Privacy Policy - Agent Mode

Introduction

Zeniva Travel is an AI-powered travel agency platform operated by Zeniva LLCwith operations in Canada and the United States. This policy applies only to Agent Mode users and does not replace the Traveler or Partner privacy notices.

Scope

This policy applies to:

• Travel agents and agency representatives.
• Sub-agents and contractors operating under an agency account.
• Corporate travel managers using Agent Mode tools.

Your relationship with Zeniva is governed by your commercial agreement and these privacy terms.

Information we collect from agents

Identity data

• Full legal name, business name, and address.
• Email, phone number, and professional license numbers.

Financial data

• EIN or Tax ID, banking details for commissions, and W-9 forms.
• Tax documentation required for compliance.

Compliance data

• Government-issued ID for KYC verification.
• AML checks and background verification where required.

Technical data

• IP address, device information, login history, and usage logs.
• Booking behavior analytics and platform activity.

Traveler data accessed by agents

Agents may access traveler data needed to fulfill bookings, including traveler names, passport details, itineraries, booking references, and limited payment confirmations. Agents act as data processors when accessing traveler data, and Zeniva acts as the platform operator and data controller.

Legal basis for processing

• Contractual necessity to provide Agent Mode services.
• Legitimate interests in operating and improving the platform.
• Legal compliance for tax, AML, and regulatory obligations.
• Fraud prevention and platform security.

AI and automated processing

Zeniva uses AI and automation to support Agent Mode operations, including:

• AI-generated itinerary assistance.
• AI fraud detection and risk scoring.
• Commission anomaly detection.
• Automated booking optimization.

No legally significant decisions are made solely by automated systems without human oversight where required by law.

Data sharing

We may share agent data with:

• Payment processors and banking institutions.
• Fraud prevention and compliance services.
• Travel suppliers to fulfill bookings.
• Cloud infrastructure and service providers.
• Legal authorities when required by law.

Zeniva does not sell agent personal data.

Payment and PCI compliance

Zeniva does not store full credit card numbers. We use PCI-compliant third-party payment processors, and financial data is encrypted in transit and at rest where appropriate.

Data retention

• While your agent contract remains active.
• Seven years after termination for financial compliance.
• Longer retention if required by law or litigation holds.

Security measures

• SSL/TLS encryption and secure communications.
• Role-based access control and audit logs.
• Data minimization and access reviews.
• Two-factor authentication where implemented.
• Incident response and breach notification protocols.

Agent responsibilities

• Use traveler data only for booking fulfillment.
• Do not export, resell, or disclose traveler data.
• Secure your credentials and notify Zeniva of any breaches.
• Comply with applicable data protection laws and contracts.

You agree to indemnify Zeniva for losses caused by unauthorized use or disclosure of traveler data.

U.S. privacy rights (CCPA)

• Right to know what personal data is collected and disclosed.
• Right to delete and correct personal data.
• Right to non-discrimination for exercising privacy rights.
• We do not sell personal data.

Canadian privacy rights (PIPEDA)

• Access to your personal information.
• Correction of inaccurate or incomplete data.
• Withdrawal of consent where applicable.

International transfers

Your data may be processed in Canada, the United States, or other jurisdictions with appropriate safeguards.

Contact information

Privacy contact: Alexandre Blais