Privacy Policy | First Officer by UpNonStop

What We Collect

We collect only the information needed to provide the First Officer advisory service. This includes:

Your name, email address, and phone number
Names of your credit cards and loyalty programs (not card numbers)
Loyalty program point and mile balances
Travel preferences, goals, and dates
Conversation history with First Officer via WhatsApp

Our software and AI tools do not collect or store: passwords, credit card numbers, Social Security numbers, bank account credentials, or financial login information.

How We Use Your Data

We use your information to:

Provide the advisory service: generating personalized card routing recommendations, alerts, and strategy
Send proactive alerts about expiring credits, transfer bonuses, and award availability
Personalize recommendations based on your specific cards, balances, and travel goals
Improve the accuracy and quality of our AI-generated advice

How Your Conversations Improve the Service

Every client conversation helps sharpen First Officer's recommendations for the next one. We do this through a three-layer architecture:

Never collected. Your passwords, full card numbers, bank account numbers, Social Security numbers, credit scores, and income data are never collected by our software or AI tools under any circumstance.
Private to you. Your name, phone, email, card names, loyalty program names, balances, travel goals, and conversation history are stored in your isolated row. They are never visible to other clients.
Anonymized patterns. Aggregated, de-identified patterns: question and answer structures, vendor MCC behavior observations, transfer route outcomes, all flow into the shared knowledge base that informs future recommendations for all clients. Your identity, specific portfolio, and individual history never enter this layer.

You can request deletion of your private layer at any time via email to compliance@upnonstop.com or through the Do Not Sell My Info section below.

Third-Party Processors

We work with a small number of trusted third-party processors to deliver the service:

Stripe: payment processing for subscriptions and booking fees
Anthropic / Claude: AI processing to generate personalized recommendations
Meta / WhatsApp: message delivery for the advisory service

Each processor operates under its own privacy policy and is contractually required to protect your data.

Data Retention

Your data remains active for the duration of your subscription. After cancellation, all personal data is deleted within 30 days.

Raw emails forwarded to First Officer (for statement parsing or balance updates) are deleted within 24 hours. Only the structured data extracted from those emails, such as point balances and transaction categories: is retained.

Data Security

All client data is stored with row-level isolation in Supabase, meaning your data is completely separated from every other client at the infrastructure level. We use encryption in transit and at rest.

Your Rights Under CCPA (California)

If you are a California resident, you have the right to:

Know what personal information we collect and how it is used
Delete your personal information upon request
Opt out of the sale of your personal information, though we want to be clear: we do not sell your data to anyone, ever
Non-discrimination: we will not treat you differently for exercising your privacy rights

Service Availability & Geographic Restrictions

First Officer is offered exclusively to residents of the United States. The service is not available to, and is not intended for, residents of the European Union, the European Economic Area, the United Kingdom, Canada, or any other jurisdiction outside the United States.

By using First Officer, you represent and warrant that you are a US resident. If you are not, you must discontinue use of this service immediately.

UpNonStop LLC does not knowingly collect personal data from individuals outside the United States. If we become aware that a non-US user has provided personal data, we will take reasonable steps to delete it within 30 days.

Questions about geographic availability? Contact compliance@upnonstop.com.

Cookies

We use minimal cookies, only what Stripe requires for secure checkout processing. We do not use advertising cookies, tracking pixels, or analytics cookies on our site.

Children

First Officer is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the revised policy.

Contact

Questions about your data or this policy? Reach us at compliance@upnonstop.com or message us on WhatsApp.