Privacy Policy — RoamAIo

✦ Last updated: March 2026

Contents

Data We Collect
How We Use Your Data
Affiliate Links & Third Parties
Cookies & Tracking
AI Itinerary Generation
Data Retention
Your Rights
Security
Children's Privacy
Contact Us

RoamAIo ("we", "our", "us") operates the website at roamaio.com. This Privacy Policy explains what personal data we collect when you use our service, how we use it, and what rights you have over it. We comply with the EU General Data Protection Regulation (GDPR), the Indian Digital Personal Data Protection Act 2023 (DPDPA), and other applicable privacy laws.

1. Data We Collect

We collect the minimum data needed to operate the service:

Information you provide: email address (if you subscribe to our newsletter or create an account), your trip preferences (destination, budget, travel style), and any messages you send via the Contact form.
Usage data: pages visited, time on site, buttons clicked, and the itineraries you generate — collected anonymously or pseudonymously via analytics tools.
Device & browser data: IP address, browser type, operating system, and referral URL — collected automatically by our hosting provider (Netlify) and analytics tools.
Booking data: when you click an affiliate link to Aviasales, Hotellook, or Viator, those platforms receive the data you enter on their sites. We do not receive your payment or booking details.

We do not collect sensitive personal data such as health information, biometric data, political opinions, or financial account numbers.

2. How We Use Your Data

To generate AI travel itineraries in response to your requests.
To send the RoamAIo newsletter if you have subscribed (you may unsubscribe at any time).
To respond to enquiries submitted through the Contact page.
To analyse how the site is used so we can improve it.
To detect and prevent spam, abuse, or security threats.

We do not sell your personal data to any third party. We do not use your data for automated decision-making that produces legal effects on you.

3. Affiliate Links & Third Parties

Affiliate disclosure: RoamAIo participates in the Travelpayouts affiliate programme. When you click a "Search Flights", "Find Hotels", or similar button, you are directed to a third-party booking platform (Aviasales, Hotellook, Viator, or Rentalcars). If you make a booking, we may receive a small commission at no extra cost to you. This commission is what allows us to keep RoamAIo free.

Once you leave RoamAIo and visit a third-party platform, that platform's own privacy policy applies. We recommend reviewing:

4. Cookies & Tracking

We use the following types of cookies:

Essential cookies: required for the site to function (e.g. session state, CSRF protection). These cannot be disabled.
Analytics cookies: help us understand site usage in aggregate (e.g. page views, popular destinations). We use privacy-first analytics that anonymise IP addresses and do not build individual user profiles.
Affiliate tracking cookies: set by Travelpayouts when you click a booking link, to attribute any resulting commission to RoamAIo. These cookies remain on your device for up to 30 days after clicking.

You can manage or delete cookies through your browser settings at any time. Disabling affiliate cookies will not affect your ability to book — it just means we may not receive a commission for the referral.

5. AI Itinerary Generation

Itineraries are generated using Google's Gemini API. When you request an itinerary, we send your trip description (destination, days, budget, travel style) to Google's servers for processing. We do not send your name, email, or any other personally identifying information as part of this request.

Please review Google's Privacy Policy for information on how Google handles API data. As of the date of this policy, Google states it does not use Gemini API inputs to train its models unless you have opted in.

6. Data Retention

Newsletter subscribers: retained until you unsubscribe.
Contact form submissions: retained for up to 12 months, then deleted.
Analytics data: retained in aggregate, anonymised form for up to 24 months.
Server logs: retained for up to 30 days by our hosting provider (Netlify) for security purposes.

We do not store the itineraries you generate. Each generation is stateless — we do not build a history of your travel requests.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: request a copy of the personal data we hold about you.
Rectification: ask us to correct inaccurate or incomplete data.
Erasure ("right to be forgotten"): ask us to delete your personal data.
Restriction: ask us to restrict processing of your data in certain circumstances.
Portability: receive your data in a structured, machine-readable format.
Objection: object to processing based on legitimate interests.
Withdraw consent: unsubscribe from our newsletter at any time via the link in any email, or by contacting us below.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. Security

We implement reasonable technical and organisational measures to protect your data, including HTTPS encryption in transit and access controls on our systems. However, no internet transmission is 100% secure. If you believe your data has been compromised, please contact us immediately at [email protected].

9. Children's Privacy

RoamAIo is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Contact Us

For any privacy-related questions, requests, or complaints:

Email: [email protected]
Website: roamaio.com/contact

If you are located in the EU and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

We may update this Privacy Policy from time to time. Material changes will be communicated via a notice on the website. The "Last updated" date at the top of this page will always reflect the current version.