PRIVACY POLICY

Prepared Travel
Effective Date: February 11, 2026


1. Introduction


Prepared Travel (“Prepared Travel,” “we,” “us,” or “our”) is committed to protecting your privacy and handling personal information responsibly.


This Privacy Policy explains how we collect, use, disclose, retain, and safeguard personal information when you access or use our website, digital tools, AI-powered services, travel consultation services, and related offerings (collectively, the “Services”).


The Services are intended primarily for users located in the United States.


By using the Services, you acknowledge the practices described in this Privacy Policy.


2. Categories of Personal Information We Collect


We may collect the following categories of personal information:


A. Identifiers

  • Name


  • Email address


  • Shipping address


  • IP address


  • Device identifiers


B. Commercial Information

  • Order history


  • Transaction details


  • Billing metadata


C. Internet or Network Activity

  • Browser type


  • Device type


  • Pages visited


  • Referring URLs


  • Interaction data


D. User-Provided Inputs

  • Allergy selections


  • Dietary preferences


  • Language selections


  • Travel preferences


  • Communications


E. Sensitive Information (Limited Context)


Allergy and dietary preference selections may, in certain jurisdictions, be considered health-related or sensitive information.


Prepared Travel is not a medical provider and does not collect medical records, diagnostic information, treatment records, prescription data, insurance information, or clinical health data.


Allergy selections are collected solely to generate communication materials and related outputs. We do not use allergy-related information for medical profiling, insurance underwriting, or targeted advertising.


3. How We Use Personal Information


We may use personal information to:


  • Provide and deliver the Services


  • Generate allergy cards and AI audio outputs


  • Process payments


  • Fulfill orders


  • Maintain user accounts


  • Provide customer support


  • Improve functionality and performance


  • Detect fraud or misuse


  • Enforce our Terms of Service


  • Send transactional communications


  • Send marketing communications (where permitted by law)


Where required by applicable law (including GDPR), we rely on one or more of the following legal bases:


  • Performance of a contract


  • Legitimate business interests


  • Compliance with legal obligations


  • Consent


4. AI Service Providers and Model Training


We may use third-party artificial intelligence service providers to generate translations, audio outputs, and related functionality.


We do not use your personal information, allergy selections, travel preferences, or user inputs to train public or third-party artificial intelligence models.


Where we use AI service providers, we rely on API-based services that contractually restrict the use of submitted data for model training purposes.


We may use de-identified and aggregated information to improve our Services.


5. Payment Processing


Payments are processed by third-party payment processors (e.g., Stripe).


Prepared Travel does not store full credit card numbers.


We may retain:


  • Transaction identifiers


  • Tokenized payment references


  • Fraud detection signals


  • Billing metadata


for fraud prevention, recordkeeping, analytics, and customer support.


6. Cookies and Tracking Technologies


We may use cookies and similar technologies for:


  • Essential website functionality


  • Security and fraud prevention


  • Performance analytics


  • Advertising measurement (where applicable)


If we use third-party analytics or advertising technologies (such as Google Analytics, Meta Pixel, or similar services), certain device identifiers and browsing activity may be disclosed to those providers.


Under certain U.S. state privacy laws, this type of disclosure may be considered “sharing” for cross-context behavioral advertising.


We do not knowingly sell or share allergy-related or sensitive preference data for cross-context behavioral advertising.


You may control cookies through your browser settings.


Where required by applicable law, we will provide appropriate consent or opt-out mechanisms for non-essential cookies.


California residents may request to opt out of the sale or sharing of personal information by contacting us at justin@prepared.travel.


If we engage in cross-context behavioral advertising in the future, we will provide a clear “Do Not Sell or Share My Personal Information” mechanism as required by law.


7. Disclosure of Personal Information


We may disclose personal information to:


  • Payment processors


  • Hosting providers


  • Printing and fulfillment vendors


  • AI service providers


  • Email service providers


  • Analytics providers


  • Professional advisors (legal, accounting)


  • Law enforcement or regulators when required by law


We do not sell personal information for monetary consideration.


8. Subprocessors


Prepared Travel may engage third-party service providers (“Subprocessors”) to assist in delivering the Services, including hosting providers, payment processors, analytics providers, AI service providers, and fulfillment vendors.


Subprocessors are contractually required to process personal information only for authorized purposes and to implement appropriate data protection safeguards.


