Privacy Policy

Points Life International

Last Updated: June 5, 2025

1. Introduction

Points Life International (“Points Life,” “we,” “us,” or “our”) is committed to safeguarding the privacy and security of personal information that you (“you,” “your,” or “user”) provide to us when you visit our website, use our mobile applications, or otherwise engage with our services (collectively, the “Services”). This Privacy Policy (“Policy”) describes how Points Life collects, uses, discloses, and protects your information. By accessing or using the Services, you affirmatively consent to the collection, use, and disclosure of your personal information as described herein. If you do not agree with our practices, please do not use our Services.

2. Scope and Applicability

This Policy applies to all personal information collected by Points Life when you (i) access or interact with our website, www.pointslifeinternational.com, and related subdomains; (ii) download or use our mobile application; (iii) contact us via email, phone, or through any offline method; or (iv) otherwise use or receive our Services. This Policy does not apply to information collected by third-party websites, applications, or services that may be linked to or integrated with our Services. We recommend that you review the privacy policies posted on those sites and services before providing any personal information.

3. Definitions

• “Personal Information” means any information that identifies, relates to, describes, or is capable of being associated with a specific individual. Examples include, without limitation, name, postal address, email address, telephone number, date of birth, payment information, and travel preferences.
• “Non-Personal Information” means information that, by itself, cannot be associated with or traced back to a specific individual. Examples include aggregated statistics, device type, browser type, and anonymized browsing data.
• “Sensitive Personal Information” means data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data, health-related information, or information concerning a natural person’s sex life or sexual orientation.

4. Information We Collect

4.1 Information You Provide Directly

• Account Registration: When you create an account with Points Life, we collect your name, email address, password (hashed and encrypted), postal address, telephone number, date of birth, and emergency contact information.
• Profile and Preferences: Upon registration and at any time thereafter, you may choose to provide additional information, including but not limited to travel preferences (e.g., preferred airlines, hotel brands), loyalty program numbers, passport or visa details, frequent flyer numbers, and demographic information (e.g., gender, nationality).
• Payment and Billing Information: When you make a purchase through our Services, we collect payment details (e.g., credit/debit card numbers, expiration date, CVV, billing address). All payment card processing is handled by our PCI-compliant third-party payment processors; we do not directly store card numbers or CVVs.
• Communications: If you correspond with us via email, phone, or live chat, we may retain the content of your communications, your email address, and our responses for customer service purposes.
• Feedback and Surveys: We may collect information you voluntarily provide through surveys, questionnaires, or feedback forms.

4.2 Information Collected Automatically

• Usage Data: We automatically collect certain information about your device and how you interact with our Services. This may include your IP address, device type, operating system, browser type, Internet Service Provider, unique device identifiers, and crash data.
• Cookies and Tracking Technologies: We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your online activity. See Section 7 below for further details.
• Location Information: With your consent, we may collect precise or approximate location information (e.g., GPS, Bluetooth, Wi-Fi signals) for purposes such as boarding notifications, destination-based offers, and itinerary planning. You may disable location services via your device settings, but disabling such services may limit certain features.

4.3 Information from Third Parties

• Travel Partners and Loyalty Programs: With your consent, or as permitted by applicable law, we may receive information about your travel itinerary, booking history, and loyalty account balances from partner airlines, hotels, car rental agencies, and other third-party travel providers.
• Social Media Platforms: If you choose to link or log into your Points Life account via a social media platform (e.g., Facebook, Google), we may collect the personal information you make available under the relevant platform’s privacy settings (e.g., name, email address, profile picture).
• Public and Commercial Databases: We may supplement the information you provide with data from public records, credit bureaus (to the extent permitted by law), or other commercial sources to validate your identity, detect fraud, or improve service offerings.

