Privacy Policy

Updated: March 1, 2026



At  Foresyte, Inc., (“Foresyte Travel”, “Company”, “we”, “our” or “us”), we value your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our travel booking services in Australia, Canada, India, South Korea, Japan, the United Kingdom, the European Economic Area (EEA), and the United States. We comply with applicable data protection laws in these regions, including but not limited to the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and other relevant national and state laws.

We believe in being clear and open about how we collect data related to you when you visit our website at foresyteapp.com (the “Site”) (“Website”), download, access and /or use the mobile application named: Foresyte Travel  (“App”),  subscribe to/ purchase our services for budgeting and lifestyle planning, subscribe to our newsletter, interact with us, participate in online surveys, advertisements or marketing emails, opt-in for push notifications, opt-in to receive SMS mobile messages, or engage with any other websites, pages, features, or content we own, operate and/or provide (collectively with the Website and/or App (the “Services”).

This Privacy Policy (“Privacy Policy”) is designed to help you understand our data practices and assist you in making informed decisions when using our Services. Please read this Privacy Policy carefully. The Services are intended for users located in Australia, Canada, India, South Korea, Japan, the United Kingdom, the EEA, and the United States. By accessing and/or using the Services, you expressly acknowledge and agree that you reside in one of these jurisdictions and will only access and use the Services in compliance with applicable laws.

By accessing and using the Services, you acknowledge that we collect, use, store, and disclose your personal information as described in this Privacy Policy. Where required by applicable laws, we will obtain your consent before processing your personal information, and you may withdraw your consent at any time.

For users in certain jurisdictions, you may have specific rights regarding your personal information, including the right to access, correct, delete, or restrict its processing. To learn more about your rights and how to exercise them, please refer to the “Your Rights and Choices” section of this Privacy Policy.

The use of the Services and App is subject to our Terms of Service.






Types of data we collect.



We collect both Personal Information and Non-Personal Information, and the specific data we collect depends on how you use our Services. “Non-Personal Information” includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information, referring/exit pages and URLs, or platform types. “Personal Information” means data that allows someone to identify or contact you, including, for example, your name, address, telephone number, email address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data.






User information.


Types of data collected.

  • Identifiers. We collect your first and last name, email address, and phone number when you contact us.



Legal basis & use case.

  • Respond to inquiries and provide customer support (legitimate interest under GDPR/UK GDPR, implied consent under PIPEDA).
  • Send service-related communications (e.g., account updates, security alerts) (contractual necessity under GDPR/UK GDPR).
  • Send marketing communications, where permitted, and only with your consent (opt-in required under GDPR, UK GDPR, and PIPEDA; opt-out available under CCPA).



Your rights.

  • For users in the EEA, UK, and Canada, you may withdraw consent for marketing communications at any time. The Company does not sell, rent, trade, or otherwise transfer personal information to third parties for monetary consideration.
  • For more details on your rights, please refer to the “Your Rights and Choices” section of this Privacy Policy.






Account information.


Types of data collected.

  • Identifiers. Name, email address and phone number.
  • Contact list (if you provide consent): iPhone contact lists may be accessed only if you explicitly grant permission.



Legal basis & use case.

  • To provide and improve the Services (Legitimate interest under GDPR/UK GDPR, implied consent under PIPEDA).
  • To send marketing communications, including promotional text messages (Explicit consent required under GDPR, UK GDPR, and PIPEDA; opt-out required under CCPA).
  • To detect and prevent fraud (Legitimate interest under GDPR/UK GDPR; legal obligation where applicable).



Your rights.

  • If you provide consent, we may access your iPhone contact list to suggest relevant services to you and your contacts. You can withdraw consent at any time in your device settings.
  • The Company does not sell, rent, trade, or otherwise transfer personal information to third parties for monetary consideration.
  • For marketing text messages, you must opt in before receiving them, and you may opt out at any time by replying “STOP.”



Data retention.

We retain account information only as long as necessary to provide the Services and fulfill legal obligations. Specific retention periods depend on the type of data processed.






Feedback & support.


Types of data collected.

