ROVE MILES PRIVACY POLICY

1.1 Purpose of this Policy

This Policy describes the data collection and privacy practices that apply when you interact with Rove Miles in any manner, including visiting our website, using our mobile applications, booking travel services, or participating in our rewards program.

1.2 Platform & Services

This Policy applies only to the Rove platform and related services that we control and operate. It does not apply to any third-party services, partner platforms, or external websites that may be linked within Rove Miles.

1.3 Acceptance of this Policy

By using our platform or creating an account with Rove, you expressly acknowledge and agree to the practices described in this Policy. If you do not consent to these practices, do not use our platform.

2.1 Account & Personal Information

When you register or use Rove Miles, we may collect:

• Full name
• Title
• Email
• Date of birth
• Password
• Phone number
• Country of residence
• IP address
• Invite code or source of referral (if applicable)
• Home airport (if applicable)
• Destinations (if applicable)

2.2 Travel & Preferences Data

To enhance your travel bookings and rewards experience, we collect:

• Wishlist items (e.g., saved flights, destinations)
• Search history and booking intentions (e.g., previously viewed travel routes)

2.3 Third-Party Integrations & Linked Accounts

If you choose to link or integrate third-party services with your Rove account, we may collect:

• OAuth or login credentials from providers such as Google, Apple, or other social logins
• Airline loyalty program numbers and status levels where applicable
• Other partner rewards program account details

2.4 Online Purchase Data (Rove Shopping)

When you use the Rove Shopping, we may collect and receive data about your qualifying online purchases from participating merchants as part of our affiliate agreements. This may include information such as merchant name, purchase amount, purchase details, date of transaction, and details necessary to track and credit Rove Miles earned through your purchases. Third-party providers of affiliate deals, such as affiliate networks, may also be required to collect this data.

Note: Data collected from third-party integrations is subject to both this Policy and the privacy terms of the third-party service. We encourage you to review those policies as well.

2.5 Transaction Data from Third Parties (Card-Linked Offers)

We may collect information about you from third parties. This information may include Transaction Data from third parties. We may use third parties such as Fidel Ltd and payment card networks (such as Visa, Mastercard and American Express) to monitor relevant card transactions at participating merchants, related to your participation in the Rove Shopping program. We may use this data to provide and calculate rewards, present offers, and track refunds, returns. By enrolling or registering your card(s) in connection with the loyalty program, you authorize the monitoring and sharing of your transaction data for purposes described. You may at any time opt-out and remove your card from transaction monitoring. You may at any time unlink your enrolled card.

2.6 Online Activity Data via Third‑Party Pixels, Tags, and SDKs

We use third‑party pixels, tags, and software development kits (collectively, "Pixels", such as the Meta Pixel and similar tools) to collect information about how you interact with our website and apps. The data collected may include:

• Identifiers & device data: cookie IDs, Pixel IDs, advertising IDs, IP address, user agent, referrer URL, page locations/URLs, and timestamps.
• Interaction data: pages viewed, links or buttons clicked, scrolls, and events such as sign‑ups, purchases, and form submissions.

4.1 No Sale of Personal Data

We do not sell your personal data to third parties for monetary or other valuable consideration.

4.2 Service Providers & Partners

We may share your data with:

• Partner travel providers to facilitate flight, hotel, or travel bookings and redemptions.
• Third-party service providers who assist with our operations (e.g., payment processors, fraud detection services, data analytics).
• Partner rewards programs or other providers involved in the accrual of miles on your account.

4.3 Mobile Information

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

4.4 Legal Compliance & Protection

We may disclose personal data if required by law or in good-faith belief that such action is necessary to:

• Comply with legal obligations or respond to lawful requests from public authorities.
• Protect our rights, privacy, safety, or property, and that of our users or the public.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, user data may be transferred to the acquiring entity. We will strive to ensure the acquiring entity upholds privacy practices that are consistent with this Policy.

5.1 Use of Cookies

We utilize cookies, web beacons, and similar technologies to:

• Enable essential site features and maintain session data (e.g., user login).
• Analyze site traffic and usage patterns to improve our platform.
• Personalize marketing and promotional content based on user interests.

We also use tracking pixels and tags provided by third parties, such as advertising networks and social media platforms, which may collect or receive information from our website and other online properties and use that information to provide measurement services and targeted ads.

5.2 Managing Cookies

You can manage your cookie preferences through your browser settings. Disabling certain cookies may impact the functionality or availability of some platform features.

5.3 Analytics & Advertising

We may partner with analytics providers and advertising networks that use tracking technologies to collect information about your online activities over time. These third parties may have their own privacy policies governing their use of such information.

5.4 Pixels

In addition to analytics and advertising cookies, we use third-party tracking pixels (for example, Meta Pixel, Google Ads Pixel, and similar technologies) that may transmit limited information about your interactions with the Rove Miles platform to the respective third-party providers. These pixels allow us to measure ad performance, understand user behavior, and deliver relevant marketing. The third parties operating these pixels may combine this information with other data they hold about you and use it in accordance with their own privacy practices. This data sharing may occur independently of your use of Rove Miles services. Where required by law, we obtain consent before enabling these pixels, and you may disable cookies or tracking through your browser settings at any time.

7.1 Security Measures

We implement industry-standard security measures designed to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, firewalls, and secure server hosting.

7.2 User Responsibility

You are responsible for maintaining the confidentiality of your account credentials and taking appropriate steps to protect against unauthorized access to your devices or accounts.

7.3 No Liability for Third-Party Breaches

While we strive to safeguard your information, no security system is foolproof. We are not responsible for data breaches or unauthorized activities that occur on third-party systems outside of our control.

8.1 Retention Period

We retain personal data for as long as it is necessary to:

• Fulfill the purposes outlined in this Policy.
• Provide our services and ensure the functionality of the Rove Miles platform.
• Comply with legal obligations (e.g., tax, accounting, auditing).

8.2 Deletion Requests

If you wish to delete your account or request that we no longer use your data, please contact us as described in Section 11. We may retain certain data for legitimate business purposes or as required by law.

9.1 Applicable Laws

We comply with applicable U.S. data protection and privacy laws, including relevant provisions of the California Consumer Privacy Act (CCPA), if and to the extent it applies to Rove Miles.

9.2 CCPA Rights (If Applicable)

If you are a California resident, you may have additional rights under the CCPA, such as the right to know and the right to request deletion of certain personal data. We provide these rights consistent with the legal requirements. For more information, please contact us as described below.

10.1 Right to Modify

We may update or modify this Policy at any time to reflect changes in our practices or applicable laws. If we make any material changes, we will notify you by email (if you have provided one) or through a prominent notice on our website.

10.2 Acceptance of Changes

By continuing to use our platform after any revised Policy has been posted, you accept and agree to the updated terms.

11.1 Privacy Inquiries & Requests

If you have questions about this Policy, wish to exercise any of your privacy rights, or have concerns about our data practices, please contact us using the information below:

• Email: support@rovemiles.com
• Mail: Rove Card Inc, Attn: Legal Department, 250 Greenwich St, 39th Floor, New York, NY 10007

11.2 Response Time

We will respond to legitimate requests and inquiries within a reasonable timeframe, typically within 30 days or as otherwise required by applicable law.