Privacy Statement
Last Updated: 01-01-2026
Pudding App Inc d/b/a Best, ("we" or "us") values you as our customer and recognizes that privacy is important to all of us. This Privacy Statement explains how we collect, use, and disclose personal data when you use our platform and associated services, your rights in determining what we do with the data that we collect or hold about you and tells you how to contact us.
Table of Contents
- Categories of Personal Data and Why We Collect and Use it
- Sharing of Personal Data
- Joint Use of Personal Data
- Our Use of AI
- Your Rights and Choices
- International Data Transfer
- Data Privacy Frameworks
- Global Cross Border Privacy Rules System Participation
- Security
- Minors
- Record Retention
- Contact Us
- Updates to Privacy Statement
- Cookie Statement
Collection and Use of Your Personal Data
In this section, you will find information about:
- the types of personal data that we collect and use,
- how we collect and use it,
- the purposes for which we collect and use it, and
- the lawful basis we rely on to collect and use it.
Lawful bases for processing:
In the table below, you will find the lawful bases we rely on to collect and use your personal data. In summary, whenever we collect or use your personal data, that collection or use must be based on one of the following criteria:
- Consent: this means you have given your consent for us to do so (e.g., sending you marketing communications where consent is required).
- Legal obligation: this means we have a legal obligation to collect personal data from you or use it for a specific purpose (e.g. using your transaction history to complete our financial and tax obligations under the law).
- Performance of a contract: this means the personal data is necessary to perform a contract with you (e.g., manage your booking, process payments, or create an account at your request in accordance with our Terms and Conditions for bookings, or providing you with the relevant loyalty benefits in accordance with the Terms and Conditions of the relevant loyalty program you are a member of).
Legitimate interest: this means the processing is in our legitimate interests and those interests are not overridden by your rights (as explained below):
Certain countries and regions allow us to process personal data on the basis of legitimate interests. If we collect and use your personal data in reliance on our legitimate interests (or the legitimate interests of any third party), this interest will typically be to operate or improve our platform and communicate with you as necessary to provide our services to you, for security verification purposes when you contact us, to respond to your queries, to undertake marketing, or for the purpose of detecting or preventing illegal activities. Whatever our determination of our specific legitimate interest is for a given use of your personal data; when we assess its appropriateness, we will always assess it against the potential impact on your rights. While the concept of legitimate interest only exists in certain countries and regions, we balance our usage of your personal data against your rights globally.
Categories of Personal Data and Why We Collect and Use it
We collect and use personal data for the following purposes:
Platform Usage and Booking Purposes – including to:
- Facilitate your booking, verify your identity, and for travel insurance purposes.
- Book the requested travel (such as flights, cars, cruises, activities, and hotels) or enable vacation property booking.
- Provide services related to the booking and/or account.
- Provide travel related services on our (or third party) platforms (such as building trip itineraries).
- Create, maintain, and update user accounts on our platform,
- Build and enrich your profile
- Authenticate you as a user, including sending you a one-time passcode by email or SMS as part of our multi-factor authentication process, when such security measures are necessary.
- To enable you to sign up and log-in to your account using your social media or email login credentials (e.g. your Gmail login) should you choose this method.
- Maintain your search, travel, purchasing, and booking history, accommodation and travel preferences, and similar information about your use of the Best platform and services, and as otherwise described in this Privacy Statement.
- Enable and facilitate acceptance and processing of payments, coupons, and other transactions (for example, we collect your payment details for our various payment models - such as "Pay Now" or "Pay Later" models - in order to hold a reservation, secure a booking, enable a travel partner to check the validity of your bank card, expedite the check-out process, or deal with any cancellation or no-show fee, charge, payment or refund that applies as described in more detail in our Terms of Service).
- Collect and enable booking-related reviews during and after your booking to rate the experience you had with our partners (as described in more detail in our Terms of Service and Content Guidelines, where applicable).
- Help you to use our services faster and more easily through features such as the ability to sign in to your account.
Communications and Customer Service Purposes – including to:
- Respond to your questions, claims and requests for information.
- Process your information choices and other right requests.
- Enable communication between you and travel suppliers (such as hotels and vacation property owners).
- Enable communication between you and our customer services (including our AI assistant and virtual agent).
- Contact you (e.g. by text message, email, phone calls, mail, push notifications, in-app notifications, or messages on other communication platforms, such as WhatsApp) to provide information such as travel booking confirmations and updates, service notifications, emergency notifications, reviews, surveys, or for other purposes as described in this Privacy Statement.
