Privacy Policy.

When you use Tralto, we may collect:

• Identifiers. Email address, account identifiers, and booking contact information.
• Chat and search data. The trips you describe, your preferences, and your conversational interactions with the service.
• Traveler details. Name, date of birth, sex (as on passport), phone number, and data required by airlines or border authorities for booking.
• Transaction information. Fare details, booking status, itinerary details, and payment-related identifiers.
• Technical data. Device, session, cookie, and log information needed to operate, secure, and improve the Services.

We collect this information to authenticate users, process natural-language flight searches, execute booking requests, communicate about your trips, detect fraud, and comply with the law.

We collect personal information directly from you, automatically from your device, and from third-party travel suppliers and payment processors.

A. Account, chat, and preference information

• Account identifiers, email addresses, and authentication metadata.
• Messages, prompts, and trip descriptions you submit through the chat interface.
• Interaction history, search attempts, and booking flow steps.

B. Traveler and booking information

• Full name, date of birth, sex as on passport (collected only where required for booking or border compliance), and contact details for traveler communications.
• Booking references, order identifiers, itinerary details, and booking status.

C. Payment and technical information

• Payment intent identifiers and tokenized payment artifacts. We do not intentionally store raw full payment card numbers or security codes in Tralto application databases. Our PCI-DSS compliant payment processors handle raw card data.
• IP address, browser and device information, operating system, and session identifiers.

We use personal information to:

• Interpret travel requests and provide conversational flight search results.
• Collect traveler details and submit booking requests to third-party suppliers.
• Process bookings, send confirmations, and provide customer support.
• Detect, prevent, and respond to fraud, abuse, and security incidents.
• Comply with legal and regulatory obligations.

Tralto relies on natural language processing and proprietary AI infrastructure to fulfill your search and booking requests.

A. Providing the Service. When you use our chat interface, we process your conversational inputs, trip descriptions, and travel parameters to execute your searches, interact with travel suppliers, and manage your bookings. This processing is strictly necessary to provide the Services to you.

B. Automated ranking and decision-making. We use automated algorithms to rank and display flight options based on your inputs and our logic. You may request additional information about how ranking works and, where required by applicable law, request review of certain automated processing by contacting support@tralto.com.

C. Model training and improvement. We also use aggregated logs to train, fine-tune, and improve our AI models. Before any data enters our training pipelines, we use automated processes designed to pseudonymize the data and remove or obfuscate direct identifiers, such as names, phone numbers, and booking confirmation codes.

D. Your choices and opt-out. You have the right to opt out of having your chat data used for AI model training or system improvement. Exercise this right at any time by emailing privacy@tralto.com or by visiting tralto.com/privacy-contact. Opting out will not affect your ability to use Tralto to search for and book travel.

We disclose personal information to the following categories of recipients:

• Travel and booking providers. Airlines, travel suppliers, and inventory providers necessary to execute your booking.
• Infrastructure vendors. Payment processors, cloud hosting, authentication, and email delivery vendors.
• Corporate transactions. Parties involved in a merger, acquisition, or sale of assets, subject to notice where legally required.
• Legal process. Regulators, courts, and law enforcement authorities where required by law.

We use cookies and similar technologies for essential site operation, authentication, session continuity, and security. Because we do not currently sell or share personal information for cross-context behavioral advertising, our operations do not presently rely on tracking cookies. If we later engage in activities that trigger browser-based opt-out obligations, we will implement support for applicable preference signals, including Global Privacy Control (GPC), where required by law.

We implement administrative, technical, and organizational safeguards designed to protect personal information. These implemented controls include encryption of data in transit and at rest, and role-based access controls for our systems. No system is perfectly secure, and we cannot guarantee absolute security.

We retain your personal information for as long as reasonably necessary to fulfill the purposes described in this Policy, maintain your account, and provide the Services. We determine the appropriate retention period based on the following criteria:

• Active relationship. The length of time we have an ongoing relationship with you and provide the Services to you.
• Dispute resolution and support. The time necessary to resolve travel disruptions, customer support inquiries, chargebacks, and potential legal claims.
• Legal and tax obligations. Booking and transaction records are typically retained for up to seven (7) years to satisfy applicable legal, tax, accounting, and regulatory recordkeeping requirements.
• User choices. If you opt out of secondary uses such as AI model training, your chat logs will be retained only as long as necessary to complete your immediate travel requests, execute customer support, and resolve related disputes.

The Services are primarily intended for and directed to residents of the United States who maintain a valid U.S. billing address. Tralto is not actively marketed or optimized for users outside the United States, and we do not currently tailor our Services to provide localized support for non-U.S. privacy or consumer protection laws (such as the GDPR in the EEA/UK, LGPD in Brazil, or similar frameworks).

Because many of our users travel internationally or access the Services while abroad, we do not restrict access based on geographic location. Your personal information will be processed and stored primarily in the United States and in other countries where our service providers (such as cloud hosting, payment processors, and travel suppliers) operate. These countries may have different data protection standards than your home jurisdiction.

If you are a resident of the European Economic Area, United Kingdom, Brazil, or another jurisdiction with specific data protection requirements, contact us at privacy@tralto.com or via tralto.com/privacy-contact. We will review your situation and, where appropriate, assist with the deletion of your account and associated personal information.

The Services are intended for adults 18 years of age or older. We do not knowingly allow minors to create accounts or use the Services on their own behalf. Adult users may provide personal information about minor travelers (such as a child’s name and date of birth) solely as necessary to complete a booking. By providing such information, you represent that you are the minor’s parent or legal guardian, or have verifiable authorization from the parent or legal guardian to provide it. If you believe a minor has provided personal information to us directly without such authorization, contact us at privacy@tralto.com or visit tralto.com/privacy-contact so we can review and delete the information.

Depending on your state of residence (including California, Colorado, Virginia, Connecticut, and others), you may have the right to know what personal information we collect, access specific pieces of data, correct inaccuracies, delete your information, or appeal a denied privacy request by replying to our decision email with the subject "Privacy Appeal."

We will respond to verifiable consumer requests within the timelines required by applicable law (typically 45 days, with one 45-day extension where permitted). To submit a privacy request, use either of our designated methods: email privacy@tralto.com or visit tralto.com/privacy-contact.

Sensitive personal information. Certain data, such as your date of birth, qualifies as Sensitive Personal Information (SPI) under California law. Tralto restricts its use and disclosure of SPI strictly to the permitted statutory purposes necessary to process your travel booking with airlines and border authorities. You may still submit a request to limit the use of your SPI.

Authorized agents. If you reside in a state that permits authorized agents to submit requests on your behalf, your agent may email privacy@tralto.com or submit a request via tralto.com/privacy-contact. We will require verification of your identity and proof of the agent’s authorization.

California privacy supplement. Under the CPRA, we collect the following statutory categories of personal information: Identifiers, Customer Records Information, Commercial Information, Internet or other electronic network activity information, and sensitive personal information. We use and disclose these categories for the business purposes described in Sections 3 and 5. We do not sell or share personal information as defined by California law. We do not have actual knowledge that we sell or share personal information of consumers under 16 years of age.

For privacy questions and requests, use the Privacy contact form or email us directly:

• Privacy: privacy@tralto.com
• Privacy contact form: tralto.com/privacy-contact

Legal correspondence only. Formal legal notices may be served at the address below. Privacy requests sent to this address will be directed back to the channels above and may delay our response.

Talebly, Inc. d/b/a Tralto c/o Legalinc Corporate Services Inc. 131 Continental Dr, Suite 305 Newark, DE 19713, US