When you contact us for general inquiries, support requests, or to report an issue, we may collect personal data you provide, including:

  • Name
  • Email address
  • Phone number (if provided)
  • Inquiry details (e.g., the nature of your inquiry or issue, any screenshots or other attachments you submit)



Legal basis & use case.

We process your personal data to respond to your feedback, address your inquiries, and resolve issues related to our Services. The legal basis for processing this data is either:

  • Legitimate interest in resolving issues and improving the Services (GDPR, UK GDPR), or
  • Explicit consent (if sensitive data is involved).



Your rights.

  • You have the right to request access to your personal data and request corrections or deletions where applicable.
  • You can object to the processing of your personal data under legitimate interest at any time by visiting the Support Portal.



Data retention.

The Company does not sell, rent, trade, or otherwise transfer personal information to third parties for monetary consideration.






Emailing list.


Types of data collected.

When you sign up for one of our email lists, we collect the following personal information:

  • Name
  • Email address



Legal basis & use case.

  • We collect your personal data with your explicit consent to send you information about our products and services.
  • If you have opted-in, we will send you marketing emails related to our products, services, and updates.
  • Legitimate interest may be relied upon only for non-marketing communications, such as service-related notifications, but not for promotional content.



Your rights.

  • You can withdraw your consent to receive marketing emails at any time by using the unsubscribe button in the email or by contacting us directly.
  • The Company does not sell, rent, trade, or otherwise transfer personal information to third parties for monetary consideration.



Data retention.

We will retain your information only for as long as necessary to send you relevant communications, and you may request access to, correction, or deletion of your data at any time by visiting the Support Portal.






Mobile devices.


Types of data collected.

When you use the Services on your mobile device, we may collect the following information:

  • Contacts data (if enabled on your device) to accommodate collaborative itinerary planning.



Legal basis & use case.

  • Legitimate interest is our legal basis for processing mobile device data, but you have the right to object to this processing at any time. We do not sell or transfer your personal information.



Your rights.

  • You can withdraw your consent for processing data from your mobile device at any time by changing your device settings or by visiting the Support Portal.
  • The Company does not sell, rent, trade, or otherwise transfer personal information to third parties for monetary consideration.



Data retention.

We retain your mobile device data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy.






Website & application interactions.


Types of data collected.

We use technology to monitor how you interact with the Services. This may include the following types of data:

  • Interaction data, such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and issues encountered (e.g., loading errors).



Legal basis & use case.

  • We process this information based on our legitimate interest in improving the functionality and performance of the Services.
  • The Company does not sell or transfer personal information.



Your rights.

  • You have the right to opt-out of the collection of certain data at any time.
  • You may also withdraw your consent for data collection or processing at any time by adjusting your browser settings or device settings, or by visiting the Support Portal.



Data retention.

We will retain your data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, and in accordance with applicable legal requirements.






Transactional information.


Types of data collected.

We collect transactional information related to your interactions with our Services, including:

  • Information about transactions you have made through partner services via Foresyte Travel (e.g., the types of services or products purchased, dates of transactions, and amounts).
  • Partner service engagement details, such as which partner services you have previously engaged with through Foresyte Travel.



Legal basis & use case.

  • We process this data based on our legitimate interest in fulfilling contractual obligations related to the Services we provide to you (e.g., processing your transactions and delivering services as requested).
  • We also process your transactional information based on our legitimate interest in understanding your preferences and interests to offer you more tailored and relevant services or products that might be of interest to you.
  • If we use your transactional information for marketing purposes, we will obtain explicit consent before doing so, and you will have the option to withdraw consent at any time.



Your rights.

  • You have the right to access, rectify, restrict, and delete your transactional information.
  • The Company does not sell or transfer personal information.



Data retention.

We will retain your transactional information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy and to comply with legal obligations.






Logs.


Types of data collected.

We collect information related to your interaction with our Website and App, including:

  • Browser type, operating system, Internet Protocol (IP) address, domain name, click activity, referring website, and date/time stamps.
  • This data may be used to identify you either directly or indirectly in combination with other information.



Legal basis & use case.

