Pack.

Privacy Policy

Showing a cached copy due to a network issue. Refresh when you’re back online for the latest version.

Effective Date: April 2, 2026

Introduction

This Privacy Policy explains how DoneAI, Inc. ("DoneAI," "we," "us," or "our") collects, uses, discloses, and retains personal information in connection with the DoneAI website, mobile applications, marketing pages, TSA wait-time pages, account features, waitlist and contact forms, and related communications and services (collectively, the "Services").

Scope

This Privacy Policy applies to personal information we collect through the Services and in related communications with you. It does not apply to third-party websites, services, products, or platforms that have their own privacy policies.

Information We Collect

Information You Provide Directly

Depending on how you use the Services, we may collect:

  • Contact and account information: such as your name, email address, phone number, mailing information, login credentials, and profile details.
  • Connected travel and profile information: information you choose to provide or connect through the Services, such as government-issued ID (e.g., passport, driver’s license, Social Security number), travel confirmations, itineraries, traveler details, contents of emails, calendar data, uploaded screenshots or documents, notes, contacts, photos, gender, or location signals you enable (including precise geolocation).
  • Communications and submissions: messages, feedback, support requests, survey responses, form submissions, and other information you choose to send us.
  • Search, booking-interest, and marketing information: airport searches, travel preferences, booking inquiries, attribution parameters, and your preferences regarding newsletters, promotions, and similar communications.
  • Third-party login information: if you choose to sign in using Google, we and our identity or authentication providers may receive information made available through that login flow, such as your Google account identifier, name, email address, profile image, and authentication and session metadata needed to maintain your login.

Information Collected Automatically

We and our service providers may automatically collect:

  • Device, browser, and app information: such as browser type, operating system, device type, language, approximate geolocation based on IP, referring URLs, and similar technical information.
  • Usage and log information: such as pages or screens viewed, searches, clicks, conversions, feature usage, timestamps, session events, error logs, request metadata, and security signals.
  • Cookies and similar technologies: such as cookies, local storage, session storage, SDKs, pixels, and similar tools used to remember settings, maintain sessions, measure traffic, support analytics and marketing preferences, and protect the Services.

Information From Third Parties

We may receive information from:

  • identity and authentication providers, including Google and our identity infrastructure providers;
  • analytics, advertising, fraud-prevention, and security providers;
  • communications, customer support, or marketing providers;
  • travel suppliers, payment processors, or travel partners if you ask us to help facilitate a booking or related service; and
  • public, official, licensed, or partner travel-information sources for content displayed on the Services.

Sensitive Information

Some information you provide or connect may be considered sensitive under certain laws, such as connected email content, travel documents, traveler identity details, or precise geolocation if you enable it. We use this information only to provide, secure, support, and improve the Services, or as otherwise permitted by law. Please provide only the information necessary for your use of the Services or your request to us.

How We Use Information

We may use personal information to:

  • provide, operate, maintain, personalize, and improve the Services;
  • create and manage accounts and sessions, including authenticating users who sign in with Google;
  • process connected or uploaded content to generate summaries, reminders, recommendations, and other AI-assisted outputs you request;
  • display, maintain, and improve public travel-information features such as TSA wait-time pages;
  • respond to support requests, inquiries, privacy requests, and other communications;
  • send service messages, security notices, newsletters, promotions, and other marketing communications consistent with your choices and applicable law;
  • measure website, app, and marketing performance, including signups, conversions, and campaign effectiveness where permitted by your consent or applicable law;
  • facilitate travel-related requests or future partner-assisted bookings that you ask us to support;
  • analyze usage, debug issues, detect fraud, prevent abuse, protect the security of the Services, and enforce our agreements; and
  • comply with legal obligations and protect our rights and the rights of others.

Use of AI Technologies

DoneAI uses AI systems and technologies, and in some cases third-party AI processors acting on our behalf, to analyze the content you provide to the Services (“Input”) and generate new information and content (“Output”) for various user-facing features. We may also use Input and Output to improve our products and technology, including by training or fine-tuning the AI models that power such tools.

