Home
About Us
Contact UsPrivacy Policy
IMPORTANT NOTICE: This Privacy Policy describes how Travyara.com, operated by Hydra Travels Inc. ("we," "us," or "our"), collects, uses, discloses, and safeguards your personal information when you visit our website www.travyara.com, use our booking services, or interact with us in any manner. Please read this Privacy Policy carefully. By accessing or using our website and services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use our services.
1. Introduction and Scope
Travyara.com (hereinafter referred to as "Travyara," "we," "us," or "our") is a licensed, independent travel agency operated by Hydra Travels Inc., a corporation duly organized and operating under applicable state and federal laws of the United States. We hold accreditation with the Airlines Reporting Corporation (ARC), Accreditation Number 45572424, authorizing us to issue airline tickets and facilitate travel-related bookings on behalf of our clients.
This Privacy Policy applies to all personal information collected through our website located at www.travyara.com, our mobile applications, our call center operations, email correspondence, social media interactions, in-person consultations, and any other channels through which you interact with us. This policy applies to all users of our services, including prospective travelers who browse our website, clients who book travel through us, and individuals who contact us for information or assistance.
As an independent travel agency, Travyara.com acts as an intermediary between travelers and travel suppliers, including but not limited to airlines, hotels, car rental companies, cruise lines, tour operators, travel insurance providers, and other ancillary service providers. While we facilitate bookings with these third parties, we maintain our own data practices which are governed by this Privacy Policy. It is important to understand that once you are directed to or have purchased services directly from a supplier, their own privacy policies will govern the collection and use of your personal data by those entities.
We are committed to protecting your personal information in accordance with applicable federal and state privacy laws, including but not limited to the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), applicable provisions of the Children's Online Privacy Protection Act (COPPA), the CAN-SPAM Act, and applicable international privacy frameworks including, where applicable, the General Data Protection Regulation (GDPR) and other regional data protection laws.
This Privacy Policy is intended to be comprehensive and transparent. If at any time you have questions about this policy or our data practices, we encourage you to contact us using the information provided in the Contact Us section at the end of this document.
2. Categories of Personal Information We Collect
We collect various categories of personal information depending on your interactions with our website and services. The following table summarizes the categories of personal information we collect, the sources from which we collect such information, and the business purposes for which we use it.
| Category of Information | Examples of Data Collected | Primary Purpose of Collection |
|---|---|---|
| Identification Data | Name, date of birth, government-issued ID numbers, passport number, nationality | Account creation, booking, ID verification, regulatory compliance |
| Contact Information | Email address, phone number, mailing address, emergency contact details | Service delivery, notifications, customer support |
| Payment Information | Credit/debit card numbers, billing address, bank account information (tokenized) | Processing transactions, fraud prevention |
| Travel Preferences | Seat preferences, meal requirements, frequent flyer numbers, loyalty program IDs | Personalizing travel bookings and recommendations |
| Health and Accessibility | Dietary restrictions, disability-related accommodation requests, medical requirements | Arranging appropriate travel accommodations |
| Booking and Transaction History | Past bookings, itineraries, cancellations, refund history | Account management, dispute resolution, service improvement |
| Device and Technical Data | IP address, browser type, operating system, device identifiers, cookies | Website functionality, security, analytics |
| Communications Data | Emails, chat logs, call recordings, support tickets | Customer service, quality assurance, legal compliance |
| Marketing Preferences | Email preferences, communication opt-ins and opt-outs | Personalized marketing communications |
| Sensitive Personal Information | Passport nationality, visa status, health-related travel needs | Travel documentation and regulatory compliance |
2.1 Information You Provide Directly
When you use our services, you may directly provide us with personal information in the following contexts:
- Account Registration: When you create an account on our website, we collect your name, email address, password, phone number, and billing address.
- Travel Booking: When you make a booking, we collect traveler names, dates of birth, passport or national ID information, contact details, payment information, and any special requirements for all travelers included in the booking.
- Customer Service Interactions: When you contact us for support, we collect the information you share during those interactions, including the nature of your inquiry, relevant booking details, and any personal information you voluntarily provide.
- Newsletter and Marketing Sign-Ups: When you subscribe to our email newsletters or promotional communications, we collect your name and email address.
- Surveys and Feedback: If you complete customer satisfaction surveys or provide feedback, we collect the responses and any identifying information you choose to include.
- Promotions and Contests: Participation in any promotions, contests, or sweepstakes may require submission of personal information as specified at the time of entry.
