Travel Stacks LLC
Privacy Policy
Last updated: May 17, 2026
This Privacy Policy describes how Travel Stacks LLC ("TravelStacks", "we", "us", or "our") collects, uses, and shares information about you when you use the TravelStacks platform at travelstacks.com.
We process your personal data only where we have a lawful basis to do so. The basis depends on the processing activity: performing the contract you have with us (claim processing, account management), complying with a legal obligation, protecting our legitimate interests, or your explicit consent where required. Each section below identifies the applicable basis.
1. Information We Collect
1.1 Information You Provide Directly
When you use TravelStacks, you provide us with information including:
- (a)Name: your first and last name, used to submit claims on your behalf and communicate with you;
- (b)Email address: used for account authentication, claim updates, and transactional communications;
- (c)Phone number: used to send claim status alerts via SMS and, optionally, to verify your identity;
- (d)Flight information: flight number, departure date, departure and arrival airports, and any other details relevant to your claim;
- (e)Booking information: confirmation numbers, e-ticket numbers, and booking references;
- (f)Supporting documents: boarding passes, receipts for expenses (meals, hotel, transport), and any other documents you choose to upload in connection with a claim;
- (g)Payment information: when you pay the $19 flat fee, your payment card details are collected and processed by Stripe. TravelStacks does not store raw card numbers.
1.2 Information Collected Automatically
When you visit the TravelStacks website, we automatically collect certain technical information, including:
- (a)Device and browser information: browser type and version, operating system, device type;
- (b)Usage data: pages visited, time spent on pages, referral URLs, click patterns, and other interaction data;
- (c)IP address: used for security, fraud prevention, and geographic analysis;
- (d)Cookies and similar tracking technologies: see Section 9 for details.
1.3 Information from Third Parties
We may receive information about you from third parties in connection with operating the Service, including:
- (a)Flight data providers: flight status, departure and arrival times, delay information, and disruption data from aviation data services;
- (b)Authentication providers: account information from Clerk, our authentication provider, including your name and email if you sign in via a third-party identity provider (such as Google).
2. Why We Collect Your Information
Lawful bases we rely on
- Contract performance (GDPR Art. 6(1)(b)): processing your claim, managing your account, transactional communications.
- Consent (GDPR Art. 6(1)(a)): marketing emails (opt-in), SMS alerts (opt-in checkbox), analytics cookies (via cookie banner). You can withdraw consent at any time.
- Legal obligation (GDPR Art. 6(1)(c)): retaining claim records for statutory limitation periods, responding to regulatory inquiries.
- Legitimate interest (GDPR Art. 6(1)(f)): fraud prevention, security, service improvement (using anonymized data).
2.1 Claim Processing
The primary purpose for which we collect personal information is to process flight compensation claims on your behalf. This includes submitting claims to airlines, escalating through regulatory channels, and disbursing recovered funds.
Lawful basis: Performance of a contract.
Lawful basis: Performance of a contract.
2.2 Account Management
We use your information to create and maintain your account, authenticate your identity, and provide you with access to your claim history and status.
Lawful basis: Performance of a contract.
Lawful basis: Performance of a contract.
2.3 Communications
We use your email address and phone number to send you:
Lawful basis: Performance of a contract (transactional). Consent (marketing emails, which you can withdraw at any time).
- (a)Transactional messages: claim submission confirmations, status updates, requests for additional documentation, and disbursement notifications;
- (b)Service alerts: Flight Watch notifications if you have set up monitoring on an upcoming flight;
- (c)Account messages: verification emails, password resets, and account security notifications.
Lawful basis: Performance of a contract (transactional). Consent (marketing emails, which you can withdraw at any time).
2.4 Security and Fraud Prevention
We use technical information (including IP addresses and usage patterns) to protect the security of the platform, detect and prevent fraudulent activity, and enforce our Terms of Service.
Lawful basis: Legitimate interest (security and fraud prevention).
Lawful basis: Legitimate interest (security and fraud prevention).
2.5 Analytics and Service Improvement
We use aggregated and anonymized usage data to understand how passengers use the platform, improve the user experience, and develop new features. Analytics cookies require your consent, which is obtained via our cookie consent banner before any analytics scripts load.
Lawful basis: Consent (analytics cookies, via cookie banner). Legitimate interest (anonymized internal analytics).
Lawful basis: Consent (analytics cookies, via cookie banner). Legitimate interest (anonymized internal analytics).
2.6 Legal Compliance
We may use and retain your information to comply with applicable laws, respond to legal process, and protect the rights of TravelStacks, our users, and third parties.
Lawful basis: Legal obligation.
Lawful basis: Legal obligation.
How we obtain consent
- Marketing emails: You must actively opt in. We do not send marketing emails based on claim submission alone.
