Privacy Policy

Version 2.0 · Data controller: Trilla Inc. (Delaware)

Last updated: July 9, 2026

Trilla Inc. (“Trilla,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal information of users of our website, applications, software, APIs, platforms, tools and related services (collectively, the “Platform”). This Privacy Policy explains how Trilla collects, uses, processes, shares and protects personal information when you access or use the Platform. It applies to Users located in the United States, Latin America and other jurisdictions where Trilla operates, and is incorporated into and forms part of Trilla’s Terms of Use. By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy.

1. Introduction and Scope

Trilla is a travel optimization technology platform that helps users make more informed travel decisions by analyzing information related to travel preferences, flights and travel options, loyalty programs, points and miles, rewards balances, credit card benefits, referral opportunities and other travel-related information.

Trilla operates as a technology platform and recommendation layer. Trilla does not issue airline tickets, process travel bookings, operate flights, provide banking services, issue credit cards, process credit applications, or hold custody of miles or points. Transactions completed with airlines, hotels, loyalty programs, banks, credit card issuers or other Third Parties are governed by those Third Parties’ privacy policies and terms.

2. Definitions

  • “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identified or identifiable individual (also referred to as personal data or personally identifiable information).
  • “Sensitive Personal Information” means categories that receive additional protection under certain privacy laws, including financial information, account credentials, precise location information, certain identifiers, and other categories defined by applicable law.
  • “User Data” means information provided by Users, collected through the Platform, obtained through authorized integrations, generated through Platform usage, or derived from User interactions.
  • “De-Identified Information” means information processed so that it cannot reasonably be used to identify an individual.
  • “Connectivity Provider” means a Third-Party service (such as Plaid Inc.) that facilitates secure connections between Users and their external financial, bank, credit card or loyalty accounts.
  • “Third Parties” means airlines, hotels, loyalty programs, financial institutions, credit card issuers, payment processors, connectivity providers, analytics providers, advertising providers, technology vendors and other external entities.

3. Information We Collect

We collect information from several sources: directly from Users; automatically through Platform usage; through authorized integrations and Connectivity Providers; from service providers and partners; and from Third Parties.

3.1 Information You Provide Directly

Account Information: name, email address, phone number, country or region, password or authentication information, account and communication preferences.

Travel Information: origin and destination airports, travel dates, cabin and traveler preferences, search history, travel interests, and preferred airlines or hotels.

Loyalty Program Information: airline and hotel loyalty program names, membership identifiers, loyalty tiers, points or miles balances, expiration information, redemption history, and benefits or status information. You are responsible for ensuring you have authorization to provide this information.

Communications and Support Information: customer support requests, survey responses, feedback, product suggestions and communications with Trilla.

3.2 Information Collected Automatically

Device and Technical Information: IP address, browser type, operating system, device identifiers, language preferences, pages visited, timestamps, session information and performance data.

Usage Information: searches performed, features used, clicks, interactions with recommendations and affiliate links, and Platform navigation patterns.

Location Information: where permitted and authorized, approximate or device-based location. Trilla does not collect precise location unless the User authorizes it or applicable law permits.

3.3 Information From Third Parties

We may receive information from loyalty program and financial account Connectivity Providers, analytics providers, advertising partners, affiliate networks, business partners and publicly available sources where permitted. Examples include referral attribution, conversion information, technical information and account connection status.

4. Categories of Personal Information Collected

Depending on your use of the Platform, Trilla may collect the following categories of personal information:

  • Identifiers — name, email, account identifiers.
  • Commercial Information — travel searches, preferences, loyalty activity.
  • Internet or Network Activity — IP address, device information, browsing activity.
  • Financial Information — card issuer, rewards information, and, where you connect accounts, authorized financial-account references and transaction information received through a Connectivity Provider.
  • Geolocation Information — location data where authorized.
  • Inferences — travel preferences, loyalty behavior, recommendations.
  • Professional or Business Information — enterprise account details, if applicable.
  • Sensitive Personal Information — certain financial or account-related information when necessary.

