Privacy Policy

Last Updated: March 5, 2026

Lucidia Solutions, LLC ("Lucidia," "we," "our," or "us") operates Room Genie, a software-as-a-service platform that monitors Walt Disney World resort hotel room availability and pricing (the "Services"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access or use our website, applications, and Services.

By creating an account or otherwise using the Services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Information We Collect

a. Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Date of birth (used solely for age verification; you must be 18 or older)
  • Password (stored in hashed form; we never store or have access to your plaintext password)
  • Whether you are a travel professional (optional self-designation)

b. Alert and Travel Preference Data

When you create monitoring alerts, we collect:

  • Selected Walt Disney World resorts and room types
  • Check-in and check-out dates
  • Party composition (number of adults, number of children, children's ages)
  • Alert type preferences (availability monitoring, price-drop monitoring)
  • Package preferences (ticket type, dining plan, add-ons)
  • Price thresholds and notification preferences
  • Optional notes you add to alerts

c. Notification Contact Information

To deliver alerts, we may collect:

  • Email address (required for email notifications)
  • Phone number (optional; required only if you opt in to SMS notifications)
  • Your explicit consent to receive SMS messages, if applicable

d. Payment and Billing Information

We use Stripe, Inc. as our third-party payment processor. When you purchase a subscription or credit, Stripe collects your payment method details (e.g., credit card number, billing address) directly. We do not store your full payment card information on our servers. We receive and store:

  • Your Stripe customer identifier
  • Subscription status, plan type, and billing period dates
  • Credit purchase and expiration records
  • Invoice and transaction metadata

e. Automatically Collected Information

When you use the Services, we automatically collect:

  • IP address
  • Browser type and version (user-agent string)
  • Device type and operating system
  • Pages viewed, access times, and referring URLs
  • Authentication session data (stored in cookies necessary for the Services to function)

f. Consent Records

When you accept our Terms & Conditions or this Privacy Policy, we create an immutable audit record that includes your IP address, user-agent string, the exact consent text you agreed to, and a timestamp. These records are maintained for legal compliance and cannot be modified or deleted.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and operate the Services — including monitoring Walt Disney World resort availability and pricing on your behalf, evaluating your alert conditions, and delivering notifications when conditions are met.
  • Process payments — managing subscriptions, credits, and billing through our payment processor.
  • Send transactional communications — alert notifications, account confirmations, password resets, security alerts, and billing-related messages.
  • Maintain and improve the Services — analyzing usage patterns, diagnosing technical issues, and developing new features.
  • Enforce our agreements — including our Terms of Service and this Privacy Policy.
  • Comply with legal obligations — responding to lawful requests and protecting our legal rights.

We do not use your information for targeted advertising, and we do not sell your personal information to third parties.

3. Automated Processing

The Services use automated systems to periodically check Walt Disney World resort availability and pricing on your behalf. When your alert conditions are met (e.g., a room becomes available or drops below your price threshold), the system automatically sends you a notification via your chosen method (email and/or SMS). One-time alerts are automatically deactivated after a successful notification is sent.

No automated decisions are made that produce legal effects or similarly significant effects on you. You retain full control over creating, modifying, and deleting your alerts at any time.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only in the following limited circumstances:

a. Service Providers

We use third-party service providers to operate the Services. These providers process your information only on our behalf and in accordance with our instructions:

  • Supabase, Inc. — database hosting and user authentication
  • Stripe, Inc. — payment processing and subscription management
  • Twilio, Inc. — SMS message delivery (only if you opt in to SMS notifications)
  • Twilio SendGrid — email delivery
  • Vercel, Inc. — application hosting and content delivery
  • Axiom, Inc. — application monitoring and error tracking (event data only; no full personal data)

b. Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a lawful request.

c. Business Transfers

If Lucidia Solutions, LLC is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

5. SMS Communications & TCPA Consent

If you choose to receive SMS alert notifications, you must provide and verify your phone number through a one-time verification code and provide explicit consent to receive text messages from us.

  • SMS messages are sent solely to deliver the alert notifications you configure. We do not send marketing messages via SMS.
  • Message frequency depends on the number and frequency of alerts you create.
  • Message and data rates may apply, depending on your mobile carrier and plan.
  • You may revoke SMS consent at any time by removing your phone number in your account settings. Removal takes effect immediately.
  • We will never share your phone number with third parties for their marketing purposes.

6. Cookies & Similar Technologies

We use cookies that are strictly necessary for the operation of the Services, specifically for authentication and session management. These cookies allow you to remain signed in and are required for the Services to function.