  • Based on our legitimate interest, monitoring and maintaining the security of our networks and Services.
  • Analyzing and improving the functionality and performance of the Website and App.
  • Understanding how users interact with our Website and Services to enhance user experience and optimize our services.



Your rights.

  • You have the right to request access to the personal data we collect about you, to rectify or delete it, and to restrict processing under certain circumstances.
  • The Company does not sell, rent, trade, or otherwise transfer personal information to third parties for monetary consideration.



Data retention.

We will retain this log data for as long as necessary to fulfill the purposes outlined in this Privacy Policy and comply with our legal obligations. Data will be deleted once it is no longer needed for these purposes. We will only collect this data for specific and limited purposes and will not use it for purposes other than those outlined in this Privacy Policy.






Employment.


Types of data collected.

If you apply for a job posting or become an employee, we collect personal data necessary to process your application or retain you as an employee. This may include, but is not limited to, your name, contact details, social security number, employment history, and other personal information necessary for employment. Providing this information is required for employment and necessary to fulfill our contractual obligations or to take steps at your request before entering into an employment contract.



Legal basis & use case.

  • Contractual Necessity. We use your personal data to perform our contractual obligations related to your employment or job application.
  • Legal Obligations. In some contexts, we are required by law to collect and process certain information about our employees for purposes such as tax reporting, benefits administration, and compliance with employment laws.
  • Legitimate Interests. We also have a legitimate interest in using your information to manage staffing, workforce operations, and provide the Website and App to our customers.
  • We may collect and process sensitive personal data, including your Social Security Number, but only to the extent necessary for employment purposes. We will ensure that this data is processed securely and in compliance with applicable laws.



Your rights.

  • Access your personal data and obtain a copy of it.
  • Rectify any inaccurate or incomplete data.
  • Erase your personal data under certain circumstances.
  • Object to processing or request restriction of processing in certain situations.



Data retention.

If you are a resident of California, you have the right to request access to your personal data or request deletion of your personal data. If you would like to exercise any of these rights, please visit the Support Portal. The Company does not sell, rent, trade, or otherwise transfer personal information to third parties for monetary consideration.






Geolocation information.


Types of data collected.

When you use our Website, App, and Services, we collect your geolocation information through GPS, Wi-Fi, and/or cellular technology from your device to determine your location and provide you with tailored services. This geolocation data may include real-time location information when you actively engage with the service.



Legal basis & use case.

  • We process your geolocation data based on legitimate interests to improve and personalize your user experience by providing services relevant to your location.
  • You can withdraw your consent or adjust your device settings at any time to limit or stop the collection of geolocation data.



Your rights.

  • You may control location permissions in your device settings at any time. The Company does not sell or transfer personal information.



Data retention.

We will retain your geolocation data only as long as necessary for the purposes for which it was collected and in accordance with our retention policies. We take appropriate technical and organizational measures to ensure the security of your geolocation data.






Surveys.


Types of data collected.

When you participate in a survey, we collect the information you provide through the survey. The data we collect may include personal information (such as your name, email address, or responses to survey questions) depending on the nature of the survey. If the survey is provided by a third-party service provider, we recommend reviewing their privacy policy to understand how they handle your data. The third-party service provider’s privacy policy will apply to the collection, use, and disclosure of your information.



Legal basis & use case.

  • We collect this data to understand your opinions and preferences and to improve our services and the user experience.
  • We have a legitimate interest in gathering this information for our business purposes, including improving our offerings and better understanding the needs of our users.
  • If required by law, we will request your explicit consent before collecting any sensitive personal data through the survey.



Your rights.

  • In accordance with the GDPR, UK GDPR, CCPA, and PIPEDA, you have the right to access, correct, delete, or request the transfer of your survey data. You may also withdraw your consent at any time (if consent was required), without affecting the legality of the data processing carried out before your withdrawal.
  • The Company does not sell or transfer personal information.



Data retention.

We will retain the information collected through surveys for as long as necessary to fulfill the purpose of the survey. Once the data is no longer needed, we will delete or anonymize the data, in line with our data retention policies.



Third-party service providers.