5. Sensitive Personal Information

Certain information processed by Trilla may be considered Sensitive Personal Information under applicable privacy laws, including financial account information, authentication information, certain identifiers and precise location information where authorized. Trilla processes Sensitive Personal Information only when reasonably necessary to provide requested services, authenticate Users, maintain security, prevent fraud, comply with legal obligations, or perform functions reasonably expected by Users, and does not use it for purposes incompatible with applicable law.

6. Credit Card and Financial Product Information

Trilla may allow Users to provide information related to credit cards, loyalty rewards cards and financial products to generate travel optimization recommendations. Depending on the features used, this may include card issuer, card product name, associated rewards program, earning categories, benefits and travel perks, annual fees, transfer partners, redemption-related information and User preferences related to card usage. Users may provide this information manually or through methods made available by Trilla.

Trilla does not process payments, initiate transactions, or access or move funds from User financial accounts. Any financial products, credit cards or rewards programs displayed through the Platform are provided by Third Parties and governed by their respective terms and privacy policies.

6.1 Financial Information Disclaimer

Trilla is not a financial institution, bank, lender, credit card issuer, broker, investment advisor or financial service provider. Information relating to credit cards, rewards programs, loyalty accounts or financial products is processed solely to provide travel optimization features, comparisons and recommendations. Trilla does not provide banking services, access or control User funds, initiate financial transactions, transfer money, make lending decisions, approve or deny credit applications, or provide financial, investment or credit advice. Users are solely responsible for evaluating financial products before applying or taking any action.

7. Financial Account Connectivity via Plaid

Trilla offers optional integrations that allow Users to securely connect eligible financial, bank, credit card or loyalty accounts through authorized Connectivity Providers, including Plaid Inc. (“Plaid”). Using these integrations is voluntary; you choose whether to connect an account.

When you connect an account through Plaid, you authorize Plaid to access and transmit permitted information from your financial institution or provider to Trilla. Depending on the account and the permissions you grant, this may include account and routing references (typically tokenized or masked), account balances, transaction history, account ownership and identity details, and card or loyalty information. Trilla accesses only the information necessary to provide the requested features — for example, analyzing balances, transactions and card data to recommend whether to pay with cash or points, which card to use, or how to optimize a redemption.

Plaid acts as a data intermediary. Your use of Plaid is also governed by Plaid’s own privacy policy and end user services agreement (available at plaid.com/legal). We encourage you to review Plaid’s privacy policy before connecting an account. Where feasible, Trilla relies on tokenized access and does not receive or store your online banking username or password; credential collection is handled by Plaid.

Because this functionality involves financial account information, such data is treated as Sensitive Personal Information and, where applicable, is subject to the U.S. Gramm-Leach-Bliley Act (GLBA) and its safeguards, to the CCPA/CPRA and other state sensitive-data rules, and to the LGPD and other LATAM protections. Trilla applies heightened security and access controls to this information.

You may disconnect linked accounts at any time through the Platform or by contacting us, subject to technical limitations and to information Trilla is required or permitted to retain by law. Trilla does not use financial account data to initiate payments, move funds, or make lending or credit decisions. Trilla does not guarantee that any connectivity integration will be available, uninterrupted or compatible with all financial institutions.

8. Third-Party Connectivity Providers

To provide certain features, Trilla may use Connectivity Providers that facilitate secure connections between Users and external accounts, including financial data connectivity providers (such as Plaid), loyalty program connectivity providers, travel data providers and authentication providers. When a User chooses to connect an account, the User authorizes such provider to access and transmit permitted information, Trilla receives only the information authorized through the connection, and the Third Party may impose additional terms and privacy requirements. Trilla is not responsible for the independent privacy practices, security measures or data-handling practices of Connectivity Providers.

9. Data Minimization and Financial Information

Trilla follows data-minimization principles and seeks to collect only information reasonably necessary to provide Platform functionality. Where possible, Trilla uses tokenized information, limited identifiers, and aggregated or de-identified information. Except to the extent information is received through an authorized Connectivity Provider such as Plaid with your consent, Trilla does not intentionally collect or store full bank-account credentials, full payment card numbers or payment-authentication information. Any financial-account information received through a Connectivity Provider is handled as Sensitive Personal Information with heightened safeguards.

