Privacy Policy

1. Introduction

Aeriva respects your privacy and processes personal data in compliance with the General Data Protection Law (LGPD — Law No. 13.709/2018). By using our website, app, or services, you declare that you have read this policy.

We collect only the data necessary to operate bookings, personalize your experience (when authorized), and improve our products. We do not sell your personal data.

2. Who we are (data controller)

The controller of personal data processed on this platform is:

Legal name

Aeriva Tecnologia Ltda.

CNPJ

64.205.398/0001-85

Data Protection Officer (DPO)

privacidade@aeriva.com.br

3. Data we collect

We may collect the following categories of data:

Identification: full name, CPF (Brazilian tax ID), date of birth (when required for a booking).
Contact: email, phone, and WhatsApp.
Travel: searched destinations, dates, accommodation preferences, and booking history.
Payment: data processed by certified partners (PCI). Aeriva does not store full card numbers.
Communication: messages sent to the AI planner, WhatsApp, or support.
Technical: IP address, browser, device, cookies, and usage events. See also our Cookie Policy.
AI preferences (optional): trip memories, travel style, and restrictions voluntarily provided.

We do not intentionally collect sensitive data such as racial origin, religious beliefs, or genetic/biometric data, except when voluntarily provided in optional fields.

4. Purposes and legal bases

We use your data to:

Purpose	Legal basis (LGPD)
Create an account and process bookings	Contract performance (Art. 7, V)
Email and WhatsApp confirmations	Contract performance (Art. 7, V)
Marketing and promotions	Consent (Art. 7, I) — opt-in
AI personalization (planner)	Consent (Art. 7, I)
Analytics and product improvement	Legitimate interest (Art. 7, IX)
Tax and legal obligations	Legal obligation (Art. 7, II)

Marketing and AI personalization are opt-in— revocable at any time in your account settings.

5. Sharing with third parties

We share data only when necessary, with processors bound by data protection agreements (DPAs):

Payment and anti-fraud processors
Hotels, airlines, and partners
Email, SMS, and WhatsApp providers
Cloud infrastructure and AI tools
Public authorities, when required by law

Some providers may process data outside Brazil. We adopt contractual clauses and technical measures compatible with the LGPD.

6. Data retention

We keep your data only for as long as necessary:

Booking and identificationup to 5 years after the last transaction

Travel preferencesup to 2 years or while the account is active

Logs and analyticsup to 90 days

Conversations (WhatsApp / AI)up to 18 months

AI memorywhile the account exists or until revocation

7. Your rights (LGPD)

You may request, at any time and at no cost (Art. 18 of the LGPD):

Confirmation and access to your data

Correction of outdated data

Deletion or anonymization

Portability to another provider

Information about sharing

Withdrawal of consent

Objection to legitimate interest

We respond within 15 days. Send requests to privacidade@aeriva.com.br.

8. Cookies and similar technologies

We use essential cookies for login and security, as well as analytics cookies (with consent when required). Details in our Cookie Policy.

9. Security

We use encryption in transit (TLS), access controls, environment segregation, and continuous monitoring. Payments are processed by PCI DSS partners — Aeriva does not store full card data.

In the event of a relevant incident, we will notify the ANPD and affected data subjects as required by law.

10. Changes to this policy

Material changes will be communicated by email or notice on the website. The current version will always be on this page, with the date shown at the top.

11. Contact and complaints

Questions about privacy or exercising your rights: