Privacy Policy | First Officer by UpNonStop

What We Collect

We collect only the information needed to provide the First Officer advisory service. This includes:

Your name, email address, and phone number
Names of your credit cards and loyalty programs (not card numbers)
Loyalty program point and mile balances
Travel preferences, goals, and dates
Conversation history with First Officer via WhatsApp

Our software and AI tools do not collect or store: passwords, credit card numbers, Social Security numbers, bank account credentials, or financial login information.

How We Use Your Data

We use your information to:

Provide the advisory service — generating personalized card routing recommendations, alerts, and strategy
Send proactive alerts about expiring credits, transfer bonuses, and award availability
Personalize recommendations based on your specific cards, balances, and travel goals
Improve the accuracy and quality of our AI-generated advice

Third-Party Processors

We work with a small number of trusted third-party processors to deliver the service:

Stripe — payment processing for subscriptions and booking fees
Anthropic / Claude — AI processing to generate personalized recommendations
AwardWallet — loyalty program balance tracking via secure OAuth connection (you authorize access directly; we never see your login credentials)
Meta / WhatsApp — message delivery for the advisory service

Each processor operates under its own privacy policy and is contractually required to protect your data.

Data Retention

Your data remains active for the duration of your subscription. After cancellation, all personal data is deleted within 30 days.

Raw emails forwarded to First Officer (for statement parsing or balance updates) are deleted within 24 hours. Only the structured data extracted from those emails — such as point balances and transaction categories — is retained.

Data Security

All client data is stored with row-level isolation in Supabase, meaning your data is completely separated from every other client at the infrastructure level. We use encryption in transit and at rest.

Your Rights Under CCPA (California)

If you are a California resident, you have the right to:

Know what personal information we collect and how it is used
Delete your personal information upon request
Opt out of the sale of your personal information — though we want to be clear: we do not sell your data to anyone, ever
Non-discrimination — we will not treat you differently for exercising your privacy rights

Your Rights Under GDPR (European Union)

If you are in the EU or EEA, you have the right to:

Access your personal data and receive a copy
Rectification — correct inaccurate or incomplete data
Erasure — request deletion of your personal data
Portability — receive your data in a structured, machine-readable format
Objection — object to processing of your data for certain purposes

To exercise any of these rights, contact us at compliance@upnonstop.com.

Cookies

We use minimal cookies — only what Stripe requires for secure checkout processing. We do not use advertising cookies, tracking pixels, or analytics cookies on our site.

Children

First Officer is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we'll update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the revised policy.

Contact

Questions about your data or this policy? Reach us at compliance@upnonstop.com or message us on WhatsApp.