2.2 Information Collected Automatically
When you visit our website or use our digital services, we automatically collect certain technical information through cookies, web beacons, pixel tags, and similar technologies, including:
- Log data such as your IP address, browser type and version, operating system, referring URLs, pages viewed, and timestamps.
- Device identifiers and characteristics, including hardware model, screen resolution, and device type.
- Location data at the city or regional level derived from your IP address.
- Usage patterns, click streams, search queries made on our website, and session duration.
- Cookie identifiers and similar tracking technologies as described in our Cookie Policy below.
2.3 Information from Third Parties
- Travel Suppliers: Airlines, hotels, and other suppliers may share information with us when you have existing bookings or loyalty program memberships.
- Payment Processors: Our payment processing partners may provide fraud-related signals and transaction data.
- Social Media Platforms: If you choose to link your social media accounts or interact with our social media pages, we may receive certain profile information.
- Credit and Background Check Agencies: In limited circumstances involving corporate accounts or high-value transactions, we may receive creditworthiness information.
- Analytics and Advertising Partners: We may receive aggregated demographic and behavioral insights from analytics and advertising partners.
We may also receive personal information about you from third-party sources, including:
3. How We Use Your Personal Information
We use the personal information we collect for specific, legitimate purposes directly related to the provision of travel agency services and the operation of our business. We process your personal information only when we have a lawful basis to do so. The following table outlines our processing purposes and the corresponding legal bases.
| Processing Purpose | Legal Basis |
|---|---|
| Processing and fulfilling travel bookings, including airline reservations, hotel accommodations, car rentals, and vacation packages | Performance of a contract / Pre-contractual steps |
| Communicating booking confirmations, itinerary changes, cancellation notices, and other transactional messages | Performance of a contract |
| Processing payments and preventing fraudulent transactions | Performance of a contract / Legitimate interests |
| Verifying your identity and the identities of all travelers included in a booking | Legal obligation / Contract performance |
| Complying with airline and government requirements for passenger name records (PNR) and advance passenger information (API) | Legal obligation |
| Providing customer support, resolving disputes, and responding to inquiries | Contract performance / Legitimate interests |
| Sending promotional communications, travel offers, and newsletters (with consent) | Consent / Legitimate interests |
| Improving our website, services, and user experience through analytics | Legitimate interests |
| Conducting internal research and business intelligence for service development | Legitimate interests |
| Complying with ARC reporting requirements and travel industry regulations | Legal obligation |
| Enforcing our Terms and Conditions and other legal agreements | Legitimate interests / Legal obligation |
| Protecting the security of our systems and preventing unauthorized access | Legitimate interests / Legal obligation |
3.1 Communications and Marketing
With your consent or where otherwise permitted by applicable law, we may send you marketing communications about our travel deals, destination guides, special promotions, and new services. You may opt out of receiving marketing communications at any time by clicking the unsubscribe link in any marketing email, contacting us directly using the contact information provided below, or updating your communication preferences in your account settings. Please note that even if you opt out of marketing communications, we will continue to send you transactional and service-related communications necessary for the fulfillment of any active bookings or legal obligations.
3.2 Automated Decision-Making
In certain limited circumstances, we may use automated processing to make decisions that affect you, such as fraud detection and prevention systems that may flag transactions for review. Where such automated decision-making has a legal or similarly significant effect on you, you have the right to request human review of such decisions. Please contact us using the information in the Contact Us section if you believe an automated decision has been made about you that you wish to contest.