- SMS alerts: You check an explicit consent box when submitting a claim or signing up for Flight Watch. We record when you consented and through which form.
- Analytics cookies: A cookie consent banner is shown before any analytics scripts load. You can accept or decline each category independently.
- Transactional communications: Implied by your use of the service (claim confirmation, verification, status updates). These do not require separate consent as they are necessary to deliver the contract.
3. How We Share Your Information
3.1 Airlines
When you submit a claim, we share your name, contact information, flight details, and any supporting documentation with the relevant airline as required to process your claim. Sharing with the airline is essential to the Service and cannot be avoided.
3.2 Regulatory Bodies
If your claim is escalated to a regulatory body (such as the US Department of Transportation, a European National Enforcement Body, or the UK Civil Aviation Authority), we share the information necessary to file and prosecute the complaint.
3.3 Stripe (Payment Processing)
Payment card information is processed by Stripe, Inc. When you pay the $19 flat fee, your card details are transmitted directly to Stripe and are subject to Stripe's Privacy Policy (stripe.com/privacy). TravelStacks receives a payment token and confirmation but does not store raw card numbers.
3.4 Clerk (Authentication)
Account authentication is handled by Clerk. Your account credentials and authentication data are stored by Clerk and subject to Clerk's Privacy Policy. TravelStacks receives your user ID and basic profile information from Clerk to manage your account on our platform.
3.5 Service Providers
We engage third-party service providers to help operate the platform. Key service providers include:
These providers access personal data only as necessary to perform services on our behalf and are bound by appropriate data protection agreements. For a complete list of subprocessors including data categories, locations, and DPA status, see our Subprocessors page.
- -Vercel Inc. (hosting and serverless infrastructure);
- -Neon Inc. (PostgreSQL database);
- -Clerk Inc. (authentication and identity management);
- -Stripe Inc. (payment processing);
- -Resend Inc. (transactional email delivery);
- -Telnyx LLC (SMS delivery);
- -MailerLite (newsletter and marketing email delivery);
- -Anthropic PBC (AI responses in the Phoenix chat assistant, see Section 3.8);
- -Google LLC / GA4 (analytics, subject to your cookie consent);
- -Ahrefs Pte Ltd (web analytics, subject to your cookie consent).
These providers access personal data only as necessary to perform services on our behalf and are bound by appropriate data protection agreements. For a complete list of subprocessors including data categories, locations, and DPA status, see our Subprocessors page.
3.6 No Sale of Data
TravelStacks does not sell, rent, or trade your personal information to third parties for their own marketing or commercial purposes.
3.7 Legal Requirements and Protection of Rights
We may disclose personal information if required by law, subpoena, court order, or other legal process, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of TravelStacks, our users, or others.
3.8 Phoenix Chat Assistant and Anthropic API
TravelStacks offers Phoenix, an AI chat assistant, powered by Anthropic's Claude API. Messages you send in Phoenix are transmitted to Anthropic PBC to generate responses.
What Phoenix does and does not see:
We recommend you avoid typing full names, booking references, passport numbers, or payment details directly into the Phoenix chat.
What Phoenix does and does not see:
- -Phoenix receives the full text of your conversation messages as you type them.
- -If you are signed in and have an active case, Phoenix also receives your case status, airline, flight number, and estimated compensation. It does not receive your name, email address, phone number, or payment details from your account.
- -We do not knowingly send passport numbers, national ID numbers, payment card numbers, or government-issued identifiers to the Anthropic API.
- -Conversation content may be retained by Anthropic in accordance with their data policy. See: anthropic.com/legal/privacy
We recommend you avoid typing full names, booking references, passport numbers, or payment details directly into the Phoenix chat.
4. Data Retention
4.1 Retention During Active Claims
We retain personal data for the duration of any active claim and for a minimum of 3 years after a claim is resolved, closed, or cancelled.
4.2 Extended Retention for EU and UK Claims
For EU261 and UK261 claims, we may retain relevant data for up to 6 years to align with the applicable limitation periods, allowing us to respond to any disputes or regulatory inquiries.
4.3 Account Data
If you close your TravelStacks account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or to complete any pending claims or legal obligations.
4.4 Anonymized Data
After the applicable retention period, personal data may be converted to anonymized, aggregated form that cannot be used to identify you. Anonymized data may be retained indefinitely for analytics and service improvement purposes.
5. Your Rights and Choices
5.1 Access
You may download a copy of all personal information TravelStacks holds about you at travelstacks.com/dashboard/privacy/my-data (requires sign-in). Exports are available immediately and rate-limited to one per hour. You may also request access by emailing support@travelstacks.com. We will respond within 30 days.
