Privacy Policy

Last Updated: February 10, 2020

We at Yapta, Inc. (“Yapta”) are committed to protecting privacy.

Our corporate and consumer services help save our customers money on travel by alerting or automatically reticketing to lower fares for both flights and hotels.

We may have to collect personal data to provide enough detail to find and track airfare and hotel pricing for a match. The information added either by site visitors providing their contact information, by a consumer adding information, or through the integration of our services to Global Distribution Systems, is stored and managed on Yapta’s servers. This information is then either used to contact visitors about their interest in the company’s goods or services, to interact with the company, or to track and alert users to lower fares.

As a company with its headquarters in the United States, we conform our data use to the European Union’s (“EU”) General Data Protection Regulation (“GDPR”). Yapta has updated this Privacy Policy to account for the United Kingdom’s transition from the EU in regard to Brexit. Therefore, in our Privacy Policy, we explain what we do, how we do it, your choices, and how we may need your cooperation to help you stay safe.

You want to review each of these sections on this page:

  1. Our Policy Aims
  2. Your Rights
  3. When Our Privacy Policy Applies
  4. When Our Privacy Policy Does Not Apply
  5. Disclosing Your Personal Data to Third Parties
  6. International Transfers of Your Personal Data
  7. Sharing of Information among Yapta Entities
  8. Storage, Retention, and Deletion of Your Personal Data
  9. Data Security
  10. Other Jurisdictions
  11. Policy Changes
  12. Contacting Us
  13. Data Protection Officer

1. Our Policy Aims

1.1 The Yapta Privacy Policy applies to Yapta, Inc. (“Yapta”) and unless specified, its subsidiaries and any contractors, representatives, and agents while they are working on our behalf (collectively “we,” “us” or “our”).

1.2 This Privacy Policy applies to our website (, our Consumer Site (, our Customer Portals (,,, our Pricing Services (FIQ, RIQ), and our mobile applications (Mobile Apps) owned and controlled by Yapta, (hereafter, the terms “Yapta Services” will refer to all of these elements).

1.3 Our Privacy Policy explains the processing of your personal data by us and establishes what information we collect, or which is provided to us, and how we use and protect your personal data in compliance with applicable law.

1.4 Personal data refers to any information relating to an identified or identifiable natural person (“data subject”), where this identification can be made directly or indirectly, by means of identifiers such as your name, your travel itineraries, passenger name records (“PNRs”), ticketing information, email address, phone number, online identifiers such as cookies in some circumstances, your location, your genetic, economic, cultural or social identity or other information that is specific to you.

1.5 We do not mean information that only refers to a business corporation or organization. We also do not mean information that has been “anonymized,” either by removing or de-identifying all specific identifiers. Anonymous data is not personal data when the anonymization is irreversible. When we refer to anonymous data, we mean data that cannot be reversed into personal data.

1.6 As a data controller, we commit ourselves to protecting the privacy of our website visitors and users of our products and services with respect to the processing of your personal data.

1.7 Certain Yapta Services require users to upload or otherwise submit travel related information, including information about individual travel itineraries, passenger name records (“PNRs“), ticketing information, booked fares, service fees, and related travel data (collectively, “Your Data“). As between you and us, you agree that you are solely responsible for Your Data. Without limitation, you are responsible for the accuracy, relevance and timeliness of Your Data. You are also responsible for securing all rights and/or permissions needed for Yapta to use Your Data.

1.8 Where we collect and process your personal data, we will limit the collection and retention to what is adequate, relevant and necessary for our purposes and it will be kept in a form which allows for your identification no longer than necessary for the purpose for which we process your personal data. We refer to this as data minimisation.

1.9 Where we store your personal data for longer periods for statistical purposes, as permitted, we will use appropriate safeguards.  Applicable law defines ‘statistical purpose’ as any collection of personal data, where the result of processing is for aggregate data, so the personal data we collect from you is anonymized or pseudonymized.

1.10 Our policy provides you with the legal bases for the collection of your personal data, lets you know how long personal data is stored and the reasons why, and how in some circumstances, they are necessary to retain. The length of this retention and how you may choose to request that we delete some or all your personal data and the consequences of the deletion are explained in this policy.

1.11 Some of the legal bases we rely on are contractual and service necessity, consent, legitimate interests and compliance with legal obligations.

1.12 We want you to have the necessary and relevant understanding of how and why we process your personal data so that you can make fully informed decisions on whether to allow us to retain your personal data or delete them. Section 2 explains your rights under applicable law and section 3 lets you know when the Privacy Policy applies.

1.13 We strive to keep the policy easy to understand and transparent, and so we refrain from overuse of technical information. If you wish to have further details on how we process your personal data, please contact us.

2. Know Your Rights

2.1 We try to ensure that the users of our products and services always have an open line of communication with us. You can contact us at any time if you have any questions, queries or requests about your personal data and, if European law applies to the processing of your data, about your right to request access to, modify, remove or export your data, or object to our processing of your data.

