Merchant of Record & Security

For all subscription plan purchases (Soul Seeker, Pathfinder, Voyager, Luminary), the Merchant of Record is TravelOne Technologies Inc., incorporated under the Canada Business Corporations Act, Toronto, Ontario, Canada.

For travel service bookings, itinerary packages, and concierge services, the Merchant of Record is TravelOne Global Travel Services LLC, registered in Virginia, United States of America.

All charges to your payment method will appear as "TRAVELONE TECHNOLOGIES" or "TRAVELONE GLOBAL" on your bank or credit card statement, depending on the nature of the transaction.

TravelOne uses Stripe, Inc. as its primary payment processor. Stripe is a PCI DSS Level 1 certified payment service provider — the highest level of certification available in the payments industry.

TravelOne does not store your full credit card number, CVV, or bank account details on our servers. All sensitive payment data is tokenised and stored securely by Stripe. TravelOne only retains a payment token and the last four digits of your card for reference purposes.

We accept Visa, Mastercard, American Express, and Discover credit and debit cards. We also accept payment via Apple Pay, Google Pay, and bank transfers for Enterprise plans.

All payment transactions are encrypted using TLS 1.3 in transit. Stripe's infrastructure is independently audited and certified under SOC 1 Type II, SOC 2 Type II, and ISO 27001 standards.

Paid plans are billed on an annual basis unless otherwise specified. Your subscription renews automatically on the anniversary of your purchase date unless you cancel before the renewal date.

You will receive an email reminder 14 days before your subscription renews, with the renewal amount and date clearly stated. You can cancel auto-renewal at any time from your DNA Dashboard under Account Settings.

If a payment fails, we will retry the charge up to three times over a 7-day period. If the charge continues to fail, your account will be downgraded to the free Soul Seeker plan. Your DNA profile and report data are retained for 90 days, during which you can reactivate your paid plan by updating your payment method.

TravelOne employs multiple layers of fraud detection and prevention, including Stripe Radar for real-time fraud scoring, velocity checks on new accounts, and manual review of high-risk transactions.

If we detect unusual activity on your account, we may temporarily suspend payment processing and contact you to verify your identity. This is done to protect you and other users of the platform.

If you believe your payment details have been compromised, contact us immediately at security@traveloneglobal.com or call +1 (703) 200-3901. We will work with Stripe to investigate and, where necessary, issue a new payment token.

Our refund policy is detailed in the Refund & Cancellation Policy. In summary: DNA Report plans are refundable within 7 days of purchase if no itinerary services have been consumed. Travel service bookings are subject to the cancellation policies of the relevant suppliers.

If you initiate a chargeback with your bank or credit card provider without first contacting TravelOne, we reserve the right to suspend your account pending investigation. We encourage you to contact us first — we resolve the vast majority of disputes quickly and fairly.

To request a refund, email billing@traveloneglobal.com with your order reference number and the reason for your request. Refunds are processed within 5-10 business days to the original payment method.

All data transmitted between your browser and TravelOne's servers is encrypted using TLS 1.3. Our servers are hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLA.

We conduct regular penetration testing and security audits by independent third-party security firms. Any vulnerabilities identified are remediated within defined SLAs based on severity.

TravelOne maintains a responsible disclosure programme. If you discover a security vulnerability, please report it to security@traveloneglobal.com. We will acknowledge your report within 48 hours and keep you informed of our remediation progress.

TravelOne is PCI DSS compliant. Because we use Stripe as our payment processor and do not store raw card data, we qualify as a SAQ A merchant — the simplest PCI DSS compliance level, indicating that all cardholder data functions are outsourced to a PCI DSS validated third-party service provider.

Our annual PCI DSS self-assessment questionnaire (SAQ A) is completed and on file. Copies are available to Enterprise clients on request under NDA.