4. Disclosure and Sharing of Personal Information
We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. However, we do share your personal information with certain categories of third parties as necessary to provide our services and operate our business. The following table summarizes the categories of recipients with whom we share personal information and the purpose of such sharing
| Recipient Category | Examples | Purpose of Sharing |
|---|---|---|
| Travel Suppliers | Airlines, hotels, car rental companies, cruise lines, tour operators | To fulfill your booking requests and reservations |
| Global Distribution Systems (GDS) | Amadeus, Sabre, Travelport, and similar systems | To search and book travel inventory on your behalf |
| Payment Processors | Stripe, Braintree, or other PCI-DSS compliant processors | Secure payment processing and fraud prevention |
| Travel Insurance Providers | Licensed travel insurance underwriters and administrators | To offer and administer travel insurance products |
| Technology Service Providers | Cloud hosting, CRM, email delivery, analytics vendors | To operate and maintain our website and services |
| Legal and Compliance Authorities | Government agencies, law enforcement, courts | When required by law, subpoena, or regulatory mandate |
| ARC and IATA | Airlines Reporting Corporation, International Air Transport Association | Regulatory reporting and accreditation compliance |
| Business Successors | Potential or actual acquirers, merger partners | In the event of a business transaction |
| Professional Advisors | Attorneys, accountants, auditors, insurers | For legal, financial, and compliance purposes |
4.1 Travel Supplier Data Sharing Requirements
As a travel agency facilitating bookings with third-party suppliers, we are required to share your personal information — including names, dates of birth, passport numbers, contact information, and payment details — with the relevant suppliers to complete your booking. Once your information is shared with a supplier, that supplier's privacy practices govern their use of your information. We strongly encourage you to review the privacy policies of any airline, hotel, or other supplier with whom we facilitate a booking on your behalf.
4.2 Government and Regulatory Disclosures
Airlines and travel agencies are required by law to provide certain passenger information to government authorities. This may include Advance Passenger Information (API) submitted to destination country border control agencies, Passenger Name Record (PNR) data shared with security agencies such as the U.S. Transportation Security Administration (TSA), U.S. Customs and Border Protection (CBP), and their international equivalents, as well as financial reporting required by the ARC and other regulatory bodies. These disclosures are mandatory and cannot be avoided. By booking international travel through our services, you acknowledge and consent to these legally required government data transmissions.
4.3 International Data Transfers
Given the international nature of travel, your personal information may be transferred to and processed in countries other than the country in which you reside. These transfers are necessary to complete your travel bookings with international suppliers. When we transfer your personal data outside of the European Economic Area (EEA) or other regions with data transfer restrictions, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission, or other recognized legal transfer mechanisms. By using our services to book international travel, you acknowledge that such transfers are inherent to the nature of international travel facilitation.
5. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, personalize content, and deliver targeted advertising. This section explains what cookies are, the types we use, and how you can manage your cookie preferences.
5.1 What Are Cookies?
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work more efficiently, remember your preferences, and provide information to website owners. Similar technologies include web beacons (also called pixel tags or clear GIFs), local storage objects, and device fingerprinting techniques.
| Cookie Type | Description and Purpose |
|---|---|
| Strictly Necessary Cookies | Required for the basic functioning of the website, including session management, security, and login authentication. These cannot be disabled. |
| Functional Cookies | Remember your preferences such as language, currency, and saved searches to provide a personalized experience. |
| Performance and Analytics Cookies | Collect aggregated data about how visitors use our website to help us improve website performance and user experience (e.g., Google Analytics). |
| Marketing and Advertising Cookies | Track your browsing habits to deliver relevant advertisements and measure the effectiveness of our marketing campaigns. |
| Third-Party Cookies | Set by third-party services integrated into our website, such as social media sharing buttons, payment processors, and live chat tools. |
5.2 Managing Your Cookie Preferences
You can manage your cookie preferences through several methods:
Cookie Consent Banner: When you first visit our website, you will be presented with a cookie consent banner where you can accept or decline non-essential cookies.
Browser Settings: Most web browsers allow you to control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website.
Third-Party Opt-Out Tools: You can opt out of interest-based advertising through industry opt-out programs such as the Digital Advertising Alliance's opt-out tool at www.aboutads.info.
Do Not Track: Our website does not currently respond to browser Do Not Track signals, as there is no industry standard for how such signals should be interpreted.
6. Data Retention
We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, enforce our agreements, and conduct our business operations. The following table provides our general retention periods for different categories of personal information.
| Data Category | Retention Period |
|---|---|
| Booking and Transaction Records | Minimum 7 years from date of transaction (IRS and ARC compliance requirements) |
| Passport and Travel Document Copies | Duration of booking plus 2 years for compliance purposes; deleted thereafter |
| Customer Account Information | Duration of account plus 3 years after account closure or last activity |
| Payment Card Data | Payment card numbers are tokenized and never stored in full; transaction records retained 7 years |
| Customer Service Communications | 3 years from date of communication for quality and legal purposes |
| Marketing Preferences and Consent Records | Until you withdraw consent plus 3 years for proof of consent |
| Website Analytics Data | 26 months in aggregated and anonymized form |
| Fraud Prevention Data | Up to 5 years to detect and prevent fraudulent activity |
When personal information is no longer required for any legitimate purpose, we securely delete or anonymize it in accordance with our data disposal procedures. Where secure deletion is not immediately possible due to technical constraints (for example, data in backup systems), we isolate the data from further processing until deletion is feasible.
