Kynect is committed to protecting the privacy and security of personal information. This Privacy Policy explains how Kynect collects, uses, discloses, and safeguards personal data when you interact with the Kynect Platform as a Customer (hotel, airline, tour operator, etc.), as a Guest booking through an AI Agent, or as a visitor to our websites.
1. Who We Are and Scope
Kynect Pte. Ltd. (incorporated in Singapore) operates a technology platform that enables conversational AI agents to search live travel inventory in real time and complete direct bookings by connecting directly to Customers’ property management systems, reservation systems, and other backend systems.
This Privacy Policy applies to:
2. Categories of Personal Data and Our Role
|
Category |
Examples of data |
Who controls the data? |
Kynect’s role |
|---|---|---|---|
|
Customers & their staff |
Name, job title, business email, phone, billing details, login credentials, IP address |
Kynect |
Controller |
|
Guests (travellers) |
Name, email, phone, passport/ID (if required), booking details, preferences, special requests, secure payment token |
Customer (hotel/airline/etc.) |
Processor |
|
Payment / Cardholder data |
Full card details are NEVER seen or stored by Kynect. We use PCI-DSS Level 1 payment processors that return only a secure token. |
PCI-compliant payment processor |
Service Provider (no access to raw card data) |
|
Website & Platform visitors |
Cookies, device info, IP address, browsing behaviour (via analytics) |
Kynect |
Controller |
3. What Personal Data We Collect and Why
A. From Customers (hotels, airlines, tour operators, etc.) – Kynect is the controller We collect: name, business contact details, payment/billing information, API credentials, usage data, support tickets. Purpose & lawful basis:
B. From Guests – The Customer remains the controller, Kynect is the processor When an AI Agent makes a booking we receive and temporarily process:
Purpose: to transmit the booking request, collect payment, and write the confirmed reservation directly into your system. We only process this data on your documented instructions and in accordance with our Data Processing Agreement.
C. Payment data Kynect never receives, transmits, or stores full payment card numbers, expiry dates, or CVV codes. All card data is collected in a PCI-DSS-compliant iframe or redirected flow operated by our licensed, PCI-DSS Level 1 payment processors. They return only a secure, non-sensitive token that we store and use on your behalf to process the booking and any subsequent refunds or charges.
D. Website & Platform visitors We use only essential cookies and privacy-friendly analytics tools. All analytics are configured with:
4. Lawful Bases (GDPR, PDPA, CCPA and equivalent laws)
When Kynect is controller we rely on:
When we act as processor for Guest data, we process only on the lawful basis chosen by you (the controller).
5. How We Share Personal Data
We do not sell personal data. We only share where necessary with:
|
Recipient |
Purpose |
|---|---|
|
Kynect group companies & authorised staff |
Internal administration and support |
|
Cloud hosting & infrastructure providers |
Secure storage and operation of the Platform |
|
PCI-DSS payment processors |
Payment collection and tokenisation |
|
Sub-processors (analytics, email, support, monitoring) |
Service delivery and improvement |
|
Professional advisors & auditors |
Legal and compliance |
|
Regulators or law enforcement |
When legally required |
6. International Data Transfers
Data may be processed in Singapore, Australia, the EU, or the United States. Transfers outside the EEA, UK, or other adequately-protected jurisdictions are protected by:
7. Data Retention
|
Data Type |
Retention Period |
|---|---|
|
Customer account data |
Duration of the contract + 5 years (for tax, accounting, audit and legal purposes) |
|
Guest booking data |
We retain Guest Booking Data only for as long as it is necessary to fulfil the purposes for which the data was collected, or as required or permitted by applicable laws. Booking Data is typically retained for up to five (5) years from the date of the guest’s departure or the completion of the relevant transaction. This period allows us to meet our legal, tax, accounting, audit, compliance, and dispute-resolution obligations. |
|
Payment tokens |
Retained only while the Customer needs them for refunds, recurring bookings or as required by law |
|
Logs & backups |
Maximum 12 months, then securely deleted or anonymised |
8. Your Rights
Depending on your location and our role:
|
You are a… |
Rights (access, correction, deletion, restriction, portability, objection, etc.) |
How to exercise |
|---|---|---|
|
Customer or staff |
Full rights under PDPA, GDPR, CCPA, etc. |
|
|
Guest / Traveller |
Rights exercised against the hotel/airline/tour operator (the controller) |
Contact the property directly |
|
Website visitor |
Manage cookies and request data via the same email |
We respond to valid requests within one month (or sooner if required by law).
9. Security & PCI Compliance
10. Children
The Platform is not directed at children under 16. We do not knowingly collect personal data from children without verifiable parental consent (which would be obtained by the Customer).
11. Changes to this Policy
We may update this Policy from time to time. Material changes will be notified to Customers by email and to Guests via the booking confirmation flow. The latest version is always at: www.kynect.direct
12. Contact Us
Privacy Officer Kynect Pte. Ltd. Email: privacy@kynect.direct
If you are unhappy with our response you may lodge a complaint with the Personal Data Protection Commission (PDPC) in Singapore or your local data-protection authority.