Marketing and Advertising Purposes – including to:
- Contact you (such as by text message, email, phone calls, mail, in-app messaging, push notifications, or messages on other communication platforms such as WhatsApp) for marketing purposes.
- Analyze information such as browsing and/or purchase history and use the result to optimize advertising and marketing in accordance with your interests and preferences.
- Provide discounts or member prices based on information such as your loyalty membership, search and browsing histories, geo-location, interests and preferences.
- Measure and analyze the effectiveness of our marketing and promotions.
- Administer promotions like contests, sweepstakes, and similar giveaways.
- Deliver targeted advertising and advertising based on your profile and identifiers (e.g. user ID, device advertising ID, email address, phone number). Our Cookie Statement further explains how we use cookies and similar tracking technology.
Loyalty Purposes – including to:
- Administer loyalty and rewards programs where applicable (such as enabling you to earn or burn rewards with your bookings, allocating you a loyalty tier level, unlocking the loyalty benefits you are entitled to).
- Calculate the value of your rewards and your overall loyalty balance and manage it.
- Determine your loyalty currency.
Market Research, Analytics, and Training Purposes to improve our Services – including to:
- Conduct surveys, market research, and data analytics.
- Maintain, improve, research, and measure the effectiveness of our sites and apps, activities, tools, and services.
- Monitor or record calls, chats, and other communications with our customer service team and other representatives, as well as platform communications between or among partners and travelers for quality control, training, dispute resolution, and as described in this Privacy Statement.
- Create aggregated or otherwise anonymized or deidentified data, which we may use and disclose without restriction where permissible.
Security and Compliance Purposes – including to:
- Promote security, verify the identity of our customers, prevent and investigate fraud and unauthorized activities, defend against claims and other liabilities, and manage other risks.
- Comply with applicable laws (for example, complying with tax, audit, accounting and other legal obligations, complying with laws requiring us to share personal data with tax authorities and other government bodies, laws requiring us to suspend fraudulent accounts, moderate or remove illegal content and violations),
- Respond to data requests from:
- consumer organizations and other legal representatives authorized by our travelers to request data on their behalf,
- law enforcement, courts, governments, public bodies, other legal authorities, and other requests that are part of a legal process (e.g. court order, subpoena, warrant) or when we are of the view that there is a legitimate interest to do so, to defend ourselves, to protect our rights and interests and those of our travelers and partners (e.g. request from authorities for health and safety reasons, or request from travelers' banks or chargeback purposes).
- Comply with applicable security and anti-terrorism, anti-bribery, customs and immigration, and other due diligence laws and requirements.
We collect and use the following categories of personal data for the following purposes:
| Personal Data Category | Purposes for collection / use | Sources of Personal Data | Lawful basis (where applicable) |
|---|---|---|---|
| Government issued identification data – including passport, driver's license, government redress numbers, country of residence, tax identification number (for property owners) |
|
|
|
| Identification data – including first name, surname, username, email address, telephone number, as well as home, business, and billing addresses (including street and postal code) |
|
|
|
| Payment data - including payment card number, expiration date, billing address, financial / bank account number |
|
|
|
| Travel related preferences - including favorite destination and accommodation types, special dietary and accessibility needs, as available |
|
|
|
| Loyalty data – including loyalty program membership (for us and/or third-party loyalty programs), loyalty points balance, points earnt and used, loyalty status |
|
|
|
| Geolocation data – including inferred location from IP address, country selected to use our website, and exact, real-time location (with your consent) |
|
|
|
| Images, videos and recordings – including videos, images, facial photographs you upload or that we pull from social media accounts that you connect to your profile with us (e.g. when you create an account using social media sign-in) |
|
|
|
| Communications with us – including emails, chat transcripts with our Virtual Agent and AI assistant (e.g., messages, voice notes), and recordings of calls with customer service representatives |
|
|
|
| Site interaction data - including searches you conduct, transactions, saved travel preferences and other interactions via text or voice with you on our platform (including interactions you may have with our AI Agents and AI filters), online services and apps |
|
|
|
| Feedback data – including any feedback you provide us on our platform, services, and apps (e.g., reviews, surveys, market research participation) |
|
|
|
| Device data – including device type, unique device identification numbers, operating system, mobile carrier, and how your device has interacted with our online services, including the pages accessed, links clicked, trips viewed, and features used, along with associated dates and times |
|
|
|
| Friends, connections and co-traveler data - including data you give us about other people, such as your travel companions, or others for whom you are making a booking, or with whom you are (i) planning a trip, and/or inviting to join a trip board, (ii) having a conversation within or outside our platform (e.g. our AI Agent travel assistant, where available), and friends you refer to us. |