10. How We Use Personal Information

Trilla uses personal information for legitimate business purposes and to provide, maintain, improve and protect the Platform.

10.1 Providing and Personalizing the Platform

To create and manage accounts, authenticate Users, provide travel optimization features, analyze travel preferences, generate recommendations, compare cash and points options, analyze loyalty program opportunities, and personalize Platform experiences.

10.2 Artificial Intelligence and Machine Learning

Trilla may use artificial intelligence (“AI”), machine learning models, automated systems and statistical analysis to improve the Platform and provide recommendations. These systems may process searches, travel preferences, loyalty information, User interactions, historical Platform usage and aggregated travel patterns to generate recommendations, improve search results and personalization, identify relevant opportunities, improve valuation methodologies, detect fraud and security risks, and develop new features.

Trilla does not use AI systems to make decisions that legally or significantly affect Users without appropriate safeguards required by applicable law. AI-generated recommendations are informational and may contain inaccuracies; Users should independently verify information before making travel, financial or loyalty decisions.

10.3 Improving and Developing the Platform

To analyze Platform performance, improve algorithms and user experience, develop new products, test features, conduct research and improve the accuracy of recommendations. Trilla may use aggregated and de-identified information for these purposes.

10.4 Communications, Security and Affiliate Programs

To communicate with Users about account activity, security alerts, service updates, support, product announcements, surveys and permitted marketing; to detect suspicious activity, prevent fraud, protect accounts, enforce our Terms and investigate misuse; and to track referral activity, measure conversions, attribute commissions and operate affiliate relationships.

Where required by applicable law (including GDPR, LGPD and certain international privacy laws), Trilla processes personal information under one or more legal bases: performance of a contract (to create accounts and provide requested features); consent (for connecting financial accounts, accessing certain loyalty information, marketing communications, and certain cookies or tracking technologies — which may be withdrawn where permitted); legitimate interests (improving the Platform, securing systems, preventing fraud, analyzing usage, measuring affiliate performance and developing products); and legal obligations (to comply with laws, regulations, legal processes and governmental requests).

12. How We Share Personal Information

Trilla does not sell personal information for monetary consideration. We may disclose personal information as follows:

12.1 Service Providers and Processors

With vendors that provide cloud hosting, database management, analytics, security, customer support, authentication, payment processing and account connectivity. These providers are contractually required to process information only for authorized purposes and to maintain appropriate confidentiality and security. Where required by law, Trilla enters into data processing agreements imposing confidentiality, security and use-restriction obligations.

12.2 Loyalty, Financial and Travel Connectivity Providers

If you choose to connect accounts, information may be processed through authorized Connectivity Providers (such as Plaid) that facilitate access to loyalty programs, rewards accounts, financial information and travel-related services. Such Third Parties may process information according to their own privacy policies.

12.3 Affiliate and Referral Partners

When Users interact with affiliate links or referral programs, Trilla may share limited information necessary to attribute referrals, track conversions, calculate commissions and verify qualifying actions (such as referral identifiers, transaction identifiers, technical information and conversion information). Trilla does not share unnecessary personal information with affiliate partners.

12.4 Advertising and Analytics Providers

With analytics and advertising providers to measure Platform performance, understand User behavior and improve marketing. Where required by law, Users may opt out of certain forms of targeted advertising or data sharing.

12.5 Legal, Safety and Business Transfers

When reasonably necessary to comply with laws, respond to legal requests, protect rights and safety, investigate fraud, or enforce agreements; and as part of a merger, acquisition, financing, restructuring, bankruptcy, sale of assets or transfer of business operations, in which case any successor entity may process information under applicable law and substantially similar privacy practices.

13. Aggregated and De-Identified Information

Trilla may create aggregated, anonymized or de-identified information from Personal Information and use it for analytics, research, product improvement, benchmarking, market analysis and improving travel optimization models. Trilla may use aggregated, anonymized and de-identified information to train, test, evaluate, improve and develop AI systems, machine learning models and recommendation engines used to operate and enhance the Platform. Trilla does not use personal information to train models in a manner inconsistent with this Privacy Policy or applicable law, and does not attempt to re-identify properly de-identified information except as permitted by law.

