Privacy Policy

Last updated: May 2026

This Privacy Policy explains how Captivation AI Ltd (“Captivation AI”, “we”, “our”, or “us”) collects, uses, stores, and protects personal data when you use our range of services and related experiences (the “Services”).

Captivation AI Ltd is the controller of personal data processed through the Services unless otherwise stated.

1. INFORMATION WE COLLECT

Depending on how you interact with the Services, we may collect the following types of information.

1.1 Information You Provide

This may include:

email addresses submitted via the Services;
name, telephone number, home location, gender, age;
itinerary preferences;
destination interests;
survey or feedback responses;
AI interaction inputs and prompts; and
support enquiries or communications.

You should avoid submitting sensitive personal information through AI-assisted features unless specifically requested.

1.2 Technical and Usage Information

We may automatically collect limited technical information including:

browser type;
device type;
IP address;
session information;
platform interaction data; and
diagnostic and security logs.

This information helps us operate, secure, and improve the Services.

1.3 Booking and Referral Information

Where the Services include links or integrations with third-party providers, we may collect limited referral-related information such as:

selected experiences;
referral interactions;
destination selections; and
booking-related metadata.

Payments and booking fulfilment are handled by third-party providers and not by Captivation AI.

2. HOW WE USE INFORMATION

We use information collected through the Services to:

operate and improve the Services;
provide AI-assisted recommendations and guidance;
personalise experiences and content;
support discovery features;
respond to enquiries and feedback;
monitor platform performance and security;
analyse usage trends;
facilitate referral flows to third-party booking providers; and
comply with legal and regulatory obligations.

3. AI-ASSISTED FEATURES

The Services include AI-assisted functionality that may process user inputs, prompts, preferences, and interactions to generate recommendations, itineraries, translations, or informational responses.

AI-generated outputs may:

be inaccurate;
incomplete;
outdated; or
subjective.

AI interactions may be logged and reviewed for:

quality improvement;
safety monitoring;
debugging;
service development; and
platform protection.

You should independently verify important travel, pricing, safety, accessibility, and booking information before relying on AI-assisted outputs.

4. LAWFUL BASES FOR PROCESSING

Under UK GDPR and, where applicable, EU GDPR, we rely on the following lawful bases:

Activity

Lawful Basis

Operating the Services

Legitimate interests and/or contract

AI-assisted interactions

Legitimate interests

Platform security and monitoring

Legitimate interests

Service improvement and analytics

Legitimate interests

Responding to enquiries

Legitimate interests

Surveys and feedback

Legitimate interests or consent

Marketing communications

Consent

Legal compliance

Legal obligation

5. SHARING INFORMATION

We may share information with:

third-party booking or ticketing providers;
cloud hosting and infrastructure providers;
analytics providers;
customer support providers; and
legal, regulatory, or governmental authorities where required by law.

Where you proceed to a third-party booking provider, relevant information may be shared to facilitate the referral or booking process.

Third-party providers operate under their own terms and privacy policies.

We do not sell personal data.

6. INTERNATIONAL TRANSFERS

Information may be processed outside the UK or European Economic Area.

Where international transfers occur, we implement safeguards where required under applicable law.

7. DATA RETENTION

We retain personal data only for as long as reasonably necessary for:

operating the Services;
security and fraud prevention;
legal compliance;
dispute resolution; and
platform improvement and diagnostics.

Retention periods vary depending on the nature of the information and applicable legal obligations.

8. YOUR RIGHTS

Depending on your location and applicable law, you may have rights to:

request access to your personal data;
request correction of inaccurate information;
request deletion of personal data;
object to certain processing;
restrict processing;
withdraw consent;
request portability; and
lodge a complaint with a data protection authority.

You may exercise these rights by contacting us using the details below.

9. SECURITY

We implement reasonable technical and organisational measures designed to protect personal data and maintain platform security.

However, no online service can be guaranteed completely secure.

10. MARKETING COMMUNICATIONS

Where legally required, we will obtain consent before sending marketing communications.

You may unsubscribe from marketing communications at any time.

11. MINORS

The Services are intended for general audiences and are not specifically directed at children.

We do not knowingly collect personal data in circumstances where parental consent would be required under applicable law.

12. THIRD-PARTY SERVICES

The Services may contain links to or integrations with third-party websites, booking providers, venues, tourism operators, or external services.

We are not responsible for the privacy practices or content of third-party services.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes to the Services, legal requirements, or operational practices.

Updated versions will be published within the Services.

Your continued use of the Services following any updates constitutes acceptance of the revised Privacy Policy.

14. CONTACT US

Captivation AI Ltd
10 York Road
London
SE1 7ND

Support: support@captivationai.co

You may also have the right to contact your local data protection authority.