5. How We Use Your Information

• 5.1 Provision of Services:
  • Process and confirm bookings, reservations, and redemptions of reward points.
  • Authenticate and manage your account, including password resets and two-factor authentication (2FA).
  • Provide real-time travel notifications (e.g., boarding gate changes, flight delays), as well as itinerary management and travel assistance.
  • Enable you to participate in promotions, contests, and loyalty programs.
• 5.2 Improvement of Services:
  • Analyze usage trends to optimize website and application performance.
  • Conduct research and analysis to understand user behavior, preferences, and demographic characteristics.
  • Personalize and enhance your experience with targeted offers, recommendations, and loyalty program benefits.
  • Detect, investigate, and prevent fraudulent or unauthorized activities.
• 5.3 Marketing and Communications:
  • Send you transactional communications, such as booking confirmations, billing invoices, and customer service responses.
  • Deliver marketing communications (with your consent or where permitted by law), including newsletters, promotional offers, and loyalty program updates. You may opt out of marketing communications at any time by following the unsubscribe instructions included in the email or by contacting us directly (see Section 14).
  • Conduct surveys and request feedback to understand your satisfaction and improve our offerings.
• 5.4 Legal and Regulatory Compliance:
  • Comply with applicable legal and regulatory requirements, including tax reporting, anti-money laundering (AML) obligations, and international sanctions screening.
  • Respond to lawful requests from public authorities, such as subpoenas, court orders, or government investigations.
  • Protect the rights, property, or safety of Points Life, our users, or others.
• 5.5 Internal Operations and Audit:
  • Perform internal audits and monitor compliance with our policies and operational procedures.
  • Compile audit logs and maintain records for financial reporting, tax filings, and regulatory oversight.
  • Investigate security breaches, data incidents, and other events to mitigate risk and enhance our security posture.

6. Legal Bases for Processing (Where Applicable)

If you are located in the European Economic Area (“EEA”), the United Kingdom, or other jurisdictions with comparable data protection laws, we rely on the following legal bases for processing your personal information:

• Performance of a Contract: Processing is necessary to provide our Services to you (e.g., fulfilling travel bookings and communicating itinerary changes).
• Legitimate Interests: We process information to operate, maintain, and improve our Services, provided that such interests are not overridden by your rights and interests (e.g., fraud detection, service improvements, network and information security).
• Consent: With your explicit consent, we process personal information for specific purposes such as direct marketing or location-based services.
• Legal Obligation: We process information to comply with existing laws, regulations, or legal processes (e.g., tax reporting, AML screening).

7. Cookies and Tracking Technologies

7.1 What Are Cookies?

Cookies are small text files that are placed on your device by your web browser when you visit a website. We use session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a predefined duration) to improve site performance, remember your preferences, and deliver personalized content.

7.2 How We Use Cookies and Tracking Technologies

• Essential Cookies: Necessary for the operation of our Services (e.g., keeping you logged in, maintaining your cart or booking details).
• Performance and Analytics Cookies: Allow us to collect aggregated data about how visitors use our Services (e.g., pages visited, time spent on a page, error messages) so that we can improve functionality and user experience.
• Functional Cookies: Enable us to remember choices you make (e.g., language preferences, display settings) to provide a more personalized experience.
• Advertising and Targeting Cookies: Used to deliver relevant advertisements, track the effectiveness of an advertising campaign, and display ads based on your interests. We may partner with third-party advertising networks that place cookies on your browser to collect information about your online activities across different websites.

7.3 Managing Cookies

Most web browsers allow you to control cookies through their settings preferences. You can set your browser to refuse cookies or notify you when a cookie is being set. However, if you disable or refuse cookies, some parts of our Services may not function properly or may degrade your user experience.

8. How We Share and Disclose Your Information

We do not sell your personal information to third parties. We may share your personal information with the following categories of recipients under the circumstances described below:

8.1 Service Providers and Vendors

• Payment Processors: We share billing and payment information with third-party payment processors (e.g., Stripe, Adyen) to complete financial transactions.
• Cloud Hosting and Infrastructure Providers: We employ cloud service providers (e.g., AWS, Google Cloud) to host our website, store data, and maintain our infrastructure. These providers have access to personal information only to perform tasks on our behalf and are obligated not to disclose or use it for any other purpose.
• Travel Partners: We share itinerary details, loyalty account numbers, and traveler profiles with airlines, hotels, car rental agencies, and other third-party travel service providers to fulfill your bookings, process redemptions, and manage loyalty points.
• Marketing and Analytics Providers: We may engage third parties (e.g., Google Analytics, Mixpanel, Mailchimp) to analyze usage patterns, run promotions, send marketing communications, and optimize advertising campaigns.
• Customer Support and Dispute Resolution Agents: We share necessary personal information with third-party call centers and support agents to provide customer service.

8.2 Affiliates and Corporate Entities

We may share your information with our parent company, subsidiaries, or corporate affiliates for purposes consistent with this Policy, including joint marketing efforts, loyalty program administration, and data analytics. All affiliates are bound by confidentiality obligations and are restricted from using your personal information for any purpose other than those described in this Policy.

8.3 Legal and Regulatory Authorities

• Compliance with Laws: We disclose personal information when we believe in good faith that such disclosure is necessary to comply with applicable laws, regulations, legal processes (e.g., subpoenas, court orders), or to respond to lawful requests from public authorities.
• Protection of Rights and Safety: We may disclose personal information if we believe that your actions violate the rights of Points Life or others or where disclosure is necessary to protect the safety, rights, property, or security of Points Life, our users, or the public.