We also use Google Analytics 4 (GA4) to collect anonymous usage data about how visitors interact with our marketing website. GA4 sets cookies (including _ga and _ga_*) to distinguish unique visitors and track session information. GA4 also derives your approximate geographic location (country, region, city) from your IP address; however, Google anonymizes your IP address and we do not have access to it. This data helps us understand which pages and features are most useful, measure the effectiveness of our content, and improve the overall experience. GA4 data is aggregated and does not identify you personally.

Google's use of analytics data is governed by the Google Privacy Policy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

We do not use cookies for advertising, behavioral tracking, or cross-site profiling. We do not deploy third-party advertising cookies or tracking pixels.

You may configure your browser to reject cookies, but doing so will prevent you from using the Services, as authentication requires session cookies.

7. Data Retention

We retain your information as follows:

  • Account data — retained for as long as your account is active. Upon account deletion, your personal data and all associated records (alerts, check results, notifications) are permanently deleted.
  • Alert credits — one-time alert credits expire one (1) year from the date of purchase.
  • Consent records — retained indefinitely as required for legal compliance and audit purposes, even after account deletion.
  • Payment records — retained as required by applicable tax and financial reporting laws (typically up to seven years).
  • Aggregated or de-identified data — may be retained indefinitely for analytics and service improvement, provided it cannot reasonably be used to identify you.

8. Data Security

We implement reasonable administrative, technical, and organizational safeguards to protect your personal information, including:

  • Encryption of data in transit (TLS/HTTPS)
  • Encryption of data at rest in our database
  • Row-level security policies that restrict data access to authorized users
  • Hashed password storage (we never store plaintext passwords)
  • Rate limiting on authentication and sensitive endpoints
  • Separate service-role credentials for administrative database operations

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security, and you use the Services at your own risk.

9. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

All Users

  • Access and update — you can view and edit your profile information, email, phone number, and notification preferences in your account settings at any time.
  • Delete your account — you may request deletion of your account and all associated data by contacting us. Deletion is permanent and cannot be undone.
  • Withdraw SMS consent — remove your phone number from your account settings to immediately stop SMS notifications.
  • Manage alerts — create, edit, pause, or delete your monitoring alerts at any time.

California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

  • Right to know — you may request the categories and specific pieces of personal information we have collected about you.
  • Right to delete — you may request that we delete your personal information, subject to certain exceptions.
  • Right to correct — you may request correction of inaccurate personal information.
  • Right to opt out of sale/sharing — we do not sell or share your personal information for cross-context behavioral advertising, so this right does not apply.
  • Non-discrimination — we will not discriminate against you for exercising your privacy rights.

To exercise these rights, contact us at support@lucidia.travel. We will verify your identity before fulfilling your request.

European Economic Area, UK, and Switzerland (GDPR/UK GDPR)

If you are located in the EEA, UK, or Switzerland, you may have additional rights including:

  • Right of access — obtain a copy of your personal data.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure — request deletion of your data under certain circumstances.
  • Right to restrict processing — request limitation of processing under certain circumstances.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

Our legal bases for processing are: (a) performance of a contract (providing the Services you signed up for), (b) legitimate interests (improving and securing the Services), and (c) consent (SMS notifications). You may lodge a complaint with your local data protection authority.

10. International Data Transfers

The Services are operated from the United States. If you access the Services from outside the United States, your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Services, you consent to the transfer of your information to the United States.

Where required by applicable law, we rely on appropriate safeguards for international data transfers, including standard contractual clauses or your explicit consent.

11. Children's Privacy

The Services are not directed to individuals under the age of 18, and you must be at least 18 years old to create an account. We do not knowingly collect personal information from children under 13.

As part of the travel planning features, you may provide the ages of children in your travel party when configuring alerts. This information is used solely to check room occupancy and pricing accuracy and is not used for any other purpose.

If you believe we have inadvertently collected personal information from a child under 13, please contact us at support@lucidia.travel, and we will promptly delete it.

12. Third-Party Links & Services

The Services may contain links to third-party websites or services, including Walt Disney World resort pages. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you visit.

Room Genie is not affiliated with, endorsed by, or sponsored by The Walt Disney Company or any of its subsidiaries or affiliates.

13. Service Discontinuation

If we permanently discontinue the Services, we will provide at least thirty (30) days' advance notice via the email address associated with your account. During this notice period, you may export or save any information you wish to retain. After the discontinuation date, all user data will be permanently deleted, except as required by law (e.g., financial records, consent logs).

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and, where required, notify you by email or through a prominent notice within the Services. Your continued use of the Services after any changes constitutes your acceptance of the updated Privacy Policy.

We encourage you to periodically review this page for the latest information on our privacy practices.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Lucidia Solutions, LLC
Email: support@lucidia.travel

We will respond to all privacy-related inquiries within thirty (30) days, or within the time required by applicable law, whichever is shorter.