14. Cookies, Tracking Technologies and Analytics

Trilla uses cookies, pixels, SDKs, local storage and similar technologies to authenticate Users, maintain preferences and settings, analyze usage, measure performance, track affiliate referrals and improve functionality. Categories include essential cookies (account access, authentication, security, basic functionality), functional cookies (preferences and settings), analytics cookies (usage and performance), affiliate and referral cookies (attribution and conversions), and advertising cookies (advertising effectiveness and personalization, where applicable).

Where required by applicable law, Trilla requests consent before placing non-essential cookies or tracking technologies. Users may manage preferences through browser settings, cookie preference tools or available Platform controls. Disabling certain cookies may affect Platform functionality.

15. Marketing Communications

Where permitted by law, Trilla may send promotional communications regarding travel opportunities, Platform updates, partnerships, rewards opportunities and relevant services. Users may unsubscribe at any time. Unsubscribing from marketing does not prevent transactional communications related to accounts, security, payments, legal notices or Platform functionality.

16. Automated Decision-Making and Profiling

Trilla uses automated systems, including AI and machine learning, to provide recommendations and improve the Platform — for example, comparing cash versus points, identifying redemption opportunities, suggesting credit card rewards strategies, ranking travel options and personalizing recommendations. These systems assist Users and provide information. Trilla does not make decisions that determine legal rights, determine credit eligibility, approve or deny financial products, or create similarly significant effects, unless required safeguards under applicable law are implemented. Users should independently evaluate recommendations before making travel or financial decisions.

17. Your Privacy Rights

Depending on where you live, you may have certain rights regarding your personal information, which vary by applicable law, including: the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA); the Virginia Consumer Data Protection Act (VCDPA); the Colorado Privacy Act (CPA); the Connecticut Data Privacy Act (CTDPA); the Utah Consumer Privacy Act (UCPA); the Oregon Consumer Privacy Act (OCPA); the Texas Data Privacy and Security Act (TDPSA); Nevada privacy laws; the GDPR; Brazil’s LGPD; and other applicable privacy regulations.

18. United States Privacy Rights

18.1 California Residents (CCPA / CPRA)

California residents may have the right to know/access categories and specific pieces of personal information collected, the sources, purposes and categories of Third Parties with whom it is shared; to delete personal information (subject to legal exceptions such as completing transactions, detecting security incidents, complying with legal obligations and permitted internal uses); to correct inaccurate information; to opt out of the “sale” or “sharing” of personal information and of targeted / cross-context behavioral advertising; to limit the use of Sensitive Personal Information; and to non-discrimination for exercising these rights.

Although Trilla does not sell personal information for monetary consideration, certain uses of cookies, analytics or advertising tools may qualify as “sharing” under California law, and California residents may opt out. California residents may use authorized agents to submit requests, subject to verification of identity and the agent’s authority.

Notice of categories collected (previous 12 months): Identifiers; Commercial Information; Internet Activity; Geolocation (where authorized); Financial Information (rewards, card and — where connected — authorized account references); Inferences; and Sensitive Information (account credentials or financial information where necessary).

18.2 Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Oregon (OCPA), Texas (TDPSA)

Residents of these states may have rights to confirm processing and access personal information; correct inaccuracies; delete personal information; obtain a portable copy; and opt out of targeted advertising, the sale of personal data and certain profiling. Colorado, Connecticut, Oregon, Texas and California residents may use recognized universal opt-out / Global Privacy Control (GPC) signals where legally required. Oregon residents may request a list of specific Third Parties with whom their information has been shared. Residents may appeal a denied request by contacting Trilla.

18.3 Nevada

Nevada residents may have the right to opt out of certain sales of covered information. Although Trilla does not sell personal information for monetary consideration, Users may submit privacy requests under applicable Nevada law.