8.4 Business Transfers

If we are involved in a merger, acquisition, sale of assets, financing, or any form of sale, transfer, or disposition of all or a portion of our business to another entity, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.

8.5 Aggregate and De-Identified Information

We may share aggregate, anonymized, or de-identified data (which does not directly identify you) with third parties for research, analytics, or marketing purposes.

9. Data Retention

We retain personal information only for as long as is necessary to fulfill the purposes for which it was collected, including to comply with legal, regulatory, tax, accounting, or reporting requirements. Retention periods vary depending on the type of information, the services provided, and whether you have an active account with us. When we no longer need to keep personal information, we will securely delete or anonymize it in accordance with industry best practices.

10. International Data Transfers

Points Life International is headquartered in the United States and maintains servers and facilities in multiple jurisdictions. If you are located outside the United States, please be aware that your personal information may be transferred to, stored, and processed in the United States or in other countries whose data protection laws may differ from those in your jurisdiction. Whenever we transfer personal information across borders, we implement appropriate safeguards (such as Standard Contractual Clauses, Binding Corporate Rules, or equivalent mechanisms) to ensure that your information receives an adequate level of protection consistent with this Policy.

11. Security Measures

We implement a variety of administrative, technical, and physical safeguards to protect the security of your personal information, including but not limited to:

• Encryption of sensitive data in transit (using TLS/SSL) and at rest.
• Firewalls, intrusion detection/prevention systems, and regular vulnerability assessments.
• Access controls and authentication mechanisms (e.g., multi-factor authentication, role-based access).
• Employee training on data privacy and security best practices.
• Periodic security audits and penetration testing conducted by qualified third-party firms.

Despite our best efforts, no security measures are entirely foolproof or impervious to cyberattacks. By using our Services, you acknowledge and accept that we cannot guarantee absolute security.

12. Children’s Privacy

Our Services are not directed to individuals under the age of thirteen (13). We do not knowingly collect or solicit personal information from children under thirteen. If we become aware that we have inadvertently collected personal information from a child under thirteen, we will take prompt steps to delete such information. If you believe your child under thirteen has provided us with personal information, please contact us immediately (see Section 14).

13. Your Choices and Rights

Depending on your jurisdiction, you may have certain rights regarding your personal information. These may include:

• Right to Access and Portability: You may request a copy of the personal information we hold about you in a structured, commonly used, and machine-readable format.
• Right to Rectification: You can correct or update inaccurate or incomplete personal information.
• Right to Erasure (“Right to Be Forgotten”): Where applicable, you may request that we delete your personal information, subject to certain exceptions (e.g., when retention is necessary to comply with legal obligations, resolve disputes, or enforce agreements).
• Right to Restrict or Object to Processing: You may ask us to limit or cease processing your personal information for certain purposes, including direct marketing.
• Right to Withdraw Consent: If we rely on your consent to process certain categories of personal information (for example, marketing communications or location services), you may withdraw your consent at any time without affecting the lawfulness of processing prior to withdrawal.
• Right to Complain: If you are an EEA or UK resident and believe we have processed your personal information in violation of applicable laws, you have the right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, please contact us at the address provided in Section 14. We may request additional information to verify your identity before processing your request. We will respond to valid requests in accordance with applicable data protection laws and within required timeframes.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Points Life International
Attn: Privacy Officer
1234 Traveler’s Way, Suite 500
New York, NY 10001
Email: privacy@pointslifeinternational.com
Telephone: +1 (212) 555-6789

When contacting us, please provide sufficient detail for us to understand and respond to your inquiry. We will make commercially reasonable efforts to address and resolve your concerns promptly.

15. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not owned or controlled by Points Life. This Policy does not apply to third-party websites or services. We strongly encourage you to read the privacy policies of any third parties before providing any personal information. We are not responsible for the privacy practices or content of third parties.

16. Changes to This Privacy Policy

Points Life reserves the right to modify or update this Privacy Policy at any time. We will post the revised Policy on our website and indicate the date it was last updated. If we make material changes—such as adding a new use of personal information or sharing data with a new category of third parties—we will provide notice via email (sent to the primary email address on your account) or through a prominent notice on our Services prior to the change becoming effective. Your continued use of our Services after the effective date of any revised Policy constitutes acceptance of those changes.

