Legal
Privacy Policy
Last updated: 28 June 2026
Travelist helps groups plan trips, shortlist destinations, and book flights and hotels together — without losing the thread in the group chat. This policy explains what personal data we collect, why we collect it, who we share it with, and the rights you have over it. It applies to our website at thetravelist.uk and the Travelist mobile app (together, the “Service”).
The short version
- We collect what we need to run your account, plan trips with your group, and complete bookings — nothing we don’t.
- We never sell your personal data.
- Card payments are handled by Stripe; we don’t store your full card number.
- You can access, correct, export, or delete your data at any time — see Your rights.
1. Who we are
Travelist is a trading name of AGBO Ventures Ltd (“Travelist”, “we”, “us”, or “our”), the company that provides the Service. For the purposes of UK data protection law — including the UK GDPR and the Data Protection Act 2018 — AGBO Ventures Ltd is the “data controller” of the personal data described in this policy. Our registered details are in Contact us.
2. Information we collect
Information you give us
- Account details. When you sign up we collect your email address. You can sign in with a magic link sent to your email, or with your Apple or Google account.
- Profile details. Your name, home airport, preferred currency, and any profile photo you add.
- Traveller & passport details. To complete a booking we collect details such as your given name, family name, title, date of birth, and gender. You enter these once and reuse them across bookings.
- Payment details. When you book, your card payment is processed by Stripe. We receive confirmation and limited details (such as the last four digits and card type) but we do not store your full card number.
- Trip & group content. Groups you create or join, destinations you save or shortlist, votes and preferences, chat messages you send within a group, and your bookings. Content you share in a group is visible to other members of that group.
- Communications. Anything you send us when you contact support or give feedback.
Information we collect automatically
- Usage data.How you interact with the Service — pages and screens you view, features you use, and actions you take — collected through our analytics provider, PostHog.
- Device & technical data. Information such as your device type, browser, approximate location inferred from your IP address, and identifiers needed to keep you signed in.
- Diagnostic data. If something breaks, we collect error and crash reports (through Sentry) to diagnose and fix it.
Information from third parties
- Sign-in providers. If you sign in with Apple or Google, we receive basic profile information such as your name and email address, in line with the permissions you grant.
- Other group members. When someone invites you to a trip, we receive the information needed to add you to that group.
3. How we use your information
We use your personal data to:
- create and manage your account and keep you signed in;
- let you plan trips, build shortlists, vote, chat, and coordinate with your group;
- search for and complete flight and hotel bookings, and process payments and refunds;
- send you booking confirmations and service-related messages;
- provide customer support and respond to your requests;
- keep the Service secure, prevent fraud and abuse, and debug problems;
- understand how the Service is used so we can improve it; and
- comply with our legal and regulatory obligations.
4. Our legal bases
Under the UK GDPR we only process your personal data where we have a lawful basis to do so. Depending on the activity, our basis is one of the following:
- Performance of a contract— to provide the Service you have asked for, including managing your account and completing your bookings.
- Legitimate interests— to secure, maintain, analyse, and improve the Service, and to prevent fraud, provided your rights do not override those interests.
- Consent— for optional analytics cookies and any marketing messages. You can withdraw consent at any time.
- Legal obligation— where we must keep records (for example, financial records) or respond to lawful requests.
7. International data transfers
Some of our service providers may process your data outside the United Kingdom. Where they do, we make sure appropriate safeguards are in place — such as UK adequacy regulations, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses with the UK Addendum — so your data stays protected to UK standards.
8. How long we keep your data
We keep your personal data for as long as your account is active and for a reasonable period afterwards. Some records — such as booking and payment records — are kept longer where we need them to meet legal, accounting, or regulatory obligations. When data is no longer needed, we delete it or anonymise it.
9. Keeping your data secure
We use appropriate technical and organisational measures to protect your personal data, including encryption in transit, access controls, and trusted infrastructure providers. No method of transmission or storage is completely secure, so we cannot guarantee absolute security — but we work to protect your data and to notify you and the relevant authority if a reportable breach occurs.
10. Your rights
Under UK data protection law you have the right to:
- access a copy of the personal data we hold about you;
- ask us to correct inaccurate or incomplete data;
- ask us to delete your data in certain circumstances;
- restrict or object to how we process your data;
- receive your data in a portable format, or have it transferred to another provider;
- withdraw consent at any time, where we rely on consent; and
- complain to a supervisory authority.
To exercise any of these rights, contact us at hey@agboventures.com. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk, though we’d appreciate the chance to put things right first.
You can also delete your account and its associated data yourself — see Delete your account.
11. Children
The Service is intended for adults and is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Third-party links
The Service may link to third-party websites and services we don’t control — including travel suppliers and maps. This policy doesn’t cover their practices, so we encourage you to read the privacy policies of any third party you interact with.
13. Changes to this policy
We may update this policy from time to time. When we make material changes, we’ll update the “Last updated” date above and, where appropriate, let you know through the Service. Please check back periodically.
14. Contact us
If you have questions about this policy or how we handle your data, get in touch:
- Data controller
- AGBO Ventures Ltd (trading as Travelist)
- hey@agboventures.com
- Registered office
- Flat 53, Fairlie House, 76 Brunner Road, E17 7GA
- Company number
- 16788082