Privacy Policy

1. Introduction

Synaptic Momentum LLC, doing business as Cruising Intelligence ("Company," "we," "us," or "our"), operates the Cruising Intelligence platform at cruisingintelligence.com (the "Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Platform.

This Privacy Policy applies to all users of the Platform, including travel professionals who create accounts and access our cruise comparison, research, and AI-powered recommendation tools.

By creating an account and using the Platform, you consent to the collection and use of your information as described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

When you register for and use the Platform, we collect information that you voluntarily provide, including:

• Account Information: Name, email address, and password (stored as a bcrypt hash; we never store plaintext passwords).
• Professional Credentials: IATA number (personal or agency-affiliated) required for account verification.
• Payment Information: Payment details are collected and processed by Stripe, our third-party payment processor. We do not store your credit card number, bank account details, or other financial account information on our servers.
• Preferences: Unit system preference (imperial/metric), saved searches, and quiz responses.
• Communications: Any correspondence you send to us, including support requests and feedback.

2.2 Information Collected Automatically

When you access the Platform, certain information is collected automatically:

• Usage Data: Pages visited, features used, search queries, AI Chat queries and responses, time spent on pages, and interaction patterns.
• Device Information: Browser type, operating system, screen resolution, and device identifiers.
• Log Data: IP address, access timestamps, referring URLs, and error logs.
• Cookies and Local Storage: Session cookies for authentication (HttpOnly), unit preference stored in browser local storage, and Redis-based session caching.

2.3 Information We Do Not Collect

We want to be clear about information we do not collect:

• Client Data: We do not collect, store, or have access to any information about your clients or the travelers you serve.
• Booking Data: We do not track, record, or have visibility into any cruise bookings, reservations, or transactions.
• Commission Data: We have no access to your commission structures, earnings, or financial arrangements.
• Biometric Data: We do not collect fingerprints, facial recognition data, or any biometric identifiers.

3. How We Use Your Information

3.1 Platform Operation

• To create and manage your account.
• To authenticate your identity and verify your IATA credentials.
• To process subscription payments through Stripe.
• To provide access to Platform features based on your subscription tier.
• To enforce rate limits on AI Chat usage.

3.2 Service Improvement

• To analyze usage patterns and improve Platform features.
• To monitor AI Chat query quality and tool routing accuracy.
• To identify and fix technical issues.
• To understand which features are most valuable to users.

3.3 Communication

• To send transactional emails (account verification, password reset, subscription confirmations).
• To send subscription-related notifications (trial expiration, payment reminders, plan changes).
• To respond to support requests and inquiries.
• To notify you of material changes to these policies or the Platform.

3.4 Security

• To detect, prevent, and respond to fraud, abuse, or security incidents.
• To verify the validity of IATA credentials.
• To enforce our Terms of Service.

4. AI Chat Data Handling

The AI Chat feature is powered by Anthropic's Claude AI. When you use the AI Chat:

• Your queries are sent to Anthropic's API for processing along with relevant database context needed to answer your question.
• AI Chat queries, tool invocations, and responses are logged in our database for usage tracking, billing, and quality improvement.
• We track the number of queries per user for subscription billing and rate limiting.
• Query logs may be reviewed to improve AI tool routing and response quality.
• We do not use your AI Chat data to train AI models.

Anthropic's processing of data transmitted through the API is subject to Anthropic's privacy policy and data processing terms. We encourage you to review Anthropic's policies at anthropic.com/privacy.

5. How We Share Your Information

We do not sell, rent, or trade your personal information to third parties. We share your information only in the following limited circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

5.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental regulation, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

5.3 Business Transfer

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Platform of any change in ownership.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Platform's services. Specifically:

• Account Data: Retained for the duration of your account and for 90 days after account deletion.
• AI Chat Logs: Retained for up to 12 months for billing reconciliation and quality improvement, then aggregated and anonymized.
• Payment Records: Retained as required by applicable tax and financial regulations (typically 7 years).
• Usage Analytics: Aggregated and anonymized after 24 months.
• Support Communications: Retained for 24 months after the last interaction.

You may request deletion of your account and associated data at any time by contacting us at the email address listed below. Upon receiving a verified deletion request, we will delete your personal data within 30 days, except where retention is required by law.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption: All data in transit is encrypted using TLS/HTTPS. Passwords are hashed using bcrypt with 12 rounds of salting.
• Authentication: JWT-based session tokens stored in HttpOnly cookies, preventing client-side script access.
• Access Controls: Role-based access control limits data access to authorized personnel.
• Infrastructure: The Platform is hosted on Railway with managed PostgreSQL and Redis instances in secure data centers.
• Payment Security: All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor.

While we strive to protect your personal information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security and encourage you to use strong, unique passwords for your account.

8. Cookies and Tracking Technologies

The Platform uses the following technologies:

• Session Cookies: Essential HttpOnly cookies used for authentication. These are required for the Platform to function and cannot be disabled.
• Local Storage: Used to store your unit preference (imperial/metric). This data never leaves your browser.
• Redis Cache: Server-side caching for performance optimization.

We do not use third-party tracking cookies, advertising cookies, or social media tracking pixels. We do not participate in ad networks or behavioral advertising.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete personal information.
• Deletion: Request deletion of your personal information, subject to legal retention requirements.
• Portability: Request your data in a structured, machine-readable format.
• Restriction: Request that we restrict the processing of your personal information.
• Objection: Object to our processing of your personal information for certain purposes.
• Withdraw Consent: Where processing is based on consent, withdraw your consent at any time.

To exercise any of these rights, please contact us using the information provided in Section 14 below. We will respond to verified requests within 30 days.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
• We do not sell personal information as defined under the CCPA.
• We do not share personal information for cross-context behavioral advertising.

11. International Data Transfers

The Platform is hosted in the United States. If you are accessing the Platform from outside the United States, please be aware that your information will be transferred to and processed in the United States. By using the Platform, you consent to such transfers. We will take reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

12. Children's Privacy

The Platform is designed for professional travel advisors and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child under 18, please contact us immediately and we will take steps to delete such information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by:

• Sending an email to the address associated with your account.
• Displaying a prominent notice on the Platform.

Material changes will take effect 30 days after notification. Continued use of the Platform after the effective date constitutes acceptance of the updated Privacy Policy.

14. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact: