Privacy Policy
Plain-language commitments about what we collect, why, and the control you keep over your data.
Your trust is the product. This Policy describes how Jet Booking Services Inc. (“Ctraa”) handles personal data across our Services. Please read it alongside our Terms & Conditions.
1. Scope of this Policy
This Privacy Policy applies to the Ctraa website, mobile experiences, and customer-support channels (collectively, the “Services”) operated by Jet Booking Services Inc. trading as “Ctraa” (“we”, “us”, “our”). It explains what personal data we process, why, on what legal basis, who we share it with, and the controls you have.
We act as a data controller for the information described here. Travel Providers (airlines, consolidators, payment processors) are independent controllers for the data they receive to fulfil your booking.
2. Information We Collect
We collect the following categories of personal data:
- Identity & contact data — name, date of birth, gender, email, phone, billing address.
- Travel data — passenger details, passport / ID numbers where a route requires it, itineraries, frequent-flyer numbers, seat / meal / accessibility preferences.
- Payment data — card type, last four digits, and tokenised references. Full card numbers are processed by PCI-DSS Level 1 payment partners and are not stored on our systems.
- Technical data — IP address, device and browser type, timezone, and interaction logs used for fraud prevention and service reliability.
- Usage & communications — searches, pages viewed, and the content of your support conversations with us.
3. How We Use Your Data
- To create, confirm, and service your bookings.
- To process payments and apply any applicable fees or coupons.
- To provide 24/7 support, rebookings, and disruption assistance.
- To detect, investigate, and prevent fraud and abuse.
- To meet legal, tax, and regulatory obligations.
- To send service messages, and — where permitted — marketing you can opt out of at any time.
- To improve the Services through aggregated, de-identified analytics.
4. Legal Bases for Processing
Where the GDPR or comparable laws apply, we rely on: (a) performance of a contract to deliver bookings you request; (b) legitimate interests for fraud prevention, security, and service improvement, balanced against your rights; (c) legal obligation for record-keeping and regulatory compliance; and (d) consent for optional marketing and non-essential cookies, which you may withdraw at any time.
6. International Transfers
Air travel is inherently cross-border, so your data may be transferred to and processed in countries other than your own. Where we transfer data internationally, we use recognised safeguards such as Standard Contractual Clauses or an adequacy decision, except where the transfer is necessary to perform the travel contract you requested.
8. Data Retention
We keep personal data only as long as necessary for the purposes above — typically for the life of your booking plus the period required by tax, accounting, and anti-fraud obligations — after which it is deleted or irreversibly anonymised.
9. How We Protect Your Data
We apply encryption in transit, access controls on a need-to-know basis, network segmentation, and continuous monitoring. Payment data is handled exclusively by PCI-DSS Level 1 partners. No method of transmission is perfectly secure, but we work to industry standards and notify affected users and regulators of qualifying incidents as required by law.
10. Your Privacy Rights
Depending on where you live, you may have the right to access, correct, delete, port, or restrict processing of your data, to object to certain processing, and to withdraw consent. California residents have rights under the CCPA/CPRA, including the right to know and to opt out of “sharing” for cross-context behavioural advertising.
To exercise any right, contact customercare@ctraa.com. We will verify your request and respond within the timeframe required by applicable law. You may also lodge a complaint with your local data protection authority.
11. Children's Privacy
The Services are intended for users 18 and older. We do not knowingly collect data from children except as part of a booking made by an adult. If you believe a child has provided us data independently, contact us and we will delete it.
12. Marketing & Communications
Where you have booked with us or opted in, we may send fare alerts and offers. Every marketing message includes an unsubscribe link, and you can opt out at any time without affecting service messages essential to your bookings.
13. Changes to this Policy
We may update this Policy to reflect legal, technical, or business changes. Material changes will be highlighted on this page with an updated effective date. Continued use of the Services after an update constitutes acceptance of the revised Policy.
14. Contact Us
For privacy questions or to exercise your rights, contact our privacy team at customercare@ctraa.com or write to Jet Booking Services Inc., Attn: Privacy. For general support, see our Help Center.