|
|
|
| Child data – including name and contact details of minor travelers provided by you as the parent/guardian of the minor as part of a trip reservation |
|
|
|
| Clickstream data - In certain instances, we may use clickstream data to render an illustration of your usage of our site. Clickstream data is the collection of a sequence of events that represent visitor's actions on a website. We may reconstruct your site journey modeled on the timing and location of your actions, and include data from different devices, distinct site visits, and visits to our other platforms. |
|
|
|
| Birthdate and gender - including both your specific date of birth or an approximate age bracket you fall within, along with your gender. |
|
|
|
| Voice data – may be recorded in interactions with our Customer Services Teams. |
|
|
|
| Sensitive data – data that could reveal sensitive information, including your racial or ethnic origin, religious or philosophical beliefs, sexual orientation, or health or disability information. In limited circumstances, such as if you request a cancelation out of policy, we may ask you to provide substantiating evidence to the supplier to validate the cancelation. We will only use your sensitive personal data for the purposes for which it was collected. |
|
|
|
*Third-party data providers. We may also collect personal data from third parties who collect and compile personal data and have a lawful basis under data protection law to share it with us. These third parties' source personal data from multiple sources, including directly from consumers, from public records, and from other businesses.
Sharing of Personal Data
We share your personal data with the categories of third parties set out in the below table. Although some of these third parties process your data on our behalf as our processor, others will process your personal data as a controller (either jointly with us or autonomously) rather than as our processor. See here(Third Party Data Sharing-Controllers and Joint Controllers) for more information on such circumstances and parties.
| Recipient of Personal Data | Purpose Category |
|---|---|
| Third-party service providers. We share personal data with third parties to assist with the delivery of services to you and the operation of our business. These third-party service providers are primarily independently responsible for their compliance with applicable data protection laws. They are required to properly protect personal data we share with them, and they may not use any identifiable personal data other than to provide the agreed services. For example, they are not allowed to use the personal data we share to target you with their own direct marketing (unless you have separately permitted them to do so). |
|
| Travel suppliers. We share personal data (including travel preferences, contact and payment details, booking IDs, relevant reviews, etc.) with travel-related suppliers such as hotels, airlines, car-rental companies, insurance, vacation-rental property owners and managers, travel governing bodies, and where available, activity providers, rail, or cruise lines who fulfill your booking. If you reach out to us with an inquiry about your booking, we may contact the travel supplier to assist us with your request. Depending on the payment model used for your booking, we may need to forward your payment details to the travel supplier to secure your booking, facilitate check-in, and/or for payment processing (see our Terms of Service for more information about the various payment options we may use). Please note that travel suppliers may contact you to obtain additional personal data if and as required to facilitate your booking or to otherwise provide the travel or associated services. They are independently responsible for their compliance with applicable data protection laws, and you should refer to the relevant travel supplier's privacy statement for more information about how they process your personal data for more information. |
|
| Business partners and offers. If we promote a program or offer a service or product in conjunction with a third-party business partner, we will share your personal data with that partner to assist in marketing or to provide the associated product or service. In most of those cases, the program or offer will include the name of the third-party business partner, either solely or with ours, or you will be redirected to the website of that business with notice. |
|
| Targeted Advertising partners. We may disclose your personal data to our third-party marketing partners for targeted advertising. This may be considered to be "sharing" of data under California law. Subject to certain limitations, some US residents have the right to opt out of having personal data shared for this purpose. For more information, see the Your Rights and Choices section below. You should note that by opting out of these types of disclosures, you may limit our ability to customize your experience with content that may be of interest to you or to provide you with a better travel experience. View our Cookie Statement for more information on our use of tracking technologies for the purposes of targeted advertising. |
|
Use of Artificial Intelligence
We use artificial intelligence (AI) and machine learning (ML) for various purposes to deliver our platform and associated services. We may use your personal data for the following purposes:
| Category | Explanation | Examples |
|---|---|---|
| Pricing | To help us set competitive prices for your travel options. | Pricing, price insights and alerts, including direct price setting and/or margin adjustments |
| Fraud | To help detect fraud on our website and/or applications. | To keep our site safe by preventing and detecting fraud e.g. at a transaction level, listing level or user level, and including any breach of our terms and conditions or other fraudulent activities |
