Stayover.ai
Stayover.ai

Privacy Policy

11 min readLast updated March 12, 2026

Introduction

Stayover.ai ("we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what data we collect, how we use and share it, and the rights you have regarding your information.

This policy applies to all users of the Stayover.ai website located at stayover.ai and all related services, including our flight search, hotel comparison, and booking features (collectively, the "Services"). By using our Services, you acknowledge that you have read and understood this Privacy Policy.

Information We Collect

Personal Identifiers

When you create an account, make a booking, or contact us, we may collect the following personal identifiers:

  • Full name
  • Email address
  • Phone number

Government-Issued Identification

For flight bookings and certain international hotel reservations, we may collect government-issued identification details required by airlines and travel regulations:

  • Passport number
  • Nationality
  • Passport expiration date
  • Date of birth (when required by the carrier or destination country)

Payment Information

When you make a purchase through our Services, we collect payment-related information:

  • Credit or debit card number
  • Billing name and address
  • Card expiration date

Important: Payment information is processed by our third-party payment processor. We do not store full credit or debit card numbers on our servers. We may retain a truncated card number (last four digits) and card type for your reference and to assist with customer support inquiries.

Travel Data

We collect information related to your travel activity on our platform:

  • Flight and hotel search history
  • Booking history and itinerary details
  • Travel preferences (seat preferences, room types, airline loyalty programs)
  • Saved trips and wishlists

Device and Technical Information

When you access our Services, we automatically collect certain technical information from your device:

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers and device type
  • Screen resolution and language settings
  • Referring URL and pages visited
  • Date and time of access

Location Information

We collect approximate geographic location information derived from your IP address. We use this to display relevant currencies, nearby airports, and localized search results. We do not collect precise GPS-based location data unless you explicitly grant permission.

Cookies and Tracking Technologies

We use cookies, pixels, and similar tracking technologies to operate our Services, remember your preferences, and understand how you interact with our platform. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

How We Collect Information

We collect information through three primary methods:

  • Directly from you: When you create an account, fill out booking forms, submit traveler details, contact customer support, or communicate with us via email or chat.
  • Automatically: Through cookies, server logs, and similar technologies when you browse or interact with our Services. This includes page views, click patterns, and session duration.
  • From third parties: From travel suppliers (airlines, hotels, and ground transportation providers) who provide booking confirmations and updates, from payment processors who verify transactions, and from analytics providers who help us understand usage patterns.

How We Use Your Information

We use the information we collect for the following purposes:

  • Booking fulfillment: Processing and confirming flight and hotel reservations, issuing tickets and booking confirmations, and managing changes or cancellations to your itineraries.
  • Customer support: Responding to your inquiries, resolving complaints, and assisting with booking modifications or refund requests.
  • Payment processing: Charging for bookings, processing refunds, and detecting and preventing fraudulent transactions.
  • Personalization: Tailoring search results, recommendations, and pricing displays based on your travel history, preferences, and location.
  • Analytics and improvement: Analyzing usage patterns to improve our Services, develop new features, and optimize the user experience.
  • Fraud prevention and security: Detecting, investigating, and preventing fraudulent transactions, unauthorized access, and other illegal activities.
  • Marketing communications: Sending promotional offers, travel deals, and newsletters, but only with your prior consent. You may opt out at any time.
  • Legal compliance: Fulfilling our obligations under applicable laws, regulations, and legal processes, including tax reporting and responding to lawful requests from public authorities.

How We Share Your Information

We share your personal information only as necessary to operate our Services and fulfill your bookings. We may share your information with the following categories of recipients:

  • Airlines and hotels: We share traveler details (name, passport information, contact details) with airlines, hotels, and other travel suppliers as required to fulfill your bookings.
  • Payment processors: We share payment information with our third-party payment processor to complete transactions securely.
  • Analytics providers: We share aggregated and pseudonymized usage data with analytics providers to help us understand how our Services are used and to improve performance.
  • Law enforcement and legal authorities: We may disclose your information when required to do so by law, regulation, legal process, or enforceable governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website of any change in ownership or uses of your personal information.