If we use third-party service providers to administer surveys, we ensure that they comply with applicable data protection laws, including the GDPR, CCPA, and PIPEDA. You should refer to the third-party provider's privacy policy for more information on how your data will be used by them.






COPPA children's online privacy protection act.


Our Services are not intended for children and we do not intentionally or knowingly collect Personal Information from users under the age of 13 in the United States or under the age of 16 in the European Economic Area (EEA) and the United Kingdom, unless permitted by local law with verifiable parental consent.

If we discover that we have inadvertently collected Personal Information from a child under these age thresholds, we will take steps to delete such information promptly. If you believe that we may have collected information from a minor without the appropriate consent, please contact us immediately by visiting the Support Portal.






Information you provide to us.


We collect Personal Information from you, which may include:

  • Your first name, email address and phone number when you set up an account.
  • iPhone contact lists (only if you explicitly consent) to share them with us.
  • Communications data. If you contact us via email or provide feedback, we may collect your name (if stated), email address, and any content within the email for response purposes.
  • Survey data. If you participate in a survey, we may collect any information you voluntarily provide.
  • Email communications. We process emails in accordance with applicable federal laws and provide opt-out mechanisms in compliance with GDPR, CCPA, and the CAN-SPAM Act.






Collected via technology.


Types of data collected.

We analyze fully anonymized information about how users interact with our Website and App. This helps us improve the product.


Non-personal information.

  • The referring URL (the website you came from)
  • Browser type and device information
  • Date and time of access
  • Pages visited, clicks, scrolling behavior, and other interactions



Legal basis & use case.

We process data collected based on the following legal grounds:

  • Legitimate interests. Some tracking technologies are processed based on our legitimate interest in maintaining the security and functionality of our Services.



Your rights.

  • The Company does not sell, rent, trade, or otherwise transfer personal information to third parties for monetary consideration.






Use of your personal information.


Types of data collected.

We use your Personal Information to provide and improve our Services, comply with legal obligations, and support our business operations. We process your Personal Information based on your consent, contractual necessity, legal obligations, or our legitimate interests, as outlined below:


Account & security.

  • To facilitate the creation and secure your account
  • To identify you as a user in our system
  • To provide improved administration and security of the Services



Providing the services.

  • To deliver the Services you requested and fulfill contractual obligations
  • To send you rewards if you participate in our referral program
  • To respond to your inquiries related to employment opportunities or other requests



Marketing & communications.

  • To tailor marketing based on your preferences (requires consent under GDPR & opt-out under CCPA)
  • To post testimonials (requires explicit consent under GDPR)
  • To periodically send newsletters, surveys, offers, and other promotional materials related to our Services (requires opt-in consent under GDPR & opt-out under CCPA)
  • To deliver marketing communications (email, push, SMS) based on your preferences, where permitted by law and subject to your consent/opt-out settings.



Analytics & business operations.

  • To conduct data analysis and improve user experience
  • To comply with legal obligations, including fraud prevention and regulatory compliance
  • In limited circumstances, to investigate, prevent, or take action regarding illegal activities, suspected fraud, or threats to safety



Legal basis & use case.

We process your personal information based on:

  • Contractual necessity. When processing is necessary to fulfill our contractual obligations (e.g., account creation, providing Services).
  • Consent. When required by law, we will obtain your consent (e.g., marketing communications, testimonials).
  • Legitimate interests. When processing is necessary for our business operations (e.g., service improvements, security, analytics).
  • Legal obligations. When we are required to process data to comply with the law.






Use of non-personal information.


We use Non-Personal Information to help improve the Services, enhance user experience, and analyze trends and usage patterns. Where possible, we aggregate and de-identify data to ensure it cannot be used to re-identify an individual.

  • The Company does not sell or transfer personal information.
  • We will not attempt to re-identify anonymized data or allow third parties to do so.



If you have any questions about how we process Non-Personal Information, please visit our Support Portal.






How we share your personal information.


We do not sell your personal information. However, we may share information as described below and as described elsewhere in this Privacy Policy:

  • Service providers. Payment processors, travel partners (e.g., airlines, hotels), and IT service providers.
  • Legal authorities. When required by law or to protect our rights and users.



