Privacy policy

Who we are

Junat.com is an independent travel interface for train, airport, and flight information. For privacy questions, data requests, content questions, or advertising enquiries, contact us at hello@junat.com.

The studio operating the service is Creatua (Design and Software Studio), Insinöörinkatu 4, 00880 Helsinki, Finland. When this policy says “we”, “us”, or “Junat.com”, it refers to the Junat.com service and the people operating it.

Information you give us

When you use travel search, you may enter origin, destination, stations, airports, dates, times, trip type, cabin, passenger count, and related preferences. We use that information to return relevant journeys and offers.

When you continue to checkout, we may collect passenger names, title, gender, date of birth, contact email, phone number, selected itinerary, fare details, baggage details, checkout identifiers, provider offer identifiers, payment status, and booking/order references.

If you contact us directly, we process the contact details and message content you provide so we can respond.

Information from travel providers

Train timetable and station information can come from public railway data sources such as Fintraffic/Digitraffic. Airport schedules and operational information can come from airport data providers such as Finavia.

Flight search, flight checkout, payment preparation, and order creation can involve Duffel, airlines, airline technology providers, card networks, and payment processors. Train checkout or ticket services, where available, can involve rail operators, payment processors, and ticketing partners.

Live travel data can change quickly. Airlines, rail operators, airports, and their systems remain responsible for their own schedules, fare rules, operational notices, and ticket conditions.

Payments and bookings

For public flight booking, Junat.com is designed to collect passenger details, create a provider-backed checkout, create a payment intent, present a secure card payment component, confirm payment, and then create the travel order with the provider.

Payment card entry is handled inside the payment provider component. Junat.com may receive payment intent IDs, client status, order IDs, totals, currency, payment result, and error messages needed to complete the booking and support the user.

Booking a flight or train may require sharing passenger and contact details with airlines, rail operators, ticketing providers, payment processors, fraud prevention services, and other parties necessary to issue, change, support, or refund the booking.

How we use information

We use personal data to provide travel search, show live results, create checkout records, process bookings, send booking-related information, prevent abuse, diagnose errors, improve reliability, and answer support requests.

We may use aggregated or de-identified data to understand product performance, route demand, loading speed, error rates, and which features need improvement.

We do not sell passenger booking details. Advertising and analytics partners may process limited technical, cookie, or usage data depending on the visitor settings and applicable consent requirements.

Cookies, local storage, analytics, and ads

Junat.com may use cookies, local storage, session storage, and similar technologies for essential site operation, recent search restoration, selected offer continuity, language preferences, analytics, advertising measurement, and fraud or security checks.

For example, a recent flight search or selected offer may be stored in the browser so returning from results to the search form feels fast and does not require retyping. This browser storage is not intended for full card details or secret credentials.

We use or may use Google Analytics to understand how visitors use the site, Google Tag Manager to manage measurement and site tags, Google AdSense or Google advertising products to show and measure ads, and Vercel Analytics to understand product performance and page reliability.

Google and other advertising partners may place or read cookies, use web beacons, use IP addresses, receive device and browser information, measure ad performance, limit repeated ads, detect abuse, and, where permitted and consented to, personalize ads based on visits to this and other sites.

In the EEA, UK, and Switzerland, advertising and analytics cookies or similar storage should be used with the consent choices required by applicable law and Google policy. You can also control cookies through your browser settings and Google advertising controls.

Service providers

We use trusted infrastructure, travel, payment, analytics, advertising, and content providers to operate the service. These can include Supabase for backend functions and records, Vercel for hosting and analytics, Duffel for flight search and booking, travel data providers for schedules, Google services for analytics or ads, Sanity for content, and relevant airline, rail, airport, ticketing, and payment partners.

The technical stack may process IP address, device and browser information, page URL, referrer, coarse location derived from network data, event timing, error information, cookie identifiers, consent state, search parameters, checkout identifiers, and provider responses when that data is needed for hosting, security, analytics, advertising, support, or booking.

These providers process information under their own terms and privacy policies where they act independently, or under our instructions where they act as processors. We share only what is reasonably needed for the service being used.

Legal basis

We process data to perform a contract or take steps before a contract when you search, create a checkout, pay, or book travel. We process data for legitimate interests when we keep the service secure, prevent abuse, troubleshoot failures, improve performance, and respond to operational issues.

Where required, we rely on consent for optional cookies, marketing, analytics, or advertising technologies. We may also process data to comply with legal obligations, accounting rules, dispute handling, fraud prevention, or requests from competent authorities.

Retention

We keep search, checkout, booking, payment status, support, and technical records only for as long as needed for the service, customer support, fraud prevention, accounting, legal compliance, dispute handling, and product reliability.

Unfinished checkout records may be kept for a shorter operational period. Confirmed booking and payment records may be kept longer because travel, tax, accounting, chargeback, and support obligations can continue after travel.

Browser storage such as recent searches can usually be cleared by the user in the browser or expire with the browser session depending on the storage type.

International transfers

Some providers may process information outside Finland, the European Union, or the European Economic Area. When that happens, we expect providers to use appropriate safeguards such as adequacy decisions, standard contractual clauses, contractual controls, and security measures appropriate to the service.

Your rights

Depending on your location and the applicable law, you may have the right to request access, correction, deletion, restriction, portability, objection to processing, or withdrawal of consent where processing is based on consent.

You can contact us at hello@junat.com to make a privacy request. We may need to verify your identity and understand the booking, checkout, or message involved before we can act on the request.

If you are in the EU or EEA, you may also have the right to contact your local data protection authority.

Security and limits

We use server-side provider integrations, encrypted transport where available, access controls, and scoped service flows to reduce unnecessary exposure of personal data. No online service can guarantee absolute security.

Please keep booking references, passenger details, payment confirmations, and account or email access secure. If you believe your data has been exposed through Junat.com, contact us promptly at hello@junat.com.

Children and passenger data

Travel bookings may include children or minors as passengers. Passenger data for minors should only be provided by a parent, guardian, or authorised person making the booking. Airlines and rail operators may apply their own rules for minors travelling alone.

Changes to this policy

We may update this policy as Junat.com adds features, providers, countries, or booking flows. The latest version will be published on this page with an updated date.