2.2 If you contact us to obtain the necessary information and action changes, corrections or deletions of your personal data, we will action your request within one month of receiving a request from you concerning any one of your rights as a data subject. Should we be inundated with requests or particularly complicated requests, the time limit may be extended to a maximum of another two months.

3. When Our Privacy Policy Applies

3.1 You should know that our Privacy Policy applies to the following situations and activities:

  1. Online activities
  2. Any personal data collected from you when you visit our websites or use our products or services.
  3. Phone contacts
  4. Any personal data collected from you when you call us for sales or customer support.
  5. contacts
  6. Any personal data collected from you at a “live” or in-person event such as a trade show.
  7. Other circumstances
  8. Any personal data collected from you when you contact us by email.

4. When Our Privacy Policy Does Not Apply

4.1 We are not responsible for the privacy practices of third parties. Your use of a third-party site will be governed by the terms and conditions, privacy policy, and data security policy of the third-party site.

5. Disclosing Your Personal Data to Third Parties

5.1 We are required to disclose your personal data to unrelated third parties in limited circumstances:

  1. where necessary to satisfy a legitimate government request or order;
  2. in compliance with a legal requirement by a court of law or in the public interest;
  3. in response to a third-party subpoena, if we believe on the advice of our attorneys that we are required to respond;
  4. where we hire a contractor to perform a service for us, such as product development or market research (but not if doing so would violate the terms of our privacy policy, or laws governing personal data);
  5. if we obtain your permission; or
  6. if necessary to defend ourselves or our users (for example, in a lawsuit).

6. International Transfers of Your Personal Data

6.1 We are an international business that provides its products and services all around the world. In order to reach all of our users and provide all of them with our services, we operate on an infrastructure that spans the globe. The servers that are part of this infrastructure may therefore be located in a country different than the one where you live. In some instances, these may be countries outside of the European Economic Area (“EEA”), where the level of protection provided by the laws of these countries may be different than the high standard enshrined in the GDPR. Regardless, we provide the same GDPR-level of protection to all personal data it processes.

At the same time, when we transfer personal data outside of the EEA, we always make sure to put in place appropriate and suitable safeguards, such as standardized contracts approved by the European Commission, which legally bind the receiving party to adhere to a high level of protection, and to ensure that your data remains safe and secure at all times and that your rights are protected.

Situations where we transfer personal data outside of the EEA include provision of our products and services, processing of transactions and your payment details, and the provision of support services.

7. Sharing of Information among Yapta Entities

7.1 Our data collection and management practices do not vary by location. We follow the same “data minimisation” procedure with respect to all personal data in our possession, regardless of the jurisdiction from which it was collected, and regardless of whether the data is transferred from one member of the Yapta Group to another.

7.2 We reserve the right to store and use the information collected by our software and to share such information among the Yapta Group to improve our current and future products and services, to help us develop new products and services, and to better understand the behaviour of our users.

7.3 Any reference in this policy to “Yapta Group” means its, direct and indirect, parent companies and any company that is, directly or indirectly, controlled by or under common control by Yapta, Inc.

8. Storage, Retention, and Deletion of Your Personal Data

8.1 Storage of Information

We store information that we collect on our servers or on the servers of our subsidiaries, affiliates, or contractors who are working on our behalf.
The data on our servers can only be accessed from our physical premises, or via an encrypted virtual private network (“VPN”). Access is limited to authorised personnel only, and company networks are protected, and subject to additional policies and procedures for security.

8.2 Access by our contractors

We or our subsidiaries, affiliates, or contractors who are working on our behalf undertake regular maintenance of your personal data. All third parties must agree to observe the privacy of our users, and to protect the confidentiality of their personal information. This means your personal data cannot be shared with others, and there must be no direct marketing by the third parties.

8.3 Retention and Deletion of Your Personal Data

We retain data for limited periods when it needs to be kept for legitimate business or legal purposes. We collect data when you use Yapta Services. What we collect, why we collect it, and how you can manage your information are described in our Privacy Policy. If you registered an account with us, you may see a copy of the personal data collected from you upon request.

For each type of data, we set retention timeframes based on the reason for its collection and processing.  Some data you can delete whenever you like, and some data is deleted automatically as soon as we do not need it for our legitimate business or legal purposes. We do not delete data that we need for our legitimate or legal purposes, even upon request, until the purposes expire. We also take steps to anonymize certain data within set time periods. We may also amend the personal data we keep in such a way that you cannot be identified, for example, by hashing. We may retain a “key” to the hashing, but we will securely store it separately from the hashed data.
When the data is deleted, we remove it from our servers or retain it only in anonymized form.

8.4 The following describes why we hold onto different types of data for different periods of time:

  1. We keep your data for the life of your account, if it’s necessary for the service (such as support or communication) or if it helps us understand how users interact with our features and how we can improve Yapta Services.
  2. If you registered an account with us, we will keep data in your account until you choose to delete the account.
  3. If you subscribe to a recurring newsletter, we will keep your information to continue to fulfil your subscription request.

We have business and legal requirements that require we retain certain personal data, for specific purposes, for an extended period of time.