Deidentified Information

Finally, we may deidentify or anonymize your information such that it cannot reasonably be used to infer information about you or otherwise be linked to you (“deidentified information”) (or we may collect information that has already been deidentified/anonymized), and we may use deidentified information for any purpose. To the extent we possess or process any deidentified information, we will maintain and use such information in deidentified form and not attempt to re-identify the information, except for the purpose of determining whether our deidentification process satisfies legal requirements.

Legal Bases for Processing

If you are located in the European Economic Area, the United Kingdom, Brazil, or another jurisdiction that requires a legal basis for processing, we process personal information under one or more of the following bases: performance of a contract with you, your consent, our legitimate interests, compliance with legal obligations, and, in limited circumstances, vital interests or public interest. Where processing is based on consent, you may withdraw that consent at any time, subject to lawful processing already performed.

Cookies and Other Tracking Technologies

We use cookies, pixels, and other tracking technologies for several purposes:

  • Essential technologies: to operate the Services, remember your settings, keep you signed in, preserve session state, and secure the Services.
  • Analytics technologies: to understand how people use the Services and improve it.
  • Advertising or conversion measurement technologies: to market to you and measure marketing and signup performance where you have consented or where otherwise permitted by law.

Depending on your location, settings, and marketing practices, providers may include analytics, attribution, advertising, remarketing, social-media, affiliate, audience, and conversion-measurement services, and we may change or add providers over time.

Some forms or public endpoints may use Google reCAPTCHA or similar anti-abuse technology to help protect the Services from spam, bots, and abuse. Use of reCAPTCHA is subject to the Google Privacy Policy (https://policies.google.com/privacy) and Google Terms of Service (https://policies.google.com/terms).

If you so choose, you may block or delete certain tracking technologies from your browser; however, blocking or deleting cookies may cause some of the Services, including login features and general functionality, to work incorrectly. Your browser settings may allow you to transmit a “Do Not Track” signal, “opt-out preference” signal or other mechanism for exercising your choice regarding the collection of your information when you visit various websites. Our website recognizes the Global Privacy Control (GPC) signal, which enables you to opt-out of certain uses or disclosures of your information. If you notify us of your preference through GPC, we will honor your request only for the browser or device that sends the GPC signal.

You may also opt out of the collection and use of information for interest-based advertising by advertisers that are part of certain industry alliances, including through tools offered by the National Advertising Initiative, the Digital Advertising Alliance or the European Interactive Digital Advertising Alliance, by clicking the links provided.

How We Share Information

We may disclose personal information in the following circumstances:

  • Service providers and processors: with vendors and contractors who help us host, secure, analyze, operate, market, or support the Services.
  • Identity and authentication providers: to support sign-in, session management, fraud prevention, and account security.
  • Analytics and advertising partners: for analytics, conversion measurement, targeted advertising, and related marketing purposes consistent with your settings and applicable law.
  • Travel suppliers and partners: if and when you ask us to help facilitate a travel booking, booking inquiry, or related travel service.
  • Legal and safety reasons: when required by law, legal process, or governmental request, or when we believe disclosure is necessary to protect users, DoneAI, or others.
  • Business transfers: in connection with a merger, acquisition, financing, reorganization, asset sale, or similar transaction, including in the context of a bankruptcy proceeding or other restructuring matter.
  • At your direction: when you ask us to share information or clearly direct us to do so.

We may also share deidentified or otherwise non-personal information for lawful business purposes.

Data Security and Retention

We use reasonable administrative, technical, and organizational safeguards designed to protect personal information. However, no method of transmission, storage, or processing is completely secure, and we cannot guarantee absolute security.

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to operate and maintain the Services, maintain account and session integrity, provide support, comply with legal obligations, resolve disputes, enforce our agreements, and protect security. If you delete your account, disconnect a data source, or ask us to delete information, we will delete or anonymize it within a reasonable period subject to backup, legal, fraud-prevention, audit, and similar retention needs. We may retain deidentified information for longer periods.