7. Data Security
We implement industry-standard technical, organizational, and administrative security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction. Our security program includes the following key elements:
| Security Measure | Description |
|---|---|
| Encryption | All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS 1.2 or higher). Sensitive data at rest is encrypted using AES-256 encryption. |
| Access Controls | Access to personal data is restricted to authorized personnel on a need-to-know basis. We use role-based access controls and multi-factor authentication for internal systems. |
| PCI DSS Compliance | Our payment processing systems comply with the Payment Card Industry Data Security Standards (PCI DSS) Level 1. Credit card numbers are never stored on our servers. |
| Network Security | We maintain firewalls, intrusion detection systems, and regular security monitoring to protect against unauthorized network access. |
| Third-Party Security Assessments | We conduct periodic security audits and require our key technology partners to demonstrate appropriate security certifications and practices. |
| Employee Training | All employees with access to personal data receive privacy and security training as part of their onboarding and on an ongoing basis. |
| Incident Response | We maintain a data breach incident response plan that includes timely notification to affected individuals and regulatory authorities as required by law. |
Despite our best efforts, no security measure is completely infallible. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant regulatory authorities within the timeframes required by applicable law. If you believe your account has been compromised or you have noticed unauthorized activity, please contact us immediately using the information provided in the Contact Us section.
8. Your Privacy Rights
Depending on your location and applicable law, you may have certain rights regarding your personal information. We are committed to honoring these rights. The following table summarizes the key rights available to individuals under major privacy frameworks.
| Privacy Right | Description | Applicable To |
|---|---|---|
| Right of Access | Request a copy of the personal information we hold about you | All users (CCPA, GDPR, and similar laws) |
| Right to Correction / Rectification | Request correction of inaccurate or incomplete personal information | All users |
| Right to Deletion / Erasure | Request deletion of your personal information subject to legal exceptions | All users (subject to retention obligations) |
| Right to Data Portability | Receive your personal data in a structured, machine-readable format | EEA residents (GDPR); CA residents (CPRA) |
| Right to Restrict Processing | Request limitation of how we process your personal information | EEA residents (GDPR) |
| Right to Object to Processing | Object to processing of your data for direct marketing or legitimate interests | EEA residents (GDPR) |
| Right to Opt Out of Sale/Sharing | Opt out of the sale or sharing of personal information for cross-context advertising | California residents (CCPA/CPRA) |
| Right to Limit Sensitive Data Use | Limit use of sensitive personal information to necessary purposes | California residents (CPRA) |
| Right to Non-Discrimination | Not to receive discriminatory service for exercising your privacy rights | California residents (CCPA) |
| Right to Lodge a Complaint | File a complaint with a data protection authority | EEA residents and others depending on jurisdiction |
8.1 How to Exercise Your Rights
To exercise any of the privacy rights described above, you may submit a request by:
- Email: Send your request to the email address listed in the Contact Us section below, with the subject line 'Privacy Rights Request.'
- Phone: Call us at the phone number listed in the Contact Us section below during business hours.
- Mail: Send a written request to our mailing address listed in the Contact Us section below.
To process your request, we may need to verify your identity to ensure we do not disclose your information to unauthorized parties. Verification may involve asking you to confirm certain information we already have on file. We will respond to your request within the timeframes required by applicable law — generally 30 days for GDPR requests and 45 days for CCPA requests, with a possible extension of an additional 45 days where necessary.
8.2 Authorized Agents
California residents may designate an authorized agent to submit privacy rights requests on their behalf. To use an authorized agent, you must either provide the agent with written permission signed by you or provide a power of attorney. We may contact you directly to verify your identity and confirm that you authorized the agent to act on your behalf.
9. Children's Privacy
Our website and services are not directed to, and we do not knowingly collect personal information from, children under the age of 13. If you are a parent or guardian and believe that your child under 13 has provided us with personal information without your consent, please contact us immediately at the information provided in the Contact Us section. Upon verification, we will promptly delete such information from our records. For users between 13 and 18 years of age, we encourage parents and guardians to monitor and supervise their child's online activities and use of our services.
In accordance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly engage in the sale of personal information of minors under 16 years of age. Bookings involving minor travelers are processed with the consent of the accompanying adult travelers or the legal guardians who are responsible for the booking.