Third-party service providers.

We may share your Personal Information with third-party service providers to provide and enhance our Services, conduct quality assurance testing, perform marketing, analyze data, facilitate account creation, provide technical support, and develop future features.

These third-party service providers act as data processors or data controllers, depending on the nature of their processing activities. Where required, we ensure that appropriate data protection agreements (DPAs) and Standard Contractual Clauses (SCCs) are in place for international data transfers.

The Company does not sell, rent, trade, or otherwise transfer personal information to third parties for monetary consideration.



Data transfers & security.

Some of our third-party service providers are located outside the European Economic Area (EEA), UK, or Canada. Where required, we implement appropriate safeguards to ensure your Personal Information remains protected, such as:

  • Standard Contractual Clauses (SCCs) for transfers outside the EEA/UK.
  • Adequacy decisions for transfers to countries with recognized data protection laws.
  • Binding corporate rules (BCRs) or other safeguards as applicable.



If you have questions about our data practices, please visit our Support Portal.



Business transfers.

If (i) Foresyte Travel is acquired by, merges with, or receives investment from another company, or (ii) if any of Foresyte Travel’s assets are transferred to another company, whether as part of a bankruptcy, insolvency proceeding, or otherwise, we may transfer the Personal Information we have collected from you to the acquiring or successor company.

As part of this business transfer process, we may share limited Personal Information with lenders, auditors, attorneys, and consultants for legitimate business purposes, provided that such disclosures comply with applicable privacy laws and are subject to appropriate confidentiality and security measures.

The acquiring company will be required to honor the commitments in this Privacy Policy, unless you are notified of material changes and, where required by law, given the opportunity to consent or opt-out of new data uses.



Other disclosures.

Regardless of any choices you make regarding your Personal Information, we may disclose such information only where permitted or required by applicable law, including but not limited to:

(a) Legal investigations. If disclosure is necessary in connection with a valid legal investigation by law enforcement authorities or regulatory agencies;

(b) Legal compliance. To comply with applicable laws, court orders, subpoenas, or warrants served on us, provided that such disclosures adhere to data minimization principles;

(c) Protection of rights & property. To protect or defend our legal rights, intellectual property, or the rights and property of users of the Services;

(d) Prevention of harm or fraud. To investigate, prevent, or take action regarding illegal activities, suspected fraud, cybersecurity threats, or situations involving potential threats to the safety of any person; and

(e) Enforcement of agreements & policies. To investigate or assist in preventing violations of the law, this Privacy Policy, or any applicable agreements you have with us.



GDPR additional safeguards.

  • Any disclosure of Personal Information under this clause will be strictly assessed under the necessity and proportionality requirements of the GDPR and UK GDPR.
  • If disclosure is requested by a government authority, we will assess the legitimacy of the request and, where permitted by law, notify the affected individuals.
  • If required, we will conduct a Data Protection Impact Assessment (DPIA) before disclosing data, particularly when disclosures involve sensitive Personal Information or international data transfers.



CCPA & CPRA consumer rights protection.

  • If we disclose Personal Information in response to a legal request, we will comply with California consumer rights protections under CCPA/CPRA, including ensuring no “sale” or “sharing” of sensitive Personal Information unless required by law. The Company does not sell or transfer personal information.






Links to third-party websites & providers.


Third-party links & services.

As part of the Services, we may provide links to or integration with third-party websites, applications, or services. However, we do not control, endorse, or assume responsibility for the privacy practices, content, security, or policies of such third parties.



Scope of this Privacy Policy.

  • This Privacy Policy applies only to Personal Information that we collect, use, and process in relation to your use of our Services.
  • We encourage you to review the privacy policies of third-party websites, applications, or services before engaging with them.



Your responsibilities when using third-party services.

  • If you click on a link to a third-party website or application, their privacy policy and terms of service will govern how your data is collected and used.
  • It does not apply to information collected, stored, or processed by third-party websites, applications, or services that you may access through our Services.



GDPR considerations for third-party integrations & data sharing.

