or may not function properly.

Third Party Technologies

This Privacy Policy covers the use of cookies by Company and does not cover the use of tracking technologies by any third parties. The Service may contain links, content, advertising, or references to other websites or applications run by third parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies or other tracking technologies to collect information about you when you interact with their content on the Service, such as member recruitment vendors to using Web beacons and cookies on our registration pages for payment verification. The information they collect may be associated with your Personal Information or they may collect information about your online activities over time and across different websites. Please be aware that we do not control these third parties' tracking technologies or when and how they may be used. Therefore, Company does not claim nor accept responsibility for any privacy policies, practices, or procedures of any such third party. We encourage you to read the privacy statements and terms and conditions of linked or referenced websites you enter. We do not endorse, screen, or approve, and are not responsible for the practices of such third parties or the content of their application or website. Providing Personal Information to third-party websites or applications is at your own risk. If you have any questions about an ad or other targeted content, you should contact the responsible provider directly.

Generative AI

The Service may use generative artificial intelligence (AI) (i.e., ChatGPT) to analyze information and to assist us in providing the Service. You can learn about OpenAI’s practices by going to https://openai.com/policies/privacy-policy.

We are especially committed to protecting the privacy of children. Company’s Service is directed at a general audience over the age of eighteen (18) and are not intentionally targeted to children, and Company does not knowingly collect personal information directly from children under the age of thirteen (13) (“Child” or “Children”). However, due to the nature of the Service provided, Company does knowingly collect, travel information, which may include personal information, about Children. The personal information of Children that

Company collects, uses and/or discloses is limited to the information provided directly by that Child’s parent or guardian on the Child’s behalf as necessary to provide the Service. Company does not knowingly use and/or disclose information we collect about Children for marketing or promotional purposes, nor do we permit our affiliates, third-party service providers or other third parties with whom we share such information to do so. If we learn that we have inadvertently collected or received Personal Information from a Child, we will use reasonable efforts to immediately remove such information, unless we have a legal obligation to keep it. If you are a parent or legal guardian and think your Child has given us information without your consent, please contact us via the information found in the “Contact Information” section below.

We reserve the right to update this Privacy Policy from time to time in order to reflect, changes to our practices or for other operational, legal, or regulatory reasons. When we do update this Privacy Policy, we will post the updates and changes on our website. We may elect to notify you of material changes by mail, email, posting of modified Privacy Policy, or some other similar manner. However, it is your responsibility to check our website regularly for changes to this Privacy Policy. Your continued use of or access to the Service following the posting of any changes to this Privacy Policy constitutes acceptance of those changes.

Our Service may offer links to websites or applications that are not run by us but by third parties. These third-party services, websites or applications are not controlled by us, and may have privacy policies that differ from our own. We encourage our users to read the privacy policies and terms and conditions of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for the practices of such third parties or the content of their application or website. Providing Personal Information to third-party websites or applications is at your own risk.

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at support@paiback.app.