Privacy Center
At Acai Travel, we take pride in processing and safeguarding personal data with the highest security standards
Acai provides AI-powered infrastructure to travel call centers. Our privacy, security, and compliance framework is designed to support enterprise travel operations across jurisdictions, while ensuring customer and traveler data is processed strictly for service delivery.This page outlines how Acai uses data, how we use artificial intelligence, and where to find our enterprise compliance documentation.
AI Use & Data Processing
Acai uses artificial intelligence as a standard software utility to enhance the efficiency, speed, and consistency of travel management operations. AI is used exclusively to support service delivery on behalf of our customers.
How Acai Uses AI
AI-assisted processing may be used for:
- Summarizing, escalating and routing inbound emails, chats, and calls
- Drafting responses for agent review or automated delivery based on customer instructions
- Executing service actions (e.g. changes, refunds, disruptions, etc...)
All AI usage is purpose-limited to delivering the contracted services requested by our customers.
Inference-Only Processing & No-Training Commitment
Acai operates AI systems in inference-only mode:
- Customer and traveler data is processed in real time to generate an immediate output
- Data is not used to train, fine-tune, or improve any AI or machine learning models
- Data is not reused across customers or accounts
Any transition from inference-only processing to model training or fine-tuning would require an explicit customer request and separate written agreement.
How Acai Does Not Use AI
To provide clear boundaries and reduce regulatory risk, Acai AI systems are NOT used to:
Train or fine-tune shared AI models on customer or traveler data
Profile travelers or employees
Infer sensitive personal characteristics
Perform biometric identification (e.g. voiceprints or facial recognition)
Make discretionary decisions with legal or similarly significant effects without appropriate safeguards
AI-assisted processing may be used for:
- Summarizing, escalating and routing inbound emails, chats, and calls
- Drafting responses for agent review or automated delivery based on customer instructions
- Executing service actions (e.g. changes, refunds, disruptions, etc...)
All AI usage is purpose-limited to delivering the contracted services requested by our customers.
Inference-Only Processing & No-Training Commitment
Acai operates AI systems in inference-only mode:
- Customer and traveler data is processed in real time to generate an immediate output
- Data is not used to train, fine-tune, or improve any AI or machine learning models
- Data is not reused across customers or accounts
Any transition from inference-only processing to model training or fine-tuning would require an explicit customer request and separate written agreement.
How Acai Does Not Use AI
To provide clear boundaries and reduce regulatory risk, Acai AI systems are NOT used to:
Train or fine-tune shared AI models on customer or traveler data
Profile travelers or employees
Infer sensitive personal characteristics
Perform biometric identification (e.g. voiceprints or facial recognition)
Make discretionary decisions with legal or similarly significant effects without appropriate safeguards
Privacy by Design
Acai applies privacy-by-design principles across its platform and operations:
- Data minimization: only data required to deliver the service is processed
- Role-based access controls and least-privilege access
- Employee and contractor privacy and security training
- Pseudonymization or anonymization where appropriate
- Controls aligned with SOC 2 Type II requirements
Personal data is processed solely on customer instructions and in accordance with applicable data protection laws.
- Data minimization: only data required to deliver the service is processed
- Role-based access controls and least-privilege access
- Employee and contractor privacy and security training
- Pseudonymization or anonymization where appropriate
- Controls aligned with SOC 2 Type II requirements
Personal data is processed solely on customer instructions and in accordance with applicable data protection laws.
Security
Acai Travel is committed to the utmost security of your personal information through an extensive security program.
- Our data centers, powered by AWS, meet the highest standards.
- We ensure encryption both in transit and at rest, safeguarding data across our platform and at Acai Travel's endpoints.
- Our systems are fortified with advanced firewalls at both the Network and Application Layers.
- Wherever necessary, we employ data pseudonymization and anonymization to further protect your privacy.
- Continuous monitoring and logging for security and audit purposes
- Logical data isolation with separate database deployments per customer
- Optional private deployment models, including customer-specific Private Virtual Cloud (PVC/VPC) environments upon request
Acai is SOC 2 compliant and maintains an active Trust Center for security documentation and controls.
Compliance & Legal Framework
Acai operates as a data processor/service provider on behalf of its customers and supports compliance across key jurisdictions, including the European Union, United States, Canada, and Australia.
Our compliance framework includes:
- GDPR and CCPA/CPRA alignment
- A standard Data Processing Addendum (DPA)
- Defined subprocessor management and notification procedures
- Cross-border transfer safeguards
- AI vendors engaged by Acai are treated as subprocessors and are contractually bound to confidentiality, security, and no-training obligations equivalent to Acai’s own commitments.
SOC II
In July 2025, Acai Travel achieved certification for AICPA’s SOC for Service Organizations Trust Services Criteria, commonly known as SOC 2.
AI & LLMs training
Acai uses an inference-only approach by default.
Customers' data will never be used to train or fine-tune any AI algorithm, nor LLMs unless requested by the client, or completely anonymized.
Customers' data will never be used to train or fine-tune any AI algorithm, nor LLMs unless requested by the client, or completely anonymized.
We use leading LLM providers such as OpenAI and Anthropic, and we may add new ones from time to time, publishing their names on the list of subprocessors on our website (effective Q1 2024 onwards).
As examples, below are the privacy policies from OpenAI and Anthropic:
- https://support.anthropic.com/en/collections/4078534-privacy-legal
- https://openai.com/security
Data is exchanged with these providers via their APIs and never through their frontend applications. These providers do not train their models on data passed through the API.
We do not fine-tune any third-party LLMs without client's permission. If we fine-tune an internal model hosted on our cloud provider, it will only be used for that specific client and not for other Acai clients; each customer has its own fine-tuned model.
If we pre-fine-tune a generic LLM model on our servers, or if we train any standard AI algorithm, we always anonymize the data first.
We do not fine-tune any third-party LLMs without client's permission. If we fine-tune an internal model hosted on our cloud provider, it will only be used for that specific client and not for other Acai clients; each customer has its own fine-tuned model.
If we pre-fine-tune a generic LLM model on our servers, or if we train any standard AI algorithm, we always anonymize the data first.
Privacy & Compliance Documents
Please find all our Privacy & Compliancy controls at our Trust Center managed by Vanta
If you need additional information regarding Privacy at Acai Travel, we are there to hear you out at privacy@acaitravel.com
If you need additional information regarding Privacy at Acai Travel, we are there to hear you out at privacy@acaitravel.com