Privacy Policy

Last updated: January 2026

1. Introduction

Northrock ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our travel itinerary platform and related services.

This policy applies to users worldwide. We comply with applicable data protection laws including the General Data Protection Regulation (GDPR) for users in the European Economic Area, the UK GDPR, the California Consumer Privacy Act (CCPA), and other applicable privacy regulations.

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email address, password)
  • Profile information (business name, contact details)
  • Payment information (processed securely by our payment providers)
  • Itinerary content you create (travel plans, client information, supplier details)
  • Communications with us (support requests, feedback)

2.2 Information Collected Automatically

  • Device information (browser type, operating system, device identifiers)
  • Usage data (pages visited, features used, time spent on platform)
  • IP address and approximate location
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Send administrative messages, updates, and security alerts
  • Respond to your comments, questions, and support requests
  • Analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues and fraud
  • Comply with legal obligations

4. Legal Basis for Processing (EEA/UK Users)

For users in the European Economic Area and United Kingdom, we process your personal data based on:

  • Contract performance: To provide our services to you
  • Legitimate interests: To improve our services and communicate with you
  • Legal compliance: To meet our legal obligations
  • Consent: Where you have given explicit consent for specific processing

5. Information Sharing

We may share your information with:

  • Service providers: Third parties that help us operate our platform (hosting, payment processing, analytics)
  • Business transfers: In connection with a merger, acquisition, or sale of assets
  • Legal requirements: When required by law or to protect our rights
  • With your consent: When you have given explicit permission

We do not sell your personal information to third parties.

6. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data processing agreements with our service providers
  • Compliance with applicable data transfer regulations

7. Data Retention

We retain your personal information for as long as necessary to provide our services and fulfill the purposes described in this policy. When you delete your account, we will delete or anonymize your information within 30 days, unless we are required to retain it for legal purposes.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data
  • Portability: Receive your data in a portable format
  • Restriction: Request limitation of processing
  • Objection: Object to certain processing activities
  • Withdraw consent: Where processing is based on consent

To exercise these rights, please contact us at hello@northrock.travel.

9. Cookies

We use cookies and similar technologies to enhance your experience. These include:

  • Essential cookies: Required for the platform to function
  • Analytics cookies: Help us understand how you use our services
  • Preference cookies: Remember your settings and preferences

You can manage cookie preferences through your browser settings.

10. Security

We implement appropriate technical and organizational measures to protect your personal information, including encryption, access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure.

11. Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our platform and updating the "Last updated" date. Your continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Email: hello@northrockhq.com

For users in the EEA, you also have the right to lodge a complaint with your local data protection authority.