Where we integrate with third-party services (e.g., single sign-on, embedded content, APIs), we will:

  • Obtain your explicit consent if such integrations involve the processing of your Personal Information.
  • Ensure third-party service providers implement appropriate safeguards in compliance with GDPR, UK GDPR, CCPA, and PIPEDA.
  • We are not liable for third-party products, services, acts, or omissions, except where we have a legal obligation to ensure compliance with applicable privacy laws.






Your rights regarding the use of personal information.


Opting out of marketing communications.

You have the right to control how we use your Personal Information for marketing purposes. You may choose to opt-out of receiving marketing emails from us at any time. To do so, you can follow the unsubscribe instructions provided in each promotional email we send.

You also have the option to adjust your “Push Notification” preferences through yourdevice settings (e.g., iPhone settings) to stop receiving marketing communications.



Administrative emails.

Please note that, even if you opt-out of promotional communications, you may still receive administrative emails from us. These emails are necessary for the operation of the Services, such as important updates to our Privacy Policy, changes to our terms, security-related notices, and customer support communications.



Processing of unsubscribe requests.

Once you unsubscribe from promotional communications, please allow up to 10 business days for us to process your request. During this period, you may still receive promotional emails that were scheduled prior to the request being processed.



GDPR-specific information.

Under the GDPR and UK GDPR, you have the right to withdraw your consent for marketing purposes at any time, without affecting the lawfulness of processing based on consent before its withdrawal.



PIPEDA-specific information.

In compliance with PIPEDA, you may withdraw your consent for marketing purposes at any time. To do so, you can follow the instructions above to unsubscribe or modify your preferences.



Rights to access.

You have the right to request disclosure about our Personal Information collection practices over the last 12 months, including:

  • The categories of Personal Information we have collected.
  • The sources from which we collected the information.
  • You may also request a copy of the specific pieces of Personal Information we have collected about you in the last 12 months.



Rights to deletion.

You have the right to request that we delete (and direct our service providers to delete) your Personal Information, subject to certain exceptions. These exceptions may include, but are not limited to, situations where retention is necessary for legal compliance, performance of a contract, or other legal obligations.



Right to non-discrimination.

You have the right to not be discriminated against for exercising your privacy rights under applicable laws. This includes the right to access, deletion, opt-out, and any other applicable rights.



GDPR-specific rights.

If you are a resident of the European Union or the United Kingdom, you also have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR, such as:

  • Right to rectify inaccurate or incomplete information.
  • Right to restrict processing of your data in certain circumstances.
  • Right to data portability.
  • Right to object to processing for direct marketing purposes.
  • Right to withdraw consent where processing is based on consent.



PIPEDA-specific rights.

Under PIPEDA, you also have the right to access and correct your Personal Information. You may request that we correct any inaccurate or incomplete information.



Exercising rights.

For further details on how to exercise these rights, please refer to the Contact Us section below.

If you wish to exercise any of your rights under applicable data protection laws, please visit our Support Portal or send correspondence via mail to:

Foresyte, Inc.
3021 N. Southport Ave.
Chicago, IL 60657



Response time.

In most cases, we will respond to your request within 30 calendar days. However, under GDPR and UK GDPR, we may extend this period by an additional two months if the request is complex or if we have a high volume of requests. We will inform you if this extension applies.

For CCPA requests, we aim to respond within 45 days from the date of receipt, but this period may be extended by an additional 45 days when necessary, and we will notify you of any extension.

Under PIPEDA, we will respond to your request within 30 days, unless an extension is required for reasons permitted by law.






Data security.


We implement robust security measures designed to protect your information from unauthorized access, alteration, disclosure, and/or destruction. Our security measures include:

  • Using HTTPS encryption for data in transit.
  • Implementing Google Cloud IAM RBAC policies to control access to backend user data.
  • Regularly reviewing and updating our security practices and tools.


However, since the internet is not a completely secure environment, we cannot guarantee the security of any information you transmit to us or ensure that information stored on the Services will not be accessed, disclosed, altered, or destroyed due to breaches of our physical, technical, and/or managerial safeguards.

Your account is protected by your password, and we encourage you to take steps to keep your Personal Data safe by not disclosing your password and logging out after each use. Additionally, we employ technological security measures, including firewalls and secure server software, but we cannot guarantee that these measures will prevent all unauthorized access.

