Privacy Policy

Last Updated: December 24, 2024

1. Introduction

Odynn Traveler DNA ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our loyalty program email parsing service.

2. Information We Collect

2.1 Gmail Account Information

When you connect your Gmail account, we collect:

Your email address
Email messages from recognized airline and hotel loyalty programs
Email metadata (subject, sender, date received)

2.2 Parsed Loyalty Program Data

We extract and store the following from loyalty program emails:

Miles/points balances
Elite status tier information
Qualification progress (miles/nights to next tier)
Account summary dates

2.3 Technical Information

OAuth tokens for Gmail access (encrypted)
IP address and browser information
Service usage logs

3. How We Use Your Information

We use the collected information to:

Parse and display your loyalty program data in a unified dashboard
Provide real-time updates when new loyalty emails arrive
Maintain and improve our service
Troubleshoot technical issues
Send service-related notifications (optional)

4. Gmail API Use and Scope Limitations

Odynn Traveler DNA's use of information received from Gmail APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

We only access emails from recognized loyalty program senders
We do not read, store, or process personal emails unrelated to loyalty programs
Email content is only used for loyalty data extraction and is not shared with third parties
We request read-only access—we never send, delete, or modify your emails

5. Data Storage and Security

We implement industry-standard security measures to protect your data:

OAuth tokens are encrypted at rest
All data transmission uses HTTPS/TLS encryption
Access to databases is restricted and monitored
Regular security audits and updates

6. Data Retention

We retain your data as follows:

Loyalty program data: Stored while your account is active
Gmail access tokens: Stored until you revoke access
Service logs: Retained for 90 days

7. Data Sharing and Disclosure

We do NOT sell your personal information. We may share data only in these limited circumstances:

With your consent: When you explicitly authorize sharing
Legal requirements: When required by law or to protect our rights
Service providers: With trusted partners who help operate our service (under strict confidentiality agreements)

8. Your Rights and Controls

You have the right to:

Access: View all data we've collected about you
Delete: Request deletion of your account and all associated data
Revoke access: Disconnect your Gmail account at any time via Google Account settings
Export: Download your loyalty program data
Opt-out: Disable email notifications

9. Revoking Access

You can revoke Odynn Traveler DNA's access to your Gmail account at any time:

Visit Google Account Permissions
Find "Odynn Traveler DNA" in the list
Click "Remove Access"

Upon revocation, we will stop accessing your Gmail and delete your OAuth tokens within 24 hours.

10. Third-Party Services

We use the following third-party services:

Google Gmail API: For email access (subject to Google's privacy policy)
Supabase: For secure data storage
Vercel: For application hosting

11. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect information from children.

12. International Data Transfers

Your data may be processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the service. Continued use after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@odynn.com
Support: support@odynn.com

15. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale (note: we do not sell personal information)
Right to non-discrimination for exercising privacy rights

16. GDPR Compliance (EU Users)

For users in the European Union, we comply with GDPR requirements:

Legal basis: Processing is based on your consent
Data portability: You can export your data in machine-readable format
Right to be forgotten: You can request complete deletion of your data
Data protection officer: Contact dpo@odynn.com