1. Scope of this Policy

This Privacy Policy describes the privacy practices of Kula Software Systems, Inc., dba PonoRez (“PonoRez,” “we,” “us,” or “our”) in connection with the PonoRez system and related services.

The PonoRez system is used by tour companies, activity providers, attractions, transportation providers, charter operators, activity desks, resellers, agents, and similar in-destination experience businesses to manage bookings, availability, payments, customer communications, electronic waivers, reporting, APIs, and related business operations.

This Policy applies to information processed through the PonoRez system, including information provided by business customers, authorized users, guests, purchasers, agents, resellers, and other users who interact with PonoRez-powered booking or operational workflows.

This Policy does not replace any privacy policy, guest notice, waiver, cancellation policy, or legal disclosure that a business using PonoRez may be required to provide to its own customers, guests, employees, contractors, or users.

2. Privacy Roles and Responsibilities

PonoRez may process information in different roles depending on the context.

3. Information We Collect

Information from business customers and authorized users

We may collect information about businesses and their authorized users, including:

• business name, DBA, address, phone number, email address, website, tax or licensing information, and business contact details;
• administrator and staff user names, login credentials, roles, permissions, preferences, and activity logs;
• billing records, invoices, subscription records, transaction fee records, service selections, and support history;
• implementation details, configuration settings, inventory data, activity descriptions, schedules, rates, capacity, upgrade and surcharge settings, and reporting preferences;
• communications with PonoRez, including support tickets, emails, calls, chat records, training notes, and feedback.

Information about guests, purchasers, participants, and booking users

Depending on how a business configures and uses the PonoRez system, we may process information such as:

• names, email addresses, phone numbers, billing details, reservation numbers, ticket details, and purchase history;
• activity date, time, location, guest count, pickup or transportation information, special requests, notes, restrictions, and preferences;
• waiver responses, participant names, signatures, guardian information, checkboxes, acknowledgments, and date/time records;
• communications sent through email, SMS, chat, or other system tools;
• refund, cancellation, void, chargeback, payment, gift certificate, voucher, or balance due information;
• technical information associated with bookings and user sessions, such as IP address, browser, device, timestamps, referring page, and interaction logs.

Information collected automatically

When users access PonoRez websites, portals, booking forms, or system interfaces, we may collect log, device, browser, cookie, analytics, performance, error, security, and usage information to operate and secure the system.

4. How We Use Information

PonoRez uses information to provide, maintain, support, secure, and improve the PonoRez system and related services. This includes using information to:

• create and administer business customer accounts;
• process reservations, tickets, manifests, schedules, availability, and inventory;
• support payments, refunds, voids, balances due, reporting, and transaction reconciliation;
• send confirmations, reminders, updates, operational notices, waiver links, and other communications configured by the business customer;
• collect and store electronic waivers and acknowledgments when enabled by the business customer;
• provide customer support, training, implementation, troubleshooting, and account administration;
• monitor system availability, performance, security, user activity, and error logs;
• protect against fraud, abuse, unauthorized access, security incidents, and policy violations;
• comply with legal obligations, contracts, tax, accounting, audit, payment, and regulatory requirements;
• improve features, workflows, usability, integrations, reports, automation, and system reliability.

5. Customer and Guest Data

Business customers retain responsibility for the personal information they collect from their own guests, purchasers, participants, staff, agents, resellers, and other users through the PonoRez system.

PonoRez processes this information to provide the system and services, including reservation management, availability, reporting, guest communications, manifest creation, waiver workflows, API integrations, and related operational functions.

PonoRez does not use guest data to sell competing tours, market unrelated services directly to a business customer’s guests, or take ownership of a business customer’s customer list.

PonoRez may use aggregated or de-identified information for analytics, benchmarking, security, system performance, product improvement, and business planning, provided that such information does not reasonably identify an individual guest or disclose a business customer’s confidential data.

6. Payments and Transaction Data

PonoRez may support payment-related workflows, including sale, authorization, capture, balance due, refund, void, cancellation, chargeback, voucher, gift certificate, and reconciliation functions.

Payment card and transaction information may be processed by third-party payment processors, gateways, merchant service providers, banks, card networks, point-of-sale providers, fraud prevention providers, or other payment-related service providers. Those providers may have their own privacy, security, and compliance obligations.

PonoRez does not require business customers to disclose more payment information than is needed to process, reconcile, support, or document the applicable transaction workflow. Payment-related data may be retained as necessary for accounting, audit, chargeback, tax, reporting, compliance, and legal purposes.

7. Email, SMS, Chat, and Communications

PonoRez may provide communication tools that allow business customers to send or receive email, SMS/text messages, chat messages, chatbot responses, operational notices, confirmations, reminders, waiver requests, cancellation updates, and marketing-related messages.

When a business customer uses these tools, PonoRez may process message content, recipient information, sender information, timestamps, delivery status, opt-out status, template information, and related communication logs.

Business customers are responsible for ensuring that their communications comply with applicable laws and platform rules, including obtaining any required consent, honoring opt-outs, avoiding spam or deceptive messages, and maintaining accurate message content.

8. Electronic Waivers and Sensitive Information

PonoRez may provide tools for electronic waivers, releases, acknowledgments, participant forms, checkboxes, signatures, guardian approvals, and related records. These tools may collect information that a business customer chooses to request, including participant identity, emergency information, health or safety acknowledgments, physical ability statements, age or guardian details, or other activity-specific information.

Business customers are responsible for deciding what information to collect in a waiver or participant form and for ensuring that the content, legal sufficiency, retention, and use of those forms comply with applicable law.

