Moonshot Travel — We watch your trips and rebook you when prices drop

PRIVACY POLICY

How we handle your data

Last updated: April 22, 2026

What we collect

When you use Moonshot Travel, we collect:

  • Account data — email, name, and authentication details via Clerk
  • Travel preferences — home airport, preferred airlines, cabin class, travel style
  • Booking history — flights you book through us, tracked via Duffel
  • Chat messages — conversations with Mission Control to provide personalized recommendations
  • Device information — platform, push notification tokens for fare alerts

How we use it

  • Search and book flights on your behalf
  • Monitor prices on your booked flights every 15 minutes
  • Detect fare drops and notify you of rebooking opportunities
  • Execute rebooks when you confirm (saving you money)
  • Personalize flight suggestions based on your history
  • Improve our fare prediction models using anonymized, aggregated data

Third parties

We share data with these services to operate Moonshot Travel:

  • Duffel — flight search, booking, and rebooking (receives your travel details and passenger information)
  • Stripe — payment processing (receives payment details; we never store card numbers)
  • Anthropic — AI-powered chat assistant (receives conversation content to generate responses)
  • Clerk — authentication (manages your sign-in credentials)
  • Expo — push notifications for iOS (receives device tokens)

We do not sell your data. We do not serve ads. We do not share your information with data brokers.

Data retention

We keep your data for as long as your account is active. Chat history is retained for 12 months. Booking records are kept for 7 years (tax and legal compliance). You can delete your account at any time from Settings — this removes your profile, preferences, and chat history. Booking records required for legal compliance are retained in anonymized form.

Your rights

Regardless of where you live, you can:

  • Access all data we hold about you
  • Correct inaccurate information
  • Delete your account and associated data
  • Export your data in a portable format
  • Opt out of non-essential data processing

GDPR (EU/EEA): You have the right to data portability, restriction of processing, and to lodge a complaint with your local supervisory authority.

CCPA (California):You have the right to know what data we collect, request deletion, and opt out of data sales (we don't sell data).

Security

All data is encrypted in transit (TLS) and at rest. Authentication is handled by Clerk with industry-standard security practices. Payment data is processed by Stripe and never touches our servers. Database access is restricted and audited.

Contact

Questions about your data? Email support@msos.ai.