A current list of material Subprocessors is available upon written request.


9. Data Retention


We retain personal information only as long as reasonably necessary for legitimate business or legal purposes, including:


  • Account data: retained until you delete your account or request deletion


  • Order and transaction records: retained for accounting, tax, and fraud prevention purposes (generally up to seven (7) years)


  • AI configuration selections: retained to allow order history and re-download functionality unless deleted


  • Marketing data: retained until you opt out


We may retain certain information longer if required by law, to resolve disputes, or to enforce agreements.


10. Data Minimization


We collect only the personal information reasonably necessary to provide the Services.


We do not collect medical diagnoses, treatment records, prescription information, insurance data, or clinical health records.


Allergy selections are limited to user-entered preferences necessary to generate communication materials.


11. Consumer Health Data (Washington and Similar Laws)


To the extent allergy or dietary preference information is considered “consumer health data” under applicable state laws (including Washington’s My Health My Data Act), Prepared Travel processes such information solely to provide user-directed communication tools.


We do not sell consumer health data.


We do not use consumer health data for targeted advertising.


12. HIPAA and Healthcare Providers


Prepared Travel is not a “covered entity” or “business associate” as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) unless expressly agreed in a separate written Business Associate Agreement.


The Services are consumer-directed tools and are not designed to store or manage clinical medical records.


If Prepared Travel enters into a written Business Associate Agreement with a healthcare provider, additional data protection obligations may apply.


13. Educational Institutions


Prepared Travel may be used by parents, guardians, or educational institutions.


Unless expressly agreed in writing, Prepared Travel does not act as a “school official” under the Family Educational Rights and Privacy Act (“FERPA”).


Parents or guardians remain responsible for providing student information.


If required by contract, we may enter into appropriate data processing agreements with educational institutions.


14. International Transfers


If you access the Services from outside the United States, your information may be transferred to and processed in the United States.


By using the Services, you consent to such transfers.


Where required by law, we implement reasonable safeguards for cross-border data transfers.


15. California Privacy Rights (CCPA / CPRA)


If you are a California resident, you may have the right to:


  • Know what personal information we collect


  • Know what categories of personal information are disclosed


  • Request deletion


  • Request correction


  • Opt out of the sale or sharing of personal information


  • Limit use of sensitive personal information (where applicable)


  • Not be discriminated against for exercising your rights


Prepared Travel does not sell personal information for monetary consideration.


To exercise your privacy rights, contact:

justin@prepared.travel


We may verify your identity before processing requests.


16. European Economic Area / United Kingdom


If you are located in the EEA or UK, you may have rights under GDPR, including:


  • Access


  • Rectification


  • Erasure


  • Restriction of processing


  • Data portability


  • Objection to processing


Prepared Travel acts as a data controller for personal information processed under this Privacy Policy.


You may lodge a complaint with your local supervisory authority.


17. Eligibility and Minors


The Services are intended for individuals who are at least eighteen (18) years of age.


We do not knowingly collect personal information directly from individuals under 18.


If a parent or legal guardian uses the Services on behalf of a minor, the parent or guardian is responsible for providing information and supervising the minor’s use.


If you believe we have collected personal information directly from an individual under 18 without appropriate authorization, please contact us and we will take appropriate steps to delete such information.


18. Data Security


We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, or destruction.


These safeguards include, where appropriate:


  • Encryption of data in transit using industry-standard protocols


  • Encryption of sensitive data at rest


  • Access controls limiting data access to authorized personnel


  • Secure hosting environments


  • Monitoring and fraud detection measures


We conduct periodic reviews of our security practices appropriate to the size and nature of our business.

However, no method of transmission over the Internet or method of electronic storage is completely secure. We cannot guarantee absolute security.


In the event of a data breach affecting personal information, we will provide notice as required by applicable law.


19. Data Processing Agreements


If Prepared Travel provides Services to an organization subject to specific regulatory or contractual requirements, we may enter into a written data processing agreement or other appropriate contractual safeguards upon request.


20. Third-Party Links


The Services may contain links to third-party websites.


We are not responsible for the privacy practices of third parties.


21. Changes to This Privacy Policy


We may update this Privacy Policy from time to time.


The Effective Date above reflects the most recent revision.


Continued use of the Services after updates constitutes acceptance of the revised Policy.


22. Contact Information


Prepared Travel
justin@prepared.travel
(224) 707-8502