10. Third-Party Websites and Links
Our website may contain links to the websites of travel suppliers, partner organizations, and other third parties. These links are provided for your convenience and do not signify our endorsement of those websites. We have no control over the privacy practices of third-party websites, and this Privacy Policy does not apply to your interactions with those sites. We strongly encourage you to read the privacy policies of every website you visit, particularly before providing any personal information.
This includes, without limitation, links to airline websites, hotel booking engines, car rental platforms, travel insurance portals, and any social media platforms. When you click a link to a third-party website and leave www.travyara.com, you are subject to that website's terms and privacy practices.
11. Additional Disclosures for California Residents
This section provides additional information for residents of California pursuant to the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA), which amends and expands the CCPA. These rights are in addition to the general privacy rights described elsewhere in this Privacy Policy.
11.1 Categories of Personal Information Sold or Shared
We do not sell personal information for monetary consideration. However, we may share certain categories of personal information with advertising partners in ways that may constitute "sharing" for cross-context behavioral advertising purposes under the CPRA. You have the right to opt out of such sharing by contacting us as described in the Contact Us section or by using a legally recognized opt-out preference signal.
11.2 Shine the Light
California Civil Code Section 1798.83 (Shine the Light law) permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. If you are a California resident and wish to make such a request, please contact us using the information provided in the Contact Us section. We will respond within 30 days of receipt of your request.
11.3 California Consumer Rights Summary
- Right to Know: You may request to know the categories and specific pieces of personal information we have collected about you, the categories of sources, our business or commercial purposes for collecting it, and the categories of third parties with whom we share it.
- Right to Delete: Subject to certain exceptions (such as information needed to complete a transaction or comply with legal obligations), you may request that we delete personal information we have collected about you.
- Right to Correct: You may request that we correct inaccurate personal information that we maintain about you.
- Right to Opt-Out: You may direct us not to share your personal information for cross-context behavioral advertising purposes.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your California privacy rights.
12. Additional Disclosures for Nevada Residents
Nevada Revised Statutes Chapter 603A grants Nevada residents the right to direct certain businesses to not sell their covered information to third parties. We do not currently sell covered information as defined under Nevada law. However, if you are a Nevada resident and wish to submit a request related to our compliance with Nevada law, please contact us using the information in the Contact Us section.
13. Additional Disclosures for EEA, UK, and Swiss Residents
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following additional provisions apply to you under the General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, and the Swiss Federal Act on Data Protection (nFADP), respectively.
13.1 Data Controller
For the purposes of applicable data protection law, Hydra Travels Inc., operating Travyara.com, is the data controller in respect of personal information collected through our website and services. Our contact information is provided in the Contact Us section below.
13.2 Legal Bases for Processing
We process your personal data on the following legal bases: (a) Contract Performance — processing necessary for the performance of a contract to which you are party; (b) Legal Obligation — processing necessary for compliance with a legal obligation; (c) Legitimate Interests — processing necessary for legitimate interests pursued by us or a third party, except where overridden by your interests or fundamental rights; and (d) Consent — where you have given explicit consent for specific processing activities. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
13.3 International Transfers
Where we transfer your personal data outside of the EEA or UK to countries not recognized as providing an adequate level of protection, we implement appropriate safeguards as required by applicable law. These safeguards may include entering into Standard Contractual Clauses (SCCs) as approved by the European Commission and UK Information Commissioner's Office, or relying on binding corporate rules or other approved transfer mechanisms.
14. Changes to This Privacy Policy
We reserve the right to modify this Privacy Policy at any time to reflect changes in our data practices, legal requirements, or business operations. When we make material changes, we will update the 'Last Updated' date at the top of this policy and, where appropriate, notify you by email or through a prominent notice on our website prior to the changes becoming effective. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
Your continued use of our website and services after the effective date of any changes to this Privacy Policy constitutes your acceptance of the revised policy. If you do not agree to the updated Privacy Policy, you must stop using our services and may request deletion of your personal information as described above.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us through any of the following means:
| Travyara.com — Privacy Inquiries | Details |
|---|---|
| Company | Hydra Travels Inc. operating as Travyara.com |
| ARC Accreditation No. | 45572424 |
| Mailing Address | 8213 ALMONT,Plano,Texas 75024,United States |
| Phone Number | (877) 243-3688 |
| Email Address | support@travyara.com |
| Website | www.travyara.com |