PonoRez processes waiver and participant information to present, collect, store, retrieve, and manage the applicable waiver workflow at the instruction of the business customer.

9. Cookies, Analytics, and Tracking

PonoRez websites, portals, booking forms, and related pages may use cookies, pixels, scripts, local storage, log files, analytics tools, or similar technologies.

These technologies may be used to:

• keep users logged in and maintain secure sessions;
• remember preferences or booking form progress;
• measure performance, errors, traffic, conversion, and feature usage;
• support fraud prevention, abuse detection, security, and auditing;
• allow business customers to use approved analytics or advertising integrations, where configured.

Business customers are responsible for providing any cookie notices, consent tools, opt-out mechanisms, or tracking disclosures required for their own websites and booking workflows.

10. How We Share Information

PonoRez may share information only as reasonably necessary for the purposes described in this Policy, including with:

• the business customer responsible for the booking, activity, waiver, or transaction;
• authorized users, staff, agents, resellers, desks, vendors, or platform users configured by the business customer;
• payment processors, gateways, merchant service providers, banks, fraud prevention providers, and card networks;
• email, SMS, chat, phone, hosting, cloud infrastructure, analytics, security, customer support, backup, and software service providers;
• API partners, OTA partners, resellers, agents, or integration providers when enabled by the business customer or required to fulfill a booking workflow;
• professional advisors, auditors, insurers, legal counsel, accountants, and consultants;
• government authorities, law enforcement, courts, regulators, or other parties when required by law, subpoena, legal process, or to protect rights, safety, and security;
• successors or assigns in connection with a merger, acquisition, reorganization, financing, sale of assets, or similar business transaction.

PonoRez does not sell business customer guest lists as a standalone product.

11. Data Retention, Export, and Deletion

PonoRez retains information for as long as reasonably necessary to provide the system and services, maintain business records, support customer operations, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud, maintain security, and support accounting, tax, audit, backup, and reporting requirements.

Retention periods may vary depending on the data type, business customer configuration, legal requirements, transaction history, backup cycles, and operational needs.

Business customers may request export, correction, deletion, or purge of certain data, subject to system functionality, applicable law, contractual obligations, backup retention, financial recordkeeping, security requirements, and other legitimate business needs.

When available and appropriate, PonoRez may provide tools or support for privacy compliance requests, including sensitive-data purge workflows.

12. Security

PonoRez uses administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, and disclosure. These safeguards may include access controls, user permissions, encryption, monitoring, backups, vulnerability scanning, auditing, and other security practices.

No system, website, transmission, or storage method is completely secure. Business customers are responsible for maintaining strong passwords, limiting user access, assigning appropriate permissions, protecting credentials, monitoring account activity, and promptly notifying PonoRez of suspected unauthorized access or security incidents.

13. Privacy Rights and Requests

Depending on applicable law and location, individuals may have rights to request access, correction, deletion, restriction, portability, objection, or information about certain personal information.

If PonoRez processes your information on behalf of a business customer, PonoRez may refer your request to that business customer or require confirmation from the business customer before taking action. This is because the business customer typically determines why the information was collected and how it is used.

If you are a guest, purchaser, participant, or customer of a business using PonoRez, please contact that business first regarding activity policies, booking data, waivers, refunds, cancellations, communications, or privacy requests involving that business.

To contact PonoRez about a privacy request, use the contact information in Section 19.

14. Business Customer Responsibilities

Business customers using PonoRez are responsible for their own legal compliance and guest-facing disclosures. This includes responsibility for:

• publishing and maintaining their own privacy policy and terms, where required;
• providing accurate activity descriptions, prices, restrictions, cancellation policies, waivers, safety notices, and guest communications;
• obtaining required consent for data collection, waivers, SMS/texting, email marketing, cookies, analytics, and advertising tools;
• configuring user permissions, access levels, vendors, agents, resellers, and platform sharing appropriately;
• responding to guest requests regarding bookings, refunds, cancellations, communications, waivers, and privacy rights;
• using PonoRez only in compliance with applicable law and the PonoRez Terms of Service.

15. Children and Minors

PonoRez is a business software system and is not directed to children. However, business customers may collect information about minors when needed for bookings, participation, safety, waivers, guardian approvals, or activity operations.

Business customers are responsible for determining when parental or guardian consent is required and for ensuring that any minor-related information is collected and used appropriately.

16. International Users and Transfers

PonoRez may process and store information in the United States or other locations where PonoRez or its service providers operate. If information is transferred across borders, privacy and data protection laws may differ from those in the country where the information was originally collected.

Where required, PonoRez will use appropriate measures designed to protect transferred information in accordance with applicable law and contractual obligations.

17. Third-Party Services and Links

The PonoRez system may contain links to or integrate with third-party websites, payment providers, gateways, communication platforms, analytics services, email providers, SMS providers, OTAs, resellers, API partners, social networks, maps, and other external services.

PonoRez is not responsible for the privacy, security, or data practices of third parties. Business customers and users should review the privacy policies and terms of any third-party services they choose to use.

18. Changes to this Policy

PonoRez may update this Privacy Policy from time to time to reflect changes in the system, services, business practices, legal requirements, or privacy expectations.

When changes are made, PonoRez may update the effective date and post the revised version. Continued use of the PonoRez system after the updated Policy becomes effective means the updated Policy applies to future use.

19. Contact Us

For privacy-related questions or requests, contact PonoRez:

PonoRez
Kula Software Systems, Inc., dba PonoRez
Website: https://www.ponorez.com/
Support Email: support@ponorez.com
Phone: 1 (800) 750-9055

If your request concerns a specific booking, waiver, refund, cancellation, or tour/activity provider, please contact the business that accepted your reservation first.