Privacy Policy

Who We Are

Camli.com (“Camli”, “we”, “us”, or “our”) is an IATA-accredited travel agency incorporated in the State of New Jersey, USA (parent company: Planet Aero LLC). We provide domestic and international flight booking services by leveraging consolidator fares from our airline partners. Our registered business address is: Planet Aero LLC, 2 Harmon Meadow Blvd, Secaucus, NJ 07094, USA.

By using our website, mobile app, or telephone booking service, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and handling your data transparently.

Information We Collect

We collect information you provide directly to us and data generated through your use of our service:

How We Use Your Data

We process your personal data only for the following lawful purposes:

• •To fulfil your booking: Processing payments, issuing e-tickets, and communicating booking confirmations and changes
• •To provide customer support: Responding to your queries, managing changes, cancellations, and refund requests
• •Legal compliance: Meeting IATA requirements, anti-money laundering obligations, and government travel regulations
• •Safety and fraud prevention: Detecting and preventing fraudulent transactions and unauthorised account access
• •Service improvement: Analysing usage patterns to improve our website and booking experience (using anonymised data)
• •Marketing (with consent only): Sending deal alerts and promotional emails only if you have opted in. You can unsubscribe at any time.

Data Sharing

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

• •Airlines: Passenger name, passport details, and contact information are shared with the ticketing airline as required by IATA and aviation law
• •Payment processors: Payment data is processed by our PCI-DSS Level 1 certified payment partner. We do not store card numbers
• •Government authorities: Where legally required (e.g., API — Advance Passenger Information — for border control purposes)
• •Service providers: Limited data may be shared with cloud hosting, analytics, and customer service platforms under strict data processing agreements
• •Legal requirements: We may disclose information when required by law or to protect our legal rights

Cookies

We use cookies to improve your experience. Essential cookies are necessary for the website to function and cannot be disabled. Analytics and marketing cookies are only set with your consent via our cookie banner.

• •Essential cookies: Session management, security tokens, booking state
• •Analytics cookies: Anonymous usage statistics via Google Analytics
• •Preference cookies: Remembering your language, currency, and search preferences

You can manage cookie preferences at any time through your browser settings or our Cookie Preferences centre.

Data Retention

We retain your personal data only as long as necessary:

• •Booking records: 7 years from the booking date (required by tax law and IATA regulations)
• •Account data: For the duration of your account plus 2 years after closure
• •Marketing data: Until you unsubscribe or request deletion
• •Technical logs: Up to 90 days

Your Rights

Under GDPR and US state privacy laws (CCPA, VCDPA), you have the following rights regarding your personal data. To exercise any right, contact us at [email protected]:

• •Right to access: Request a copy of all personal data we hold about you
• •Right to rectification: Request correction of inaccurate or incomplete data
• •Right to erasure: Request deletion of your data (subject to legal retention requirements)
• •Right to restrict processing: Ask us to limit how we use your data in certain circumstances
• •Right to data portability: Receive your data in a structured, machine-readable format
• •Right to object: Object to processing based on legitimate interests or for direct marketing
• •Right to withdraw consent: Withdraw marketing consent at any time by unsubscribing or contacting us

We will respond to all requests within 30 days. We may need to verify your identity before fulfilling a request.

Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction, including:

• •256-bit SSL/TLS encryption for all data in transit
• •AES-256 encryption for sensitive data at rest
• •PCI-DSS Level 1 certified payment processing
• •Regular security audits and penetration testing
• •Role-based access control for all staff systems
• •Two-factor authentication required for all team accounts

Children's Privacy

Our services are not directed to children under 18 years of age. We do not knowingly collect personal information from anyone under 18 without verifiable parental consent. If you believe a child has provided us with personal information, please contact us at [email protected] and we will delete it promptly.

International Transfers

As a travel company, we necessarily transfer passenger data to airlines and their systems around the world. Such transfers are governed by IATA data protection rules and specific airline data processing agreements. Where data is transferred outside the USA or the EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).

Policy Changes

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email and by displaying a prominent notice on our website. The “last updated” date at the top of this policy will always reflect the most current version. Continued use of our services after changes constitutes acceptance of the updated policy.