1. Introduction
PNRev ("we," "our," or "us") is committed to protecting your privacy and the confidentiality of your data. This Privacy Policy explains how we collect, use, and safeguard information when you use our PNR processing and commission management service.
Given the sensitive nature of airline data and passenger information, we implement the highest standards of data protection and security.
2. Information We Collect
2.1 Account Information
When you register for PNRev, we collect:
- Name and contact information
- Travel agency details and business information
- Email address and phone number
- Payment information (processed by secure third-party providers)
- Account preferences and settings
2.2 PNR and Travel Data
To provide our commission processing service, we process:
- Passenger Name Records (PNRs) and booking details
- Flight information, routing, and fare data
- Commission calculations and results
- Historical transaction data for reporting
2.3 Airline Contract Information
We securely store and process:
- Airline commission contracts and agreements
- Contract terms, rates, and conditions
- Contract metadata and expiration dates
- Commission rules and calculation parameters
2.4 Technical Data
We automatically collect:
- IP addresses and device information
- Browser type and operating system
- Usage patterns and feature interactions
- Error logs and performance metrics
- API usage statistics
3. How We Use Your Information
We use the collected information to:
- Process PNRs and calculate accurate commissions
- Match bookings against applicable airline contracts
- Provide dashboard analytics and reporting
- Maintain and improve our service quality
- Provide customer support and technical assistance
- Send service updates and billing notifications
- Comply with legal and regulatory requirements
4. Data Security and Protection
4.1 Security Measures
We implement comprehensive security measures including:
- End-to-end encryption for all data transmission
- AES-256 encryption for data at rest
- Regular security audits and penetration testing
- Secure cloud infrastructure with access controls
4.2 Data Isolation
Each travel agency's data is completely isolated:
- No cross-agency data sharing or access
- Role-based access controls within agencies
- Audit logs for all data access
5. Data Sharing and Disclosure
We do not sell, trade, or rent your personal information. We may share data only in these limited circumstances:
5.1 Service Providers
We work with trusted third-party providers for:
- Cloud hosting and infrastructure
- Payment processing
- Email communications
- Analytics and monitoring tools
All providers are bound by strict confidentiality agreements and data processing agreements.
5.2 Legal Requirements
We may disclose information when required by law, including:
- Response to subpoenas or court orders
- Compliance with regulatory investigations
- Protection of our rights and property
- Prevention of fraud or illegal activities
6. Data Retention and Deletion
We retain data according to the following schedule:
- Active account data: Retained while account is active
- PNR processing data: 5 years for audit and tax purposes
- Contract data: Until contract expiration + 7 years
- Technical logs: 90 days
- Deleted account data: Securely purged within 90 days
7. Your Rights and Controls
You have the right to:
- Access your personal data and processing records
- Correct inaccurate or incomplete information
- Request deletion of your data (subject to legal requirements)
- Export your data in a portable format
- Object to certain types of processing
- Withdraw consent where processing is based on consent
8. GDPR and International Compliance
For users in the European Union, we ensure:
- Lawful basis for processing (contract performance, legitimate interest)
- Data Protection Officer available for inquiries
- Data Processing Agreements with all sub-processors
- Right to lodge complaints with supervisory authorities
- Regular compliance audits and assessments
9. Cookies and Tracking
We use cookies and similar technologies for:
- Essential functionality (authentication, security)
- Performance monitoring and analytics
- User preferences and customization
You can control cookie settings through your browser preferences.
10. Third-Party Services
Our service may integrate with third-party platforms such as:
- GDS systems (Amadeus, Sabre, Travelport)
- Agency management systems
- Accounting and reporting tools
We are not responsible for the privacy practices of these external services.
11. Data Breach Response
In the unlikely event of a data breach:
- We will notify affected users within 72 hours
- Relevant authorities will be notified as required by law
- We will provide clear information about the incident
- Remediation steps will be implemented immediately
12. Children's Privacy
PNRev is designed for business use by travel agencies. We do not knowingly collect information from children under 13. If we discover such information, we will delete it immediately.
13. Changes to Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Users will be notified of material changes via email and continued use indicates acceptance of the updated policy.
14. Contact Information
For privacy-related questions or to exercise your rights, contact us: