Privacy policy.

This policy is published by Frontier Travel Camp, Inc., a Florida corporation doing business as Frontier Travel Club (“we,” “us,” “our”). FL Seller of Travel registration ST38752. Our headquarters and records are kept at 1145 99th St., Bay Harbor Islands, FL 33154.

We collect information in three buckets:

• Identity & contact — your name, addresses, phone numbers, email, date of birth, citizenship, and emergency contacts. From travelers and the parents/guardians filling out applications on their behalf.
• Travel records — trip selection, payment status, application notes, references (when provided), trip photos, packing checklists, and per-trip flight and hotel assignments.
• Medical & health data (PHI) — primary diagnosis, medications, allergies, dietary needs, mobility and self-care notes, and travel documents (passport, visa, travel insurance, immunization records). This bucket is handled under HIPAA — see below.

We also collect basic technical data (IP address, browser type, pages visited) to operate the website and detect abuse. We do not sell this information.

We use the information you provide to:

• Review applications and decide whether a trip is a good fit.
• Coordinate logistics — flights, hotels, ground transport, rooming, dietary accommodations, and accessibility support.
• Communicate with you and your designated guardian about payments, schedule changes, and on-trip updates.
• Process deposits and balances through our payment processor.
• In an emergency, share medical information with on-trip staff and treating providers as needed for your safety.
• Improve our trips and operations — for example, by reviewing what worked and what didn’t after a trip.

Medication, medical history, and travel-document records are treated as Protected Health Information (PHI). Specifically:

• Only Frontier Travel Club staff with a legitimate trip-coordination need can access your medical record.
• Every staff read of your medical record is recorded in an append-only audit log.
• Medical records are stored in encrypted databases under a Business Associate Agreement (BAA) with our cloud provider.
• We do not share PHI with marketing partners, advertisers, or analytics services. Ever.

• You — full access to your own profile, application, medical form, and trip data.
• Parents / legal guardians — when you grant guardian access (or a guardian creates the account on your behalf), they have shared access to the same records.
• Frontier staff — roster, itinerary, flight, hotel, and (with audit log) medical records for travelers on a trip they are coordinating.
• Frontier admin — same as staff plus content and configuration of the site itself.
• Other travelers — see only what you choose to share in trip group features (gallery posts, group check-ins). They never see PHI, addresses, or contact info.

We share specific data with the third parties below, only as needed to operate the service. None of them sell your data, and we’ve required appropriate confidentiality terms in our contracts with them.

• Amazon Web Services — hosting, encrypted database storage, signed-URL file storage, email delivery. Covered by a HIPAA Business Associate Agreement.
• Stripe — payment processing for deposits, balances, and shop purchases. Stripe collects your card details directly through their PCI-compliant checkout — we never see your full card number.
• Google & Apple (push and app distribution) — when you use the mobile app, the device platform receives metadata required for crash reporting and notifications.
• Aviation data partners — anonymized flight numbers and dates to surface live status during a trip.

• Data is encrypted in transit (TLS) and at rest.
• Travel documents and trip photos live in private cloud storage; access is granted only via short-lived signed URLs.
• Authentication uses industry-standard token rotation. Admin and staff accounts use multi-factor authentication.
• We limit staff access to what they need for the trips they’re coordinating, and review access regularly.

You can request a copy of your data, correct inaccuracies, or ask us to delete your account. To make a request, email privacy@frontiertravelclub.com from the address on file. We’ll respond within 30 days.

Account deletion is also available directly inside the mobile app under Profile → Privacy & support → Delete account. Some trip-related records may be retained beyond your deletion for safety, accounting, and legal compliance reasons (typically up to 7 years for tax and regulatory records).

California, EU/UK, and other-jurisdiction residents may have additional rights under their local laws (CCPA, GDPR/UK GDPR, etc.) including the right to opt out of certain processing. Email us at the address above to exercise these rights.

Some travelers are under 18; the application is typically completed by a parent or legal guardian. We do not knowingly collect data from a child under 13 without verifiable parental consent. If you believe we have collected such data in error, email privacy@frontiertravelclub.com and we will delete it.

The website uses a small set of cookies and similar technologies — strictly necessary cookies for sign-in and checkout, plus a privacy-respecting consent banner that lets you opt out of any non-essential analytics. We do not use advertising cookies or sell your behavior to third parties.

We’ll update this page when our practices change and bump the “Last updated” date at the top. Material changes will also be communicated by email to the address on your account.

Questions about this policy or how your data is handled — or to exercise any of the rights above — please email privacy@frontiertravelclub.com. For everything else, the Contact page has phone, email, and office hours.