Legal

Security

Last updated June 30, 2026

VoyaTravel is designed to protect the travel information, documents, messages, memories, and account details you choose to store with us. This page explains the security practices we use to help safeguard your data and the steps you can take to keep your account protected.

If you believe you have found a security issue, contact us at security@voyatravel.ai.

1. Data protection

We use encryption and access controls to help protect your information.

  • Information sent between your device and VoyaTravel is encrypted in transit using HTTPS/TLS.
  • Customer data is encrypted at rest in our databases and file storage systems.
  • Files stored in your document vault are not exposed through public links. When access is needed, files are delivered through short-lived, signed URLs.

2. Infrastructure security

  • VoyaTravel uses reputable cloud infrastructure providers with data centers that maintain physical security controls and undergo independent third-party audits.
  • We do not store customer data on employee laptops or in physical office systems.
  • Access to production systems is limited to authorized personnel based on job responsibilities and least-privilege principles.

3. Account protection

We use multiple safeguards to help protect user accounts.

  • Passwords are not stored in plain text. We store only salted password hashes.
  • Optional two-factor authentication may be enabled through email one-time codes, so a password alone is not enough to access your account.
  • Security-sensitive account features may require additional verification.
  • If you believe your account has been accessed without permission, you should change your password immediately and contact us.

4. Document vault security

The VoyaTravel document vault is designed for sensitive travel files such as passports, IDs, tickets, confirmations, and related documents.

  • You may protect sensitive documents using supported device biometrics, such as Face ID, Touch ID, fingerprint authentication, or WebAuthn-based authentication.
  • Where biometric access is unavailable, vault access may be supported through an emailed one-time code or a backup passcode.
  • Backup passcodes are generated once and shown only to you. We store only a hashed version and cannot recover the original passcode for you.

5. Sharing controls

VoyaTravel gives you control over how trip information is shared.

  • You decide which people may access shared trips or trip details.
  • You can control which parts of a trip are visible to invited companions.
  • You may revoke access to shared trips or links when you no longer want them available.
  • You should only share trips, documents, or links with people you trust.

6. Monitoring and logging

We log important service events to help monitor the health, performance, reliability, and security of VoyaTravel.

  • Significant system or security events may trigger alerts for appropriate personnel.
  • Logs are protected against unauthorized access.
  • Our logging practices are designed to avoid collecting sensitive personal information where it is not needed for security, debugging, or service operation.

7. Software security

We apply security-focused practices throughout our software development process.

  • Code changes are reviewed before release.
  • Security risks are considered when designing, building, and modifying features.
  • Dependencies are reviewed and updated as appropriate.
  • We work to reduce the risk of introducing vulnerabilities through peer review, testing, and operational monitoring.

8. AI and third-party processor controls

Some VoyaTravel features may use trusted third-party processors, including AI providers, to support travel parsing, destination enrichment, summaries, or other service functionality.

  • Access to third-party processors is limited to the information reasonably necessary for the requested task.
  • We do not send your password to AI processors.
  • We do not send document vault files to AI processors for these purposes.
  • Third-party processors are expected to handle data according to applicable contractual, privacy, and security obligations.

9. Responsible disclosure

If you believe you have discovered a vulnerability or security weakness, please report it privately to security@voyatravel.ai.

When submitting a report, include enough detail for us to understand and reproduce the issue, such as affected pages, steps taken, screenshots where appropriate, and the potential impact.

We ask that you give us a reasonable opportunity to investigate and address the issue before making any public disclosure.

We appreciate responsible reports from security researchers and users who help us keep VoyaTravel safe.

10. What you can do to protect your account

You can help keep your account secure by taking a few simple precautions.

  • Use a strong, unique password that you do not reuse on other services.
  • Enable two-factor authentication in Account → Security.
  • Lock sensitive documents in your document vault.
  • Store your backup passcode somewhere safe.
  • Share trips only with people you trust.
  • Revoke trip links or companion access when they are no longer needed.
  • If you suspect unauthorized access, change your password immediately and contact us at security@voyatravel.ai.
PrivacySecurityTerms© 2026 VoyaTravel