Privacy Policy
Last updated: 8 June 2026
In short. paxID is built around a local encrypted vault. Surnames, passport and identity-document numbers, issue dates, addresses, phone numbers, additional emails, saved payment-card details, and similar protected details are encrypted on your device and backed up to paxID only as encrypted vault data we cannot read. We keep some lower-sensitivity account, trip, and readiness data outside the vault so the app can work without asking you to unlock the vault for every check.
1. Who we are
paxID is operated by paxID LLC, a limited liability company registered in Delaware, USA. For privacy questions or rights requests, contact privacy@paxid.com. For users in the EU, EEA and UK, read this policy with our GDPR & Data Protection notice.
2. Data in your encrypted vault
Your vault contains the details you may need for travel, bookings, forms and checkout. This can include passport names and surnames, document numbers, issue dates, expiry dates, scans or document-derived fields, addresses, phone numbers, additional emails, emergency-contact details, and saved payment-card details. Vault data is encrypted on your device with keys derived from your password and, where enabled, unlocked locally with device biometrics. paxID stores only encrypted vault backups and cannot decrypt them. If you lose your password and have no valid local unlock path, we cannot recover the contents of your vault.
3. Data outside the vault
We store some data in readable form because the app needs it for account access, trip planning, requirement checks, reminders, fraud prevention, and support:
- Account data: your registered email address, account identifiers, authentication records, session records, and the first name of the main account holder.
- Requirement inputs: selected nationalities, country of birth, date of birth, and limited document metadata such as document type, issuing country and expiry date.
- Trip data: origins, destinations, transit points, dates, airports, flight numbers, hotels, booking references, and other details you add, upload, forward or confirm in the app.
- Uploaded or forwarded travel documents: screenshots, PDFs, emails, proof of accommodation, arrival-card confirmations, travel-agreement confirmations, and related parsed fields. These may include personal data and are used to prepare trip records and readiness checks.
- eSIM and wallet data: wallet balance, top-ups, eSIM installation and usage records, supported-country tier, support events, and connectivity-provider records needed to provide mobile data.
- Payments: purchase records, receipts, refund records, charge status, fraud-prevention signals and payment-processor references. Saved card details stay in the vault unless you choose to use them for a payment.
- Support, logs and device data: messages you send us, diagnostic logs, IP address, approximate location from network data, device/app version, crash or error information, and security logs.
- Waitlist and communications: email addresses and communication preferences you submit before or after launch.
We do not keep passport or identity-document numbers, document issue dates, surnames, addresses, phone numbers, additional emails, CVV codes, or saved card numbers in readable form on paxID servers as part of normal operation.
4. Optional document scanning
You may choose to scan a passport, driving licence or ID card to avoid manual entry. Scanning is optional. The app crops the document on device, sends it to a document-parsing provider for extraction, and stores the extracted travel details in your vault. We intend to configure parsing providers, such as Azure document intelligence services, so document images and intermediate processing data are not used for training and are not retained beyond processing where the provider supports that mode. You can skip scanning and enter the details manually.
5. Payments and saved cards
If you save a card, the card details are stored in your encrypted vault. When you choose to pay with a saved card, the app decrypts the card locally on your device, asks you to enter the CVV manually, and sends the payment details directly to the payment processor or payment gateway. paxID servers do not receive the unencrypted card number or CVV. The payment processor may process, tokenize, authorise, settle, refund and retain payment data under its own security and legal obligations.
6. How we use data
- To create and secure your account, authenticate you, sync encrypted vault backups, and restore your app session.
- To check entry requirements, travel documents, forms, health or transit rules, and trip readiness for journeys you create or explore.
- To parse uploaded or forwarded confirmations and let you review details before saving them to a trip.
- To complete bookings, eSIM purchases, top-ups, refunds, support requests and payment operations you request.
- To send account, booking, eSIM, security, refund, trip and service messages.
- To prevent fraud, abuse, account takeover, payment misuse and service attacks.
- To debug, maintain, improve and measure the service, using the least sensitive data practical.
- To comply with tax, accounting, sanctions, travel, payment, consumer-protection and other legal obligations.
7. When we share data
We share data only where needed for the service, where you direct us, or where the law requires it:
- Airlines, booking infrastructure, GDS/NDC providers and travel suppliers — to search, book, change, cancel, support or refund travel you choose.
- Payment processors and fraud-prevention providers — to process payments, refunds, chargebacks and payment security checks.
- eSIM and connectivity providers — to provision, operate, troubleshoot and support your eSIM and wallet usage.
- Document parsing and AI/OCR providers — to parse documents, screenshots, PDFs or emails you choose to scan, upload or forward.
- Cloud, database, storage, email, push notification, analytics, monitoring and support providers — to host, secure, observe and support paxID.
- Authorities, regulators, courts, banks or dispute bodies — where legally required or necessary to protect paxID, users or others.
- Business transfer parties — if we are involved in a merger, financing, acquisition, reorganisation or sale, subject to confidentiality and applicable law.
We do not sell your personal data. We do not use your vault contents for advertising.
8. Cookies, analytics and marketing
We may use essential cookies, local storage or similar technologies to operate the website and app. If we use optional analytics, advertising or marketing technologies that require consent in your region, we will ask for that consent before using them. You can unsubscribe from marketing emails at any time; service, security, booking, refund and account messages may still be sent where needed.
9. International transfers
paxID is operated from the United States and may use providers in the United States, United Kingdom, European Economic Area and other countries. Where personal data is transferred internationally, we use appropriate safeguards such as adequacy decisions, the EU Standard Contractual Clauses, the UK International Data Transfer Agreement or UK Addendum, data-processing agreements, transfer risk assessments, and technical safeguards such as encryption. Encrypted vault backups are transferred only in encrypted form, but they are still treated as personal data.
10. Retention
We keep personal data only as long as needed for the purposes described above. Account records are kept while your account is active and for any legally required period after closure. Encrypted vault backups, trip records, uploads, forwarded confirmations and eSIM records are kept until you delete them, delete your account, or they are no longer needed for the service, support, legal, tax, dispute or security purposes. Payment, refund, tax and fraud records may be kept longer where required by law or payment-network rules. We may keep de-identified or aggregated data that no longer identifies you.
11. Your choices and rights
You can access and correct much of your data directly in the app. You can delete vault items, trips, documents and your account. Depending on where you live, you may also have rights to access, correct, delete, port, restrict or object to processing of your personal data, and to withdraw consent where processing is based on consent. Some requests for vault data are fulfilled on your device because paxID cannot decrypt the vault. To make a request, email privacy@paxid.com.
12. Security
We use encryption in transit, encryption at rest, on-device vault encryption, access controls, logging controls and processor contracts. No system is perfectly secure. paxID's architecture is designed so a server-side compromise does not expose the readable contents of your encrypted vault backup, but plaintext account, trip, upload, forward, payment-reference, eSIM and support data outside the vault may be readable by paxID systems and must be protected separately.
13. Children and family travel
paxID is not directed to children under 16, and children may not create their own accounts unless local law allows it and a parent or guardian provides any required consent. Adults may store details for children or other travellers they are authorised to manage. If you add another person's data, you are responsible for having the right to do so.
14. Changes and contact
We may update this policy as the product, providers and law evolve. We will revise the date above and notify you of material changes where required. Questions: privacy@paxid.com.