17. Data Retention and Deletion Procedures

• Account Closure: If you choose to close your Points Life account, we will mark your account as closed and retain your personal information for a period consistent with our business needs and legal obligations (e.g., tax, accounting, or regulatory requirements). After this retention period, we will securely delete or anonymize your personal information.
• Inactive Accounts: Accounts that have been inactive for more than twenty-four (24) months may be deactivated. We will notify you at your registered email address before deactivation. Deactivated accounts are eligible for reactivation within thirty (30) days; otherwise, they will be permanently deleted.
• Automated Deletion: Certain data—such as browsing logs or analytics data—may be automatically deleted after predefined retention periods (typically between six (6) months and three (3) years, depending on the type of data and legal requirements).

18. International Transfers and Adequate Safeguards

Your personal information may be transferred to, stored, or processed in countries outside your jurisdiction, including the United States. Points Life ensures that any such transfers are conducted under adequate safeguards, as required by applicable data protection laws. These safeguards may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Binding Corporate Rules (BCRs) applicable to intra-group transfers.
• Other mechanisms that ensure an adequate level of data protection for transferred personal information.

Upon request, we can provide you with additional details regarding the specific safeguards in place for your data transfers.

19. Data Security Incident Notification

In the event of a confirmed data security incident that materially compromises the confidentiality, integrity, or availability of your personal information (e.g., unauthorized access, disclosure, loss, or encryption), we will notify affected individuals without undue delay and in accordance with applicable laws. We will also notify relevant supervisory authorities where required, and take all necessary steps to contain the incident and prevent further unauthorized access or disclosure.

20. California Consumer Privacy Act (“CCPA”) Disclosures (As Applicable)

If you are a resident of the State of California, the CCPA grants you specific rights regarding your personal information collected by Points Life. The following disclosures pertain only to California residents:

20.1 Categories of Personal Information Collected

We collect the categories of personal information listed in Section 4 above. In the past 12 months, we have collected:

• Identifiers (e.g., name, postal address, email address, phone number).
• Commercial information (e.g., transaction history, billing information, travel itinerary).
• Internet or network activity (e.g., browsing history, search history, device identifiers, IP address).
• Geolocation data (e.g., approximate or precise location).
• Professional or employment-related information (e.g., job title, employer name, business affiliations).
• Inferences drawn from provided information (e.g., traveler preferences, likely destination choices).

20.2 Sources of Personal Information

We obtain personal information from you directly, from your device and browser via cookies and tracking technologies, from third-party partners (e.g., travel providers, loyalty programs), and from public or commercial sources.

20.3 Business Purposes for Collection and Sharing

We use and share personal information as described in Sections 5 and 8. Specifically, we process and disclose personal information:

• To fulfill and manage travel bookings and loyalty redemptions.
• To provide customer support and respond to your inquiries.
• To maintain, operate, and secure our Services.
• To analyze usage patterns, tailor marketing communications, and measure advertising effectiveness.
• To comply with legal obligations, protect our rights, and facilitate business transactions (e.g., mergers, acquisitions).

20.4 Categories of Third Parties with Whom We Share Personal Information

• Service providers (e.g., payment processors, cloud hosting providers, marketing platforms).
• Travel partners (e.g., airlines, hotels, car rental companies).
• Analytics and advertising partners (e.g., Google Analytics, ad networks).
• Legal and regulatory authorities (e.g., law enforcement, tax authorities).
• Affiliates and corporate affiliates.

20.5 Your California Privacy Rights

• Right to Know/Access: You have the right to request disclosure of the categories and specific pieces of personal information we have collected, the purposes for which we use it, and the categories of third parties with whom we share it.
• Right to Delete: You may request the deletion of personal information we collected from you, subject to certain exceptions (e.g., legal obligations, fraud prevention).
• Right to Opt Out of Sale or Sharing: Points Life does not sell personal information for monetary consideration. However, we may share personal information with service providers for cross-context behavioral advertising or other purposes. To opt out of sharing for targeted advertising, please contact us at privacy@pointslifeinternational.com or click the “Do Not Sell or Share My Personal Information” link on our website.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise any California privacy rights, please submit a verifiable request via email to privacy@pointslifeinternational.com or call us at +1 (212) 555-6789.

21. Nevada Privacy Rights (“Nevada SB220”)

If you are a resident of Nevada, you have the right to request that we not sell your covered personal information (as defined under Nevada law). Points Life does not sell personal information for monetary consideration. To submit a request related to Nevada privacy rights, please email privacy@pointslifeinternational.com or call us at +1 (212) 555-6789.

