Legal
Kynect is committed to protecting the privacy and security of personal information. This policy explains how we collect, use, disclose, and safeguard personal data.
Section 1
Kynect Pte. Ltd. (incorporated in Singapore) operates a technology platform that enables conversational AI agents to search live travel inventory in real time and complete direct bookings by connecting directly to Customers' property management systems, reservation systems, and other backend systems.
This Privacy Policy applies to:
Section 2
| Category | Examples of Data | Who Controls | Grevon's Role |
|---|---|---|---|
| Customers & their staff | Name, job title, business email, phone, billing details, login credentials, IP address | Kynect | Controller |
| Guests (travellers) | Name, email, phone, passport/ID (if required), booking details, preferences, special requests, secure payment token | Customer (hotel/airline/etc.) | Processor |
| Payment / Cardholder data | Full card details are NEVER seen or stored by Kynect. We use PCI-DSS Level 1 payment processors that return only a secure token. | PCI-compliant payment processor | Service Provider (no access to raw card data) |
| Website & Platform visitors | Cookies, device info, IP address, browsing behaviour (via analytics) | Kynect | Controller |
When an AI Agent makes a booking we receive and temporarily process: identity & contact details, travel dates, room/flight/experience preferences, special requests and accessibility needs, and a secure payment token (never full card details). We only process this data on your documented instructions and in accordance with our Data Processing Agreement.
Section 3
Kynect never receives, transmits, or stores full payment card numbers, expiry dates, or CVV codes. All card data is collected in a PCI-DSS-compliant iframe or redirected flow operated by our licensed, PCI-DSS Level 1 payment processors. They return only a secure, non-sensitive token that we store and use on your behalf to process the booking and any subsequent refunds or charges.
We use only essential cookies and privacy-friendly analytics tools. All analytics are configured with IP address anonymisation, no data sharing with third parties for advertising purposes, no cross-site or cross-device tracking for marketing, and no use of data for personalised advertising.
Section 4
When Kynect is controller we rely on: contract performance, legitimate interests (security, fraud prevention, service improvement), legal obligations, and consent (where we ask for optional marketing or non-essential cookies).
When we act as processor for Guest data, we process only on the lawful basis chosen by you (the controller).
Section 5
We do not sell personal data. We only share where necessary:
| Recipient | Purpose |
|---|---|
| Kynect group companies & authorised staff | Internal administration and support |
| Cloud hosting & infrastructure providers | Secure storage and operation of the Platform |
| PCI-DSS payment processors | Payment collection and tokenisation |
| Sub-processors (analytics, email, support, monitoring) | Service delivery and improvement |
| Professional advisors & auditors | Legal and compliance |
| Regulators or law enforcement | When legally required |
Section 6
Data may be processed in Singapore, Australia, the EU, or the United States. Transfers outside the EEA, UK, or other adequately-protected jurisdictions are protected by Standard Contractual Clauses (SCCs), supplementary measures (encryption, pseudonymisation), and Binding Corporate Rules (where applicable).
Section 7
| Data Type | Retention Period |
|---|---|
| Customer account data | Duration of the contract + 5 years (for tax, accounting, audit and legal purposes) |
| Guest booking data | Up to 5 years from date of guest departure or completion of the relevant transaction |
| Payment tokens | Retained only while the Customer needs them for refunds, recurring bookings or as required by law |
| Logs & backups | Maximum 12 months, then securely deleted or anonymised |
Section 8
| You Are A… | Rights | How to Exercise |
|---|---|---|
| Customer or staff | Full rights under PDPA, GDPR, CCPA, etc. (access, correction, deletion, restriction, portability, objection) | privacy@kynect.direct |
| Guest / Traveller | Rights exercised against the hotel/airline/tour operator (the controller) | Contact the property directly |
| Website visitor | Manage cookies and request data deletion | privacy@kynect.direct |
Section 9
Section 10
The Platform is not directed at children under 16. We do not knowingly collect personal data from children without verifiable parental consent (which would be obtained by the Customer).
Section 11
We may update this Policy from time to time. Material changes will be notified to Customers by email and to Guests via the booking confirmation flow. The latest version is always at www.grevon.ai.
Section 12
Privacy Officer
Kynect Pte. Ltd.
Email: privacy@kynect.direct
If you are unhappy with our response you may lodge a complaint with the Personal Data Protection Commission (PDPC) in Singapore or your local data-protection authority.