19. International Privacy Rights

19.1 European Economic Area / United Kingdom (GDPR)

Where GDPR applies, Users may have rights of access, rectification, deletion, restriction of processing, objection to processing, data portability, withdrawal of consent, and to lodge a complaint with a supervisory authority. Trilla relies on appropriate safeguards for international transfers where applicable.

19.2 Brazil (LGPD)

Where LGPD applies, Users may have rights of confirmation of processing, access, correction, anonymization, deletion, portability, information regarding shared data, withdrawal of consent, and review of automated decisions where applicable.

19.3 Mexico, Colombia, Argentina and Other LATAM Jurisdictions

Depending on your country, you may have rights under local data-protection law, including Mexico’s Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) and its ARCO rights (access, rectification, cancellation and opposition); Colombia’s Law 1581 of 2012 and related decrees; Argentina’s Personal Data Protection Law No. 25.326; and other applicable LATAM regulations. To exercise these rights, contact Trilla using Section 20. You may also have the right to complain to your local data-protection authority.

20. How to Exercise Privacy Rights

To exercise privacy rights, contact Trilla at info@flytrilla.com or through our privacy portal at https://flytrilla.com/privacy. You may submit access, deletion, correction, opt-out and consent-withdrawal requests through these channels.

21. Identity Verification

To protect Users and prevent unauthorized disclosure, Trilla may verify identity before completing privacy requests. Verification may require account confirmation, email verification or additional information reasonably necessary to authenticate the request. Authorized agents may be required to provide proof of authorization.

22. Response Times

Trilla will respond to privacy requests within the periods required by applicable law. If additional time is necessary, Trilla will provide notice explaining the reason for the delay.

23. Appeals

Where required by applicable law, Users may appeal a denial of a privacy request by contacting info@flytrilla.com. If an appeal is denied, Users may have the right to contact their state attorney general or applicable privacy regulator.

24. Data Retention

Trilla retains personal information only for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including providing the Platform, maintaining accounts, improving services, complying with legal obligations, resolving disputes, enforcing agreements, maintaining security and preventing fraud. Retention periods vary by the type of information, purpose of processing, and legal, regulatory and business requirements. When information is no longer necessary, Trilla may delete, anonymize, aggregate or securely dispose of it. Certain information may be retained where required or permitted by law (tax, accounting, legal claims, regulatory compliance, security investigations).

24.1 Backup Systems

When personal information is deleted, removed or anonymized, copies may temporarily remain in backup, archival or disaster-recovery systems. Such information remains protected and is not actively processed except as necessary for security, disaster recovery, legal obligations or system integrity, and is deleted or overwritten according to Trilla’s retention procedures.

25. Data Security

Trilla implements reasonable administrative, technical and organizational safeguards designed to protect personal information, which may include encryption during transmission, access controls, authentication mechanisms, tokenization where feasible, monitoring systems, security procedures and vendor security reviews. However, no method of transmission, storage or electronic communication is completely secure, and Trilla cannot guarantee absolute security or that unauthorized access will never occur.

Users are responsible for protecting account credentials, using secure passwords, notifying Trilla of suspected unauthorized access, and ensuring they have permission before connecting Third-Party accounts. Users should only connect accounts they are authorized to access.

The Platform may contain links, integrations or connections to Third-Party services, including airlines, hotels, loyalty programs, banks, credit card issuers, payment processors, affiliate partners and analytics providers. Trilla does not control Third-Party privacy practices; information collected by Third Parties is governed by their own privacy policies and terms. Users should review Third-Party privacy policies before providing information directly to those entities.

27. International Data Transfers

Trilla operates in the United States and may provide services to Users internationally. Personal information may be transferred to, stored in or processed in countries other than where the User resides, including the United States and countries where Trilla’s service and infrastructure providers operate. Where required by applicable law, Trilla uses appropriate safeguards for international transfers, including contractual protections, standard contractual clauses and other lawful mechanisms.

28. Financial Incentives and Rewards

Certain privacy laws, including California law, may regulate programs that provide financial incentives in exchange for personal information. Trilla may provide benefits such as promotional offers, referral rewards, premium access, discounts or loyalty-related features. Where required by law, Trilla will provide additional notice regarding the categories of personal information involved, the value of the incentive, terms of participation and how to withdraw. Participation is voluntary.