Your Privacy Rights

Depending on where you live, you may have rights to:

  • request access to personal information we hold about you and obtain details about what personal information we have collected about you, including the categories of personal information, the categories of sources from which the information was collected, the business or commercial purposes for collecting, selling or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you;
  • request correction of inaccurate personal information;
  • request deletion of personal information, subject to legal exceptions;
  • request portability of certain information;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • opt out of the sale of personal information or the sharing or processing of personal information for targeted advertising; and
  • Limit our use of your sensitive personal information.

To exercise privacy rights, contact support@itsdoneai.com or use our privacy request page. We may need to verify your identity before fulfilling your request.

We will not retaliate or discriminate against you for exercising any of these rights. Further information may be needed to verify your identity before exercising these rights, such as your email address or government issued ID. Depending on your location, you may be able to designate, in writing or through a power of attorney document, an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require that the agent provide proof you have authorized them to act on your behalf, and we may need you to verify your identity directly with us.

If we deny your request, you may have the right to appeal our decision by contacting us through the methods described in the section below, Contact Us. When you submit a request or launch an appeal, we will limit our collection of your information to only what is necessary to securely fulfil your request or process your appeal. We will not require you or your authorized agent to pay a fee for the verification of your request or appeal. You may also have the right to complain to your local data protection authority about how we process your personal data.

California Residents

This section applies to you if you are a resident of California and we process personal information about you that is subject to the California Consumer Privacy Act (“CCPA”). For purposes of this section, references to “personal information” shall include “sensitive personal information” as defined under the CCPA.

Processing of Personal Information

In the preceding 12 months, we collected and disclosed to service providers (as described in the How We Share Information section above) the following categories of personal information and sensitive personal information (denoted by *):

  • Identifiers
  • Personal information categories listed in the California Customer Records*
  • Characteristics of protected classifications under California or federal law
  • Commercial information
  • Internet or other similar network activity
  • Geolocation data (including precise geolocation*, if you choose to enable it)
  • Inferences drawn from other personal information
  • Government identifiers*
  • Account access credentials*
  • Contents of email*

The categories of sources from which we collect your personal information and the specific purposes for which we collect and disclose your personal information, are described in the sections above, Information We Collect, How We Use Information, and How We Share Information, respectively. The criteria we use to determine how long to retain your personal information is described in the section above, Data Security and Retention.

Sensitive Personal Information

While we generally only use and disclose sensitive personal information for purposes specified in the CCPA or otherwise in line with your consent, to the extent sensitive personal information is included in Input or Output, we may use it to improve our products and technology, including by training or fine-tuning the AI models that power such tools. To opt out of our use of your sensitive personal information for this purpose, please use our Your Privacy Rights page.

Selling/Sharing Personal Information

While we do not sell personal information in the traditional sense, we disclose (and have disclosed in the preceding 12 months) the following categories of personal information for marketing and analytics purposes with analytics and advertising partners in a manner that may be considered “selling” or “sharing” as those terms are defined under the CCPA: identifiers, Internet or similar network activity, geolocation information (such as IP address) and inferences drawn from other personal information. However, we have no actual knowledge that we have “sold” or “shared” the personal information of individuals under 16 years of age. To opt out of such sharing, please use our Do Not Sell or Share My Personal Information page.

California Rights

In addition to the rights described in the section above, Privacy Rights, that are applicable to California residents, we provide California residents with the ability to opt out of the disclosure of their personal information to third parties for the third parties’ direct marketing purposes under the California “Shine the Light” law at no cost. To exercise this right, please contact support@itsdoneai.com or use our Do Not Sell or Share My Personal Information page.

International Data Transfers

We may process personal information in the United States and other countries where we or our service providers operate. If you access the Services from outside the United States, your information may be transferred to countries with different data protection laws. Where required, we use appropriate safeguards for those transfers.

Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us and we will take appropriate steps.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will use reasonable efforts to notify you (such as by emailing you at the last email address you provided us or by posting notice of such changes on the Services) and will take additional steps as required by applicable law. Your continued use of the Services after the updated policy becomes effective means you accept the revised policy to the extent permitted by law.

Contact Us

If you have questions about this Privacy Policy or want to exercise a privacy right, contact us at:

Email: support@itsdoneai.com

Mailing Address: DoneAI, 584 Castro St, Suite #4036, San Francisco, CA 94114