While we make reasonable efforts to protect your Personal Information, no security system is perfect, and we cannot guarantee the absolute security of our Services.

In the event of a data breach where your Personal Data is acquired, or reasonably believed to have been acquired, by an unauthorized person and where applicable law requires notification, we will promptly notify you in accordance with applicable law. Notification will be made via email, fax, or postal mail, as required. We will notify you promptly, consistent with the reasonable needs of law enforcement and/or Foresyte Travel to determine the scope of the breach, investigate it, and restore the integrity of the data system.






How we retain your personal information.


We will retain your Personal Information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The precise retention periods for your Personal Information vary depending on the type of information, the purposes for which it was collected, and any applicable legal or contractual obligations.

To determine the appropriate retention period for Personal Information, we consider:

  • The nature, sensitivity, and volume of the Personal Information,
  • The potential risk of harm from unauthorized use and/or disclosure of your Personal Information,
  • The purposes for which we process your Personal Information, and whether those purposes can be achieved through other means,
  • Applicable legal, regulatory, tax, accounting, or other business requirements.


In some circumstances, we may anonymize your Personal Information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may retain this anonymized data indefinitely.

We may retain information, including Personal Information, for a commercially reasonable time for backup, archival, audit purposes, and to comply with legal obligations, resolve disputes, and enforce agreements.

Please note that if you choose not to provide us with the requested Personal Information, you may be unable to use certain features of the Services.

You may request further details of retention periods for specific types of Personal Information by contacting us. We are committed to ensuring that your Personal Information is not kept longer than necessary and will take reasonable steps to securely delete or anonymize your data when no longer needed.

In the course of providing the Services, we also collect and maintain aggregated, anonymized, or de-personalized data, which may be retained indefinitely, as it is not considered Personal Information.






Use of data for third-party authentication.


When you log in using a third-party authentication provider such as Apple, Google, Facebook, or other social media services, we use the information provided by the authentication service solely for the purpose of:

  • Verifying your identity and granting access to our application.
  • Creating and managing your user account.
  • Enhancing security and preventing fraudulent access.
  • Providing a seamless login experience across devices.


We do not use the authentication data for any other purposes, such as marketing or profiling, unless you provide explicit consent. Additionally, we do not share or sell this authentication data to third parties.

Your authentication data remains subject to the privacy policies of the respective third-party provider, and we recommend reviewing their policies to understand how they process and store your information.

If you wish to revoke our access to your authentication data, you may do so through your third-party account settings or by contacting us directly.






Accessibility.


If you are visually impaired, you may access this Privacy Policy through your browser's audio reader.






Changes to this Privacy Policy.


We reserve the right to change this Privacy Policy or any agreement you entered into with Foresyte Travel from time to time. If we make significant changes to this Privacy Policy, we will notify you by sending an email to the primary email address you have provided or by posting a prominent notice on the Website and App. The revised Privacy Policy will take effect thirty (30) days after such notification, or sooner if required by applicable law.

For GDPR and UK GDPR compliance, if any changes affect the way we process your Personal Information or how we collect consent, we will obtain your explicit consent again if necessary.

Non-material changes or clarifications to this Privacy Policy will take effect immediately, but we will update the date at the top of this Privacy Policy to reflect the date of the most recent change. We encourage you to review this Privacy Policy periodically. If you do not agree with any changes, you have the right to exercise your rights as outlined in this Privacy Policy, including the right to withdraw consent or request deletion of your Personal Information.






Other jurisdictions.


Foresyte, Inc. is located in the United States. The Services are hosted in, and provided from, the United States and are primarily intended for users residing in the United States. Personal information that you submit through the Services may be transferred, processed, and stored outside of the jurisdiction in which you reside, including to the United States.

Please be aware that your Personal Information may be transferred to and processed in jurisdictions that may not have the same data protection laws as the jurisdiction in which you initially provided the information. In particular, if you are located in the European Economic Area (EEA), United Kingdom (UK), Canada, or any other region with stringent data protection laws, your data may be transferred outside your region. By providing your Personal Information to us, you explicitly consent to such international data transfers in accordance with this Privacy Policy.