22. Additional Jurisdictional Disclosures

22.1 European Union / United Kingdom Residents

If you are an EU or UK resident, you have the rights described in Section 13, and may lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated. We act as a data controller for personal information collected through our Services. For data subjects located in the EU or UK, our representative is:

Data Protection Representative
Points Life International
1234 Traveler’s Way, Suite 500
New York, NY 10001
Email: gdpr@pointslifeinternational.com

22.2 Canadian Residents

Under Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), you may withdraw your consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions. To withdraw consent, please contact us at privacy@pointslifeinternational.com. If you have questions or concerns about our handling of your personal information, you may contact our Privacy Officer at privacy@pointslifeinternational.com or file a complaint with the Office of the Privacy Commissioner of Canada.

22.3 Australian Residents

Under the Australian Privacy Principles (“APPs”), you may request access to or correction of your personal information. You may also lodge a complaint with our Privacy Officer if you believe we have breached the APPs. To do so, please contact us at privacy@pointslifeinternational.com.

23. Data Integrity and Accuracy

We strive to maintain accurate, complete, and up-to-date personal information. You can review and update the personal information in your account by logging into your account settings. If you believe that any personal information we hold about you is incorrect or incomplete, please contact us at privacy@pointslifeinternational.com so that we can make the necessary corrections.

24. Data Minimization and Purpose Limitation

We collect and process only the minimum amount of personal information necessary to achieve the purposes described in this Policy. We do not retain or use your personal information for purposes that are incompatible with those disclosed at the time of collection, unless you have provided additional consent or as required by law.

25. Sensitive Personal Information

Points Life does not intentionally collect Sensitive Personal Information as defined in Section 3, except in limited circumstances where required to comply with legal obligations (e.g., medical information for disability accommodations). If we need to collect any Sensitive Personal Information in the future, we will obtain your explicit consent prior to collection and processing.

26. Automated Decision-Making and Profiling

We may use automated means (e.g., algorithms, machine learning models) to analyze your browsing behavior, booking history, and loyalty program activity in order to:

• Recommend relevant travel offers and promotions.
• Assess the likelihood of travel disruptions and proactively offer alternatives.
• Detect patterns indicative of fraudulent or suspicious activity.

If you object to automated processing of your personal information that produces legal effects or similarly significant outcomes, please contact us at privacy@pointslifeinternational.com. We will review your request and, where required by law, provide an opportunity for you to request human intervention.

27. Third-Party Social Media Widgets

Our Services may include social media features (e.g., Facebook “Like” button, Twitter “Tweet” button) that allow you to interact with social network functionalities. These features may collect your IP address, log which page you visited on our Services, and set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policies of the companies that provide them.

28. Links to Other Websites

Our Services may contain links to third-party websites or services that are not owned or controlled by Points Life. This Policy does not apply to, and we are not responsible for, the privacy practices or content of those third parties. We encourage you to review the privacy policies of any sites you visit through a link on our Services.

29. Changes to This Privacy Policy

We reserve the right to modify or update this Privacy Policy at any time. Any changes will be effective as of the “Last Updated” date indicated at the top of this Policy. Where required by law, we will provide notice of material changes via email (sent to the address you provided) or by displaying a prominent notice on our Services prior to the changes taking effect. Your continued use of our Services after the effective date of any modified Policy constitutes your acceptance of the revised terms.

30. How to Exercise Your Rights or Submit Requests

To exercise any of your rights described in this Policy or submit inquiries, you may:

• Email us at: privacy@pointslifeinternational.com
• Call us at: +1 (212) 555-6789
• Write to us at:
  Points Life International
  Attn: Privacy Officer
  1234 Traveler’s Way, Suite 500
  New York, NY 10001

Please provide sufficient information to allow us to verify your identity and process your request. We will respond to verifiable requests in accordance with applicable laws and within the timeframes required by those laws.

31. No Guarantee of Absolute Security

While we implement industry-standard security measures to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security. You acknowledge and accept that you provide personal information to us at your own risk.

32. Severability

If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, that provision will be deemed severed from this Policy and the remaining provisions will continue in full force and effect.

33. Entire Agreement

This Privacy Policy, together with any terms and conditions, disclaimers, or other policies posted on our Services, constitutes the entire agreement between you and Points Life concerning our collection, use, disclosure, and protection of your personal information. It supersedes any prior or contemporaneous agreements, representations, or understandings regarding the subject matter herein.

Thank you for entrusting Points Life International with your travel and loyalty information. We value your privacy and strive to maintain the highest standards of data protection. Should you have any questions or concerns, please reach out to us at privacy@pointslifeinternational.com or +1 (212) 555-6789.