| Feature generation | To better understand our travelers and improve how our services work for you. | To enrich other applications such as embeddings |
| Auto moderation | To review content and ensure what appears in our systems meets our quality and safety standards. |
|
| Chatbot | To allow you to chat with our virtual assistant through text conversations to provide you with help and answers to your questions. |
|
| Insurance | To provide and offer travel insurance options to you. | For insurance transactions, including all types of insured products that we offer |
| Search engine optimization | To make our travel offerings more visible online; helping you find us more easily when searching for travel options. | To optimize our positioning or redirect travelers to our websites |
| Content generation | To create helpful travel information, such as translating content into different languages and summarizing text. |
|
| Search and ranking | To help organize travel options in a way that makes it easier for you to find what you are looking for. | To determine the sort order you see on our site |
| Recommendations | To suggest travel options and activities that we think you might enjoy based on your preferences. | To personalize your search on our site, suggest relevant personalized filters, pre-populate search criteria and provide destinations, property, restaurant or activity or other recommendations based on data such as your profile, preferences, interactions, anticipated and unexpected real-time local events, weather forecast, flight delays or cancellations |
| Security governance | To support our security systems and corporate governance, including helping to keep your personal data secure. | To provide security governance |
| Productivity | To improve productivity and efficiency so we can provide you with better service. |
|
| Anomaly detection | To help spot unusual patterns that help us prevent problems. |
|
| Images | To enhance images, organize them better, and show you clearer images. | To focus on improving/ categorizing/ displaying images more effectively |
| Other | We may use AI/ML in various other ways that are not captured by the above categories, to improve your overall experience with us and our services. | To enhance your user experience |
Automated decisions may be made by putting your personal data into a system and the decision is calculated using automatic processes.
We will rely on our legitimate interest to keep our site safe and to enhance your user experience. We will not engage in automated decision-making that involves a decision with legal or similarly significant effects solely based on automated processing of personal data, unless:
- you explicitly consented to the processing,
- the processing is necessary for entering into a contract, or for its performance, or
- when otherwise authorized by applicable law.
You may have rights in relation to automated decision making, including:
- the ability to request a manual decision-making process instead, or
- contest a decision based solely on automated processing.
If you want to know more about your data protection rights, please see the Your Rights and Choices section below.
Your Rights and Choices
You have certain rights and choices with respect to your personal data, as described below:
- If you have an account with us, you may change your communication preferences by either (1) logging in and updating the information in your account or (2) contacting us via the Contact Us section below.
- You can control our use of non-essential cookies by following the guidance in our Cookie Statement.
- You can access, amend, inquire about deletion of, or update the accuracy of, your personal data at any time by either logging into your account or contacting us via the Contact Us section below.
- If you no longer wish to receive marketing and promotional emails, you may unsubscribe by clicking the 'unsubscribe' link in the marketing email. Please note that if you choose to unsubscribe from or opt out of marketing emails, we may still send you important transactional and account-related messages from which you will not be able to unsubscribe.
- For our mobile apps, you can view and manage notifications and preferences in the settings menus of the app and of your operating system.
Certain countries and regions provide their residents with additional rights relating to personal data. These additional rights vary by country and region and may include the ability to:
- Request a copy of your personal data
- Request information about the purpose of the processing activities
- Delete your personal data
- Object to our use or disclosure of your personal data
- Restrict the processing of your personal data
- Opt out of the sale of your personal data
- Port your personal data
- Request information about the logic involved in our automated decision-making, or the result of such decisions
- Object to the use of fully automated decision making, including profiling, with significant legal effect, and request a manual decision-making process instead
- Contest a decision based solely on automated processing.
For questions about privacy, your rights and choices, and in order for you or (where applicable) your authorized agent to make a request to amend or update your personal data, or to inquire about deletion of your data, please contact us via the Contact Us section below.
In addition to the above rights, you may have the right to complain to a data protection authority about our collection and use of your personal data. However, we encourage you to contact us first so we can do our best to resolve your concern. You may submit your request to us using the information via the Contact Us section below.
We respond to all requests we receive from individuals wanting to exercise their personal data protection rights in accordance with applicable data protection laws. Should you have the right under applicable law to appeal a decision we have made to not take action on your request, instructions on how to make that appeal will be included in our response to you.
