Privacy Policy
Last updated: 28 October 2025
1. Who we are & scope
PointVoyager ("we", "us", "our") provides tools to search, track and analyse Virgin Atlantic reward seats. We are the data controller for personal information we collect through our website and services unless stated otherwise in this notice.
2. Information we collect
- Account & contact: name, email address, password (stored using one‑way hashing).
- Usage & search: routes and dates you view, searches and filters, saved searches/alerts, settings and interactions.
- Device & analytics: IP address, approximate location, browser/OS, pages viewed, referring/exit pages, and similar diagnostic data.
- Support: content of messages you send to us (e.g., via the contact form).
- Payments (if enabled): handled by our payment provider; we do not store full card numbers.
3. How we use your information
- Provide the service (e.g., run searches, create and manage alerts, show price history).
- Operate, secure and troubleshoot the site (including authentication and abuse prevention).
- Send transactional messages (e.g., confirmations, service notices, alert emails).
- Improve features and performance using aggregated analytics.
- Where you agree, send product updates or offers — you can opt out anytime.
- Comply with legal requirements and enforce our Terms.
4. Lawful bases (UK/EU/EEA)
When GDPR/UK GDPR applies, we rely on the following legal bases:
- Contract: to create your account, run searches and alerts, and provide customer support.
- Legitimate interests: site security, fraud/abuse prevention, product analytics and improvement (balanced against your rights).
- Consent: optional marketing communications and certain cookies where required.
- Legal obligation: to meet regulatory or law‑enforcement requirements.
5. Cookies & tracking
We use cookies or similar technologies for authentication, preferences and performance. Analytics cookies help us understand usage patterns so we can improve PointVoyager. You can control cookies in your browser settings. If we add a site‑level cookie manager, you will be able to adjust preferences there.
6. Sharing & disclosure
We do not sell your personal data. We share limited data with trusted service providers (hosting, analytics, email delivery, payment processing) under contract, and with authorities where required by law. If we undergo a business transaction (e.g., merger, acquisition), your data may transfer as permitted by law and this notice.
7. Retention
We keep personal data only as long as necessary for the purposes described above, after which we delete or anonymise it. Typical periods are:
| Category | Typical retention |
|---|---|
| Account profile | For the life of the account; basic records may be kept for up to 6 years for legal/accounting purposes. |
| Saved searches & alerts | Until you delete them or your account is closed. |
| Support messages | Generally up to 24 months after the ticket is closed. |
| Server & security logs | Typically up to 12 months unless longer is needed to investigate issues. |
8. Security
We use safeguards including encryption in transit, access controls and least‑privilege practices. No method of transmission or storage is 100% secure; we work to protect your information and review our measures regularly.
9. International transfers
Your data may be processed in countries outside your own. Where applicable, we use appropriate safeguards (such as Standard Contractual Clauses) to protect data transferred from the UK/EU/EEA.
10. Your rights
Depending on your location, you may have the right to access, correct, delete, restrict or object to processing, and to data portability. You can also withdraw consent where we rely on it. To exercise rights, contact us using the details below. We may need to verify your identity before acting on a request.
UK/EU: you also have the right to complain to your local supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO).
US (California) – CPRA: we do not sell or share personal information for cross‑context behavioural advertising. California residents may request access, deletion and correction using the contact details below.
11. Email choices
Transactional messages (e.g., password resets, service notices) are necessary for the service. You can opt out of marketing emails via the unsubscribe link in any message or by contacting us. Alert emails are part of the service; you can disable them per alert in My Alerts.
12. Children’s privacy
PointVoyager is not directed to children and we do not knowingly collect personal data from individuals under 16. If you believe a child has provided personal data, please contact us so we can delete it.
13. Changes to this policy
We may update this policy to reflect changes to our practices or legal requirements. We will update the “Last updated” date above and, where appropriate, provide additional notice.
14. Contact
Questions or privacy requests? Email support@pointvoyager.com.