Privacy Center
At Acai Travel, we take pride in processing and safeguarding personal data with the highest security standards
Privacy By Design
At Acai Travel, stringent privacy safeguards are integrated into every level of our product development.
- Personal data access is carefully restricted, adhering to a stringent 'need-to-know' policy.
- Comprehensive training in data privacy and information security is mandatory for all our employees and contractors.
- We are committed to minimal personal data collection, limiting it to what is absolutely necessary for the efficient functioning of our platform.
You can find more about our Privacy By Design principles in the Product Privacy Statement and in the Website Privacy Policy documents.
Security
Acai Travel is committed to the utmost security of your personal information through an extensive security program.
- Our data centers, powered by AWS, meet the highest standards.
- We ensure encryption both in transit and at rest, safeguarding data across our platform and at Acai Travel's endpoints.
- Our systems are fortified with advanced firewalls at both the Network and Application Layers.
- Wherever necessary, we employ data pseudonymization and anonymization to further protect your privacy.
Checkout Security at Acai Travel to learn more.
Compliance at Acai Travel
Acai Travel’s commitment to data privacy and security is embedded in every part of our business. This page outlines the high-level details for several of the frameworks, regulations, and certifications that apply to our company and its products.
GDPR and CCPA
The European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) each creates a standard privacy framework to which all compliant businesses must adhere, creating clarity and transparency for individuals.
In compliance with GDPR and CCPA, Acai Travel offers every customer a high standard Data Processing Addendum (DPA) baseline that specifies our processes, our obligations and restrictions related to our data processing. For large enterprise customers we also work with their legal team should they need amendments to our standard DPA.
SOC II
In Q1 2024, Acai Travel will achieve certification for AICPA’s SOC for Service Organizations Trust Services Criteria, commonly known as SOC 2.
AI & LLMs training
Customers' data will never be used to train or fine-tune any AI algorithm, nor LLMs unless requested by the client, or completely anonymized.
We use leading LLM providers such as OpenAI and Anthropic, and we may add new ones from time to time, publishing their names on the list of subprocessors on our website (effective Q1 2024 onwards).
As examples, below are the privacy policies from OpenAI and Anthropic:
Data is exchanged with these providers via their APIs and never through their frontend applications. These providers do not train their models on data passed through the API.
We do not fine-tune any third-party LLMs without client's permission. If we fine-tune an internal model hosted on our cloud provider, it will only be used for that specific client and not for other Acai clients; each customer has its own fine-tuned model.
If we pre-fine-tune a generic LLM model on our servers, or if we train any standard AI algorithm, we always anonymize the data first.
Privacy & Compliance Documents
If you need additional information regarding Privacy at Acai Travel, we are there to hear you out at privacy@acaitravel.com
If you want to know more about how we ensure our platform & services are compliant, you can reach out to us at compliance@acaitravel.com