Privacy Policy

This Privacy Policy describes how Ottimo.AI ("we," "us," or "our") collects, uses, and protects your personal information when you use the ottimo.ai platform (the "Service"). By using the Service, you agree to the practices described here.

1. Information We Collect

Account information: When you register, we collect your email address and a password (stored in hashed form via AWS Cognito). We do not collect your real name, phone number, or physical address unless you voluntarily provide them.

Trip preferences: When you create a trip, we collect the destinations, travel dates, budget range, activity preferences, and any free-text requirements you enter. This data is used to generate your personalised itinerary.

Usage data: We collect standard log data such as your IP address, browser type, device type, pages visited, and timestamps. This data is used to maintain security, diagnose technical issues, and understand how the Service is used in aggregate.

Cookies: We use essential cookies required for authentication and session management. We do not currently use advertising or third-party tracking cookies. If this changes in the future, we will update this policy and, where required, request your consent.

2. How We Use Your Information

We use your information to: operate and improve the Service; generate personalised itineraries using AI; display publicly shared trips to other users (only when you opt in); communicate with you about your account or the Service; prevent fraud, abuse, and security threats; and comply with legal obligations.

3. AI Processing

Your trip preferences are sent to third-party AI providers (such as Anthropic or Google) to generate itineraries. These providers process your preferences under their own data processing agreements. We do not send your email address or account credentials to AI providers — only the trip-related inputs you provide. We encourage you to review the privacy policies of these AI providers if you have concerns about how they handle data.

4. Third-Party Booking Links

When you click a booking link on Ottimo.AI (for example, to Booking.com, Viator, or an airline), you leave our platform and enter the website of a Third-Party Provider. At that point, the Third-Party Provider's privacy policy governs how your data is collected and used. We may include affiliate tracking identifiers in these links to attribute bookings for our referral programmes. These identifiers do not contain your personal information. We strongly encourage you to review the privacy policy of any Third-Party Provider before providing them with personal or payment information. Ottimo.AI does not receive, store, or have access to any payment card details, passport information, or other sensitive data you share with Third-Party Providers.

5. Data Storage and Security

Your data is stored using Amazon Web Services (AWS) infrastructure, including DynamoDB for trip data and Cognito for authentication. Data is encrypted in transit (TLS) and at rest. We implement reasonable technical and organisational measures to protect your data. However, no system is completely secure, and we cannot guarantee absolute security.

6. Data Sharing

We do not sell your personal information. We share data only in the following circumstances: with AI providers to generate your itineraries (trip preferences only, as described above); with service providers who assist in operating the platform (such as AWS); when required by law, regulation, or legal process; and to protect the rights, safety, or property of Ottimo.AI, our users, or the public.

7. Your Rights

Depending on your jurisdiction, you may have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; object to or restrict certain processing; and request data portability. You can delete your trips at any time from your dashboard. To request account deletion or exercise other rights, please contact us via the channels listed on ottimo.ai. We aim to respond to all rights requests within 30 days.

8. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law or necessary for legitimate business purposes (such as fraud prevention). Anonymised, aggregated data that cannot identify you may be retained indefinitely for analytics and service improvement.

9. International Transfers

Your data may be processed in countries outside your country of residence, including the United States (where AWS infrastructure is located). Where such transfers occur, we rely on appropriate safeguards such as AWS's data processing agreements and standard contractual clauses.

10. Children

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where practicable, notify registered users. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please reach out via the contact channels listed on ottimo.ai.