We do not sell your personal information. We have not sold personal information in the preceding twelve months and have no plans to do so.

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Contractual necessity: Processing your data is necessary to perform the contract we have with you, including fulfilling flight and hotel bookings, processing payments, and managing your account.
  • Consent: We rely on your freely given consent for marketing communications and non-essential cookies. You may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Legitimate interest: We process certain data based on our legitimate interests, including website analytics, fraud prevention, improving our Services, and ensuring network and information security. We balance these interests against your rights and freedoms.
  • Legal obligation: We process your data as required by applicable law, including tax reporting requirements, anti-money laundering regulations, and responding to valid legal requests from law enforcement or regulatory authorities.

International Data Transfers

Stayover.ai operates globally, and your personal information may be transferred to and processed in countries other than the country in which you reside, including the United States. These countries may have data protection laws that differ from the laws of your country.

When we transfer personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we implement appropriate safeguards to ensure your data remains protected. These safeguards include:

  • Standard Contractual Clauses (SCCs): We use European Commission–approved Standard Contractual Clauses to govern transfers of personal data to our processors and partners outside the EEA.
  • Supplementary measures: Where necessary, we implement additional technical and organizational measures, such as encryption and access controls, to ensure the transferred data is adequately protected.

You may request a copy of the safeguards we use for international data transfers by contacting us at privacy@stayover.ai.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Our retention periods are as follows:

  • Booking data: We retain booking records, transaction history, and associated traveler information for 7 years from the date of the booking to comply with tax, accounting, and legal obligations.
  • Account data: We retain your account information (name, email, preferences) for as long as your account remains active. If you request account deletion, we will delete or anonymize your account data within 30 days, subject to our legal retention obligations.
  • Analytics data: We retain analytics and usage data for 26 months from the date of collection, after which it is aggregated or deleted.
  • Marketing data: We retain your marketing preferences and contact information until you opt out of marketing communications or request deletion.

When personal data is no longer needed, we securely delete or anonymize it so that it can no longer be associated with you.

Your Rights (GDPR)

If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation:

  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
  • Right to erasure: You have the right to request the deletion of your personal data, subject to certain legal exceptions (such as data we must retain for tax purposes).
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
  • Right to restriction: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.
  • Right to object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, please contact us at privacy@stayover.ai. We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

Your Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with the following rights:

  • Right to know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the information.
  • Right to delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
  • Right to correct: You have the right to request that we correct inaccurate personal information that we maintain about you.
  • Right to opt out of sale or sharing: You have the right to opt out of the sale or sharing of your personal information. As stated above, we do not sell your personal information. For more details, visit our Do Not Sell or Share My Personal Information page.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights. You will not receive different pricing, a different quality of service, or be denied service for exercising your rights.

To submit a verifiable consumer request, please contact us at privacy@stayover.ai. We will verify your identity before processing your request and respond within 45 days.

Children's Privacy

Our Services are not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@stayover.ai, and we will take steps to delete such information from our systems promptly.

If we become aware that we have inadvertently collected personal information from a child under 16, we will delete that information as soon as reasonably practicable.

Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS/SSL).
  • Encryption at rest: Sensitive personal data stored on our servers is encrypted at rest using industry-standard encryption algorithms.
  • Access controls: We enforce strict access controls, ensuring that only authorized personnel with a legitimate business need can access personal data. Multi-factor authentication is required for access to sensitive systems.
  • PCI DSS compliance: Our payment processing infrastructure complies with the Payment Card Industry Data Security Standard (PCI DSS) to ensure the secure handling of credit and debit card information.
  • Regular security assessments: We conduct regular security assessments, vulnerability scans, and penetration testing to identify and address potential vulnerabilities.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining the highest standards reasonably available.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last updated" date at the top of this page.

If we make material changes that significantly affect how we handle your personal information, we will notify you by email (using the address associated with your account) or by displaying a prominent notice on our website prior to the changes taking effect. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will make every effort to respond to your inquiry within 30 days. If you are located in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

Other Legal Pages

Terms of ServicePrivacy PolicyCookie PolicyBooking & CancellationAccessibilityDo Not Sell My Info