5.2 Correction
You may update your name and profile information directly at travelstacks.com/dashboard/profile. To request correction of historical data (such as claim records), use the correction request form on that page or email support@travelstacks.com. We will respond within 30 days.
5.3 Deletion
You may request deletion of your account and personal data at travelstacks.com/dashboard/privacy/delete (requires sign-in). If you have an active claim, you may choose to continue the claim and schedule deletion for 30 days after completion, or cancel the claim and begin deletion within 30 days. Deletion requests are processed within 30 days of receipt or claim completion, subject to legal retention obligations.
5.4 SMS Messaging Program
Travel Stacks operates an SMS messaging program for flight alerts, compensation claim status updates, and account verification. You opt in by providing your phone number and checking the consent box on travelstacks.com/flight-watch or during claim submission. Message frequency varies based on the type of program: typically 1 to 5 messages per tracked flight, and 3 to 7 messages per active compensation claim. Message and data rates may apply. Reply HELP for help. Reply STOP to cancel at any time. You may also opt out by emailing support@travelstacks.com.
Partial account information in SMS: To help you identify the context of a message, SMS notifications sent by TravelStacks may reference partial account information, such as a truncated claim reference number, the last few characters of a flight number, or a partial departure date. This information is included solely to help you associate the message with your account and is not used for any other purpose.
Mobile information sharing: Mobile information (phone numbers and opt-in status) collected for the SMS messaging program will not be shared with third parties or affiliates for marketing or promotional purposes. We share mobile information only with the service providers necessary to deliver the messages (Telnyx for SMS delivery), and only as needed to operate the program. No mobile information is sold, rented, or used for any purpose unrelated to the SMS messaging program.
Partial account information in SMS: To help you identify the context of a message, SMS notifications sent by TravelStacks may reference partial account information, such as a truncated claim reference number, the last few characters of a flight number, or a partial departure date. This information is included solely to help you associate the message with your account and is not used for any other purpose.
Mobile information sharing: Mobile information (phone numbers and opt-in status) collected for the SMS messaging program will not be shared with third parties or affiliates for marketing or promotional purposes. We share mobile information only with the service providers necessary to deliver the messages (Telnyx for SMS delivery), and only as needed to operate the program. No mobile information is sold, rented, or used for any purpose unrelated to the SMS messaging program.
5.5 California Privacy Rights
California residents may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. TravelStacks does not sell personal information. To exercise your CCPA rights, contact support@travelstacks.com.
5.6 European and UK Data Subject Rights
If you are located in the European Economic Area or the United Kingdom, you may have additional rights under the GDPR or UK GDPR, including the right to data portability and the right to lodge a complaint with a supervisory authority. To exercise these rights, contact support@travelstacks.com.
6. Data Security
6.1 Security Measures
TravelStacks implements reasonable technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, and destruction. These include encryption in transit (HTTPS/TLS), access controls, and secure handling of credentials.
6.2 Limitation
No security measure is perfect. While we take data security seriously, we cannot guarantee that unauthorized third parties will never circumvent our security measures. If you become aware of any security vulnerability affecting the Service, please notify us promptly at support@travelstacks.com.
7. Third-Party Links
7.1 External Links
The Service may contain links to airline websites, regulatory body websites, and other third-party resources. TravelStacks is not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.
8. Children's Privacy
8.1 Not Directed at Children
The Service is not directed at, and we do not knowingly collect personal information from, children under the age of 13. If we learn that we have collected personal information from a child under 13 without parental consent, we will delete that information promptly.
9. Cookies and Tracking Technologies
9.1 What We Use
TravelStacks uses the following types of cookies and tracking technologies:
- (a)Essential cookies: required for the platform to function, including authentication session cookies managed by Clerk;
- (b)Analytics cookies: used to understand how visitors interact with the site (aggregated, non-personally-identifiable data);
- (c)Preference cookies: used to remember user settings, such as A/B test variant assignments stored in localStorage.
9.2 Your Cookie Choices
You may disable cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service, including account authentication.
10. Changes to This Policy
10.1 Policy Updates
TravelStacks reserves the right to update this Privacy Policy at any time. We will post the updated Policy at travelstacks.com/privacy with a revised "Last updated" date. For material changes, we will provide notice via email where practicable. Your continued use of the Service after an update constitutes acceptance of the revised Policy.
11. Contact Us
11.1 Privacy Inquiries
For questions, concerns, or requests related to this Privacy Policy or your personal data:
Email: support@travelstacks.com
Company: Travel Stacks LLC
Location: Petaluma, CA, USA
We aim to respond to all privacy-related inquiries within 30 days of receipt.
Legal Review Notice
This Privacy Policy is provided as a framework and should be reviewed by qualified legal counsel before reliance. TravelStacks is not a law firm and this document does not constitute legal advice.