8.5 Reasons we might retain some data for longer periods of time include:

  1. Security, fraud & abuse prevention
  2. Financial record-keeping
  3. Complying with legal or regulatory obligations, including for investigations, enforcement, or when legally actionable
  4. Ensuring the continuity of Yapta Services
  5. Direct communication with you for support and marketing.

8.6 Cookies

What are cookies?

A cookie is a file containing an identifier, a string of letters and numbers, that is sent by a web server to the web browser you are using to access this site and is stored by that browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date (e.g. 30 days), unless deleted by the user before the expiry date; a session cookie will expire at the end of the user session, when the web browser is closed.

Why and How we use cookies

We use cookies to improve the user experience across our website. The purposes for which they are used, are set out below:

  1. recognize a computer when a user visits the website
  2. track users as they navigate the website
  3. improve the website’s usability
  4. analyze the use of the website
  5. administer the website
  6. improve the security of the website
  7. personalize the website for our users

Can a User refuse to accept cookies?

Yes. Even if you refuse to accept cookies from Yapta, you can still access the website and use Yapta services. Certain functionality, such as automatically logging in the user and preferred user settings may need to be redone at the start of each visit.

Managing Cookies by Browser

Browsers have functionality that allows users to block, allow and delete cookies. If you want to know more about how to remove or block cookies, please access the Help guide for the browser you are using. Searching their Help menu for key words or phrases such as “delete cookie” will result in details on how to manage cookies on your device.

9. Data Security

9.1 Safeguards for protection of personal information

We maintain administrative, technical, and physical safeguards for the protection of your personal data.

9.2 Administrative safeguards

Access to the personal data of our users is limited to authorized personnel who have a legitimate need to know based on their job descriptions, for example, employees who provide support to end users, or who service user accounts. In the case of third-party contractors who process personal information on our behalf, similar requirements are imposed. These third parties are contractually bound by confidentiality clauses, even when they leave. Where an individual employee no longer requires access, that individual’s credentials are revoked.

9.3 Technical safeguards

We store your personal information in our database using the protections described above. In addition, we utilize up-to-date firewall protection for an additional layer of security. We use high-quality antivirus and anti-malware software, and regularly update our virus definitions. Third parties who we hire to provide services and who have access to our users’ data are required to implement privacy and security practices that we deem adequate.

9.4 Physical safeguards

Access to user information in our database by Internet is not permitted except using an encrypted virtual private network (VPN). Otherwise, access is limited to our physical premises. Unencrypted removal of personal data from our location is forbidden. Third-party contractors who process personal data on our behalf agree to provide reasonable physical safeguards.

9.5 Proportionality

We strive to collect no more personal data from you than is required by the purpose for which we collect it. This, in turn, helps reduce the total risk of harm should data loss or a breach in security occur. The less data we collect, the smaller the overall risk.

9.6 Notification in the event of breach

In the unlikely event of a breach in the security of personal data, we will notify all users who are actually or potentially affected.

We may tailor the method of notice depending on the circumstances. Where the only contact information that we have for you is an email address, then the notification will necessarily be by email. Where we believe there are affected users for which we have no contact information on file, we may give notice via publication on our company website.

We reserve the right to delay notification if we are asked to do so by law enforcement or other authorities, or if we believe that giving notice immediately will increase the risk of harm to our user body overall.

10. Other Jurisdictions

10.1 Your California Privacy Rights

Under California Civil Code § 1798.83, we are required to disclose to consumers the following information upon written request: (1) the categories of personal information that we have disclosed to third parties within the prior year, if that information was subsequently used for marketing purposes; and (2) the names and addresses of all such third parties to whom such the personal information was disclosed. We hereby disclose that we have not disclosed any such personal information regarding any California resident during the one-year period prior to the effective date of this Privacy Policy. California residents seeking additional information on this requirement or our privacy practices in general may write to us at with the headline “PRIVACY REQUEST” in the message line.

11. Policy Changes

11.1 Updates to our Privacy Policy will occur from time to time and we will publish these changes on our website.

11.2 We suggest that you check our Privacy Policy every so often to keep yourself informed.

11.3 Where the changes are major, we will notify you through posts on our website and by email notification.

12. Contacting Us

12.1 We are registered as Yapta, Inc. and our registered address is 401 2nd Ave S, Suite 101, Seattle WA 98104 United States.

12.2 Dispute Resolution

If you do not receive timely acknowledgment of your complaint, or if you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at

12.3 Contact Detail

You can reach us by email at Please type “PRIVACY REQUEST” in the message line of your email so we can have the appropriate member of the Yapta team respond.

You can send postal mail to Yapta, Inc., 401 2nd Ave S, Suite 101, Seattle WA 98104 United States. Be sure to write “Attention: PRIVACY” in the address so we know where to direct your correspondence.

13. Data Protection Officer

13.1 As required under the GDPR, we have a data protection officer (DPO) to monitor our compliance with the GDPR, provide advice where requested and cooperate with supervisory authorities. You can contact our data protection officer via