International Data Transfer
The personal data we process may be accessed from, processed or transferred to countries other than the country in which you reside. Those countries may have data protection laws that are different from the laws of your country. Such cross-border transfer of your personal data is necessary for us to service your transaction with us, and for the other purposes outlined in this Privacy Statement.
The servers for our platform are located in the United States, and the Best and third-party service providers operate in many countries around the world. When we collect your personal data, we may process it in any of those countries. Our employees may access your personal data from various countries around the world. The transferees of your personal data may also be located in countries other than the country in which you reside.
We have taken appropriate steps and put safeguards in place to help ensure that any access, processing and/or transfer of your personal data remains protected in accordance with this Privacy Statement and in compliance with applicable data protection law. Such measures provide your personal data with a standard of protection that is at least comparable to that under the equivalent local law in your country, no matter where your data is accessed from, processed and/or transferred to. We will comply with obligations regarding personal data cross-border transfer in accordance with application data protection laws, regulations, and conditions set by the competent authorities. This may include fulfilling obligations such as security assessments and/or certifications and signing agreements with overseas recipients in accordance with the standard contract established by the competent authorities.
Security
We want you to feel confident about using our platform and all associated tools and services, and we are committed to taking appropriate steps to protect the personal data we collect. While no company can guarantee absolute security, we do take reasonable steps to implement appropriate physical, technical, and organizational measures to protect the personal data that we collect and process.
Our cybersecurity team develops and deploys technical security controls and measures to ensure responsible personal data collection, storage, and sharing that is proportionate to the personal data's level of confidentiality or sensitivity. We take efforts to continuously implement and update security measures to protect your personal data from unauthorized access, loss, destruction, or alteration. We hold our data-handling partners to equally high standards.
We have also implemented appropriate security measures throughout the entire lifecycle of data collection, storage, processing, use, transmission, and sharing, and have taken certain technical and management measures including but not limited to verification and access controls, SSL encrypted transmission, and multi-factor authentication mechanisms, based on our information classification and processing standards, to ensure the security of systems and services.
Minors
Our website and mobile application are not directed at minors (as defined in applicable data protection laws) and we cannot distinguish the age of persons who access and use these. If a minor has provided us with personal data without parental or guardian consent, the parent or guardian should contact us using the information in the Contact Us section below. If we become aware that personal data has been collected from a minor without parental or guardian consent, we will terminate the minor's account, where that minor has an account with us.
The limited circumstances we might need to collect the personal data of minors include as part of a reservation, the purchase of other travel-related services, or in other exceptional circumstances (such as features addressed to families). When processing personal data of minors, we strictly adhere to the principles of legality, necessity, clear purpose, openness, transparency, and security, and we take strict measures to protect such data.
If you have any questions or concerns regarding our protection of minors' personal data, or if you (in your capacity as the parent or guardian of the minor) wish to delete or correct the personal data of minors, please contact us via the Contact Us section below.
Record Retention
We will retain your personal data in accordance with all applicable laws, for as long as it may be relevant to fulfill the purposes set forth in this Privacy Statement, unless a longer retention period is required or permitted by law. We will deidentify, aggregate, or otherwise anonymize your personal data if we intend to use it for analytical purposes or trend analysis over longer periods of time.
When we delete your personal data, we use industry standard methods to ensure that any recovery or retrieval of your personal data is impossible. We may keep residual copies of your personal data in backup systems to protect our systems from malicious loss. This personal data is inaccessible unless restored, and all unnecessary personal data will be deleted upon restoration.
The criteria we use to determine our retention periods include:
- Whether we have a legal obligation related to your personal data, such as laws requiring us to keep records of your transactions with us
- Whether there are any current and relevant legal obligations affecting how long we will keep your personal data, including contractual obligations, litigation holds, statutes of limitations, and regulatory investigations
- Whether your personal data is needed for secure backups of our systems
Contact Us
If you have any questions or concerns about our use of your personal data, or wish to inquire about our personal data handling practices, and exercise your rights to access, correct or inquire about deletion of personal data, please contact us via email [email protected]
Updates to Statement
We may make changes to this Statement by updating it at any time for various reasons, including:
- to improve them and make them clearer or easier to understand,
- to comply with legal, regulatory, and/or tax requirements,
- where we make changes to our services or how we run our business, and/or
- for security-related reasons.
You can see when this Privacy Statement was last updated by checking the "last updated" date displayed at the top of this Privacy Statement.