We ensure that adequate safeguards are in place to protect your Personal Information, including:

  • Standard Contractual Clauses (SCCs) for data transfers between the EEA, UK, and the United States, as required by the GDPR and UK GDPR.
  • Compliance with other applicable data transfer mechanisms under the CCPA, PIPEDA, and other relevant privacy laws.



GDPR for users in the EEA and UK.

  • We adhere to the legal requirements of international data transfers, ensuring appropriate safeguards, including the use of Standard Contractual Clauses (SCCs) or other approved mechanisms as required under GDPR and UK GDPR for cross-border data transfers.
  • Your data protection rights are protected as outlined in the GDPR and UK GDPR, including the rights to access, correct, delete, restrict, or object to the processing of your Personal Information.



CCPA for users in California.

  • If applicable, you have the right to request information about the categories of Personal Information we have collected about you, to access your data, and to request the deletion of your Personal Information, subject to applicable exemptions under the CCPA.



PIPEDA for users in Canada.

  • You have the right to access your Personal Information and request corrections, as well as to file complaints with the relevant authority if you believe your Personal Information is being handled inappropriately, as outlined under PIPEDA.


We take appropriate measures to safeguard your Personal Information and comply with applicable data protection laws when transferring Personal Information across borders. If you have any concerns or questions regarding the international transfer of your data, please contact us using the contact information provided in this Privacy Policy.

If you are a resident of one of the states listed below, you may have additional rights related to your Personal Information under these state laws. This section explains your rights and how we handle your personal data in accordance with the specific requirements of these state privacy laws.



Vermont.

In accordance with Vermont law, we will not share information we collect about you with companies outside of Foresyte, Inc., except as described herein, or otherwise required or permitted by law. The Company does not sell or transfer personal information.



California.

At this time, California Privacy laws (California Consumer Privacy Act, California Privacy Rights Act) do not apply to us, but we will still protect your Personal Information as outlined in this Privacy Policy. If you feel this is incorrect, please contact us through our Support Portal. The Company does not sell or transfer personal information.



Colorado.

The Colorado Privacy Act provides Colorado residents the right to access, correct or delete data. It applies to businesses that control or process the personal data of over 100,000 Colorado residents annually or derive revenue from selling personal data. The Company does not sell or transfer personal information.



Connecticut.

The Connecticut Data Privacy Act gives residents the right to access, delete, correct, and port their personal data. It applies to businesses meeting certain data volume or revenue thresholds and enforces transparency and consent requirements. The Company does not sell or transfer personal information.



Virginia.

The Virginia Consumer Data Protection Act grants consumers rights over their personal data, including access, correction, or deletion. The Company does not sell or transfer personal information.






Jurisdictions outside of the United States.


Personal Information may be accessed, transferred, or stored by us, our affiliates, business partners, or service providers in the United States. If you are located outside the United States, please be advised that any information you provide to us may be transferred to and stored in the United States.

By submitting your information to us, you explicitly consent to the transfer and storage of your Personal Information in the United States, in accordance with this Privacy Policy.

In compliance with the General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and Personal Information Protection and Electronic Documents Act (PIPEDA), we will take all necessary steps to ensure that any Personal Information transferred internationally is protected in accordance with the applicable laws. Specifically, if required by law, we will implement appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs) for data transfers, or
  • Privacy Shield certification (if applicable) or other mechanisms for cross-border data transfers, to ensure that your data remains protected.


We are committed to protecting the privacy and security of your Personal Information and will ensure that it is processed and stored securely, regardless of where it is processed or stored.



Oversight.

If you have comments or questions about our Privacy Policy, please contact us at contact@foresyteapp.com. We will address any issue to the best of our abilities.



Contact information.

If you have any questions, comments, or complaints concerning our privacy practices, please contact us by visiting our Support Portal or send correspondence via mail to:

Foresyte, Inc.
3021 N. Southport Ave.
Chicago, IL 60657

We will attempt to respond to your request and to provide you with additional privacy-related information.