29. Children’s Privacy

The Platform is intended for individuals who are at least eighteen (18) years old or otherwise have legal capacity to enter into agreements under applicable law, and is not directed to children. Trilla does not knowingly collect personal information from individuals under 18. In particular, consistent with the U.S. Children’s Online Privacy Protection Act (COPPA), Trilla does not knowingly collect personal information from children under thirteen (13). If Trilla becomes aware that it has collected personal information from a child under the applicable age without appropriate authorization, Trilla will take reasonable steps to delete such information.

30. Biometric Information

Trilla does not intentionally collect, process or store biometric information, including fingerprints, facial recognition data, voiceprints or biological identifiers. If future features require biometric information, Trilla will update this Privacy Policy and provide any notices required by applicable law.

31. Do Not Track and Global Privacy Control

Some browsers provide “Do Not Track” (DNT) settings. Because there is currently no universally accepted standard for responding to DNT signals, Trilla may not respond to all DNT requests. Where required by applicable law, Trilla honors recognized privacy-preference signals, including Global Privacy Control (GPC) signals.

32. California “Shine the Light”

California residents may request information regarding certain disclosures of personal information to Third Parties for their direct marketing purposes. To submit a request, contact info@flytrilla.com.

33. Data Breach Notification

If Trilla experiences a security incident involving personal information, Trilla will evaluate the incident and provide notifications when required by applicable law. Notification may include the affected information, recommended actions, available remedies and contact information.

34. Data Protection Representatives

Where required by applicable law, Trilla may designate privacy representatives, a Data Protection Officer (DPO) or local representatives. Contact information for such representatives will be provided where applicable.

35. Complaints and Regulatory Authorities

If you believe Trilla has not handled your personal information appropriately, please contact Trilla first so we can attempt to resolve your concern. You may also have the right to submit a complaint to your local data-protection authority, your state attorney general or another applicable regulatory authority.

36. Service, Savings and Recommendation Disclaimers

These disclaimers supplement (and are also reflected in) Trilla’s Terms of Use. Trilla is a technology platform and recommendation engine, and is not a travel agency, travel seller, ticketing agent, tour operator, transportation provider, airline or hotel provider; any booking, purchase or travel arrangement is completed directly between the User and the applicable Third Party.

Trilla does not guarantee the lowest available fare, the highest possible redemption value, maximum savings, availability of any flight or redemption, approval for any financial product, or any specific travel outcome. Recommendations are informational tools, may be generated using AI or automated systems, and may contain errors, outdated information, incomplete data or inaccurate assumptions. Users should independently verify information before booking travel, transferring points, applying for financial products or making decisions.

Platform recommendations and rankings may consider multiple factors, including User preferences, estimated value, availability, relevance, proprietary methodologies, commercial relationships and affiliate compensation; compensation relationships do not guarantee that a product or recommendation is appropriate for any specific User. Users are solely responsible for complying with the terms and rules of any loyalty program, airline, hotel, credit card issuer or Third Party, and should review applicable program rules before transferring points, redeeming rewards or taking any action.

37. Changes to This Privacy Policy

Trilla may update this Privacy Policy periodically. When changes are made, Trilla may update the “Last Updated” date, post the revised Privacy Policy and provide additional notice where required by law. Your continued use of the Platform after changes become effective indicates acceptance of the updated Privacy Policy.

38. Contact Information

Trilla Inc. — Privacy Team

Address: 8 The Green, Suite R, Dover, DE 19901

Email: info@flytrilla.com

Privacy portal: https://flytrilla.com/privacy

Website: https://flytrilla.com

39. Acknowledgement

By using the Platform, you acknowledge that you have reviewed this Privacy Policy; you understand how Trilla processes personal information, including financial-account information you choose to connect through Plaid or another Connectivity Provider; you understand that Third Parties may process information independently under their own policies; you understand that recommendations provided by the Platform are informational; and you agree to the practices described in this Privacy Policy.