What destinations does Pixie Dust CRM support?

Pixie Dust CRM is built for agents specializing in Disney World, Disneyland, Universal Studios, and cruise lines including Disney Cruise Line, Royal Caribbean, and Carnival.

Do my clients need to pay anything?

No. Your clients download the mobile app for free and access their trips, itineraries, messages, and documents at no cost. Only you as the agent pay the monthly subscription.

Can I import my existing client data?

Yes. Pixie Dust CRM includes a Google Sheets import tool that lets you paste a spreadsheet URL, map columns to fields, and import your clients and bookings in bulk with duplicate detection.

Is there a contract or commitment?

No contracts. Your subscription is month-to-month and you can cancel anytime from your account settings. Your 30-day free trial lets you explore everything before you're charged — no credit card required.

What platforms is the app available on?

Pixie Dust CRM is available on web, iOS (App Store), and Android (Google Play). Agents can manage their full CRM from any device.

Yes. Pixie Dust CRM is built on Google Firebase with enterprise-grade security. All data is encrypted in transit and at rest. Your client data is isolated to your account and never shared.

Privacy Policy | Pixie Dust CRM

Introduction

Pixie Dust CRM ("we," "us," or "our") is a customer relationship management platform designed for independent travel advisors and travel agencies. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application, mobile applications, and related services (collectively, the "Service").

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

Information We Collect

Information You Provide

Account information: name, email address, password, phone number, business name, and professional details when you create an account.
Client data: travel advisors may enter client names, contact details, travel preferences, booking information, and related records into the Service.
Payment information: billing details are processed entirely by Stripe. We do not store any credit card data on our servers. Card authorization form data is encrypted end-to-end by Evervault and transmitted directly to the processor — no card data is stored on our infrastructure at any point.
Communications: messages exchanged through our in-app messaging system, emails sent via the platform, and SMS messages.
Documents and files: itineraries, contracts, invoices, and other documents uploaded to the Service.

Information Collected Automatically

Device information: browser type, operating system, device identifiers, and screen resolution.
Usage data: pages visited, features used, actions taken, and timestamps.
IP address: collected for security, fraud prevention, and to satisfy legal requirements for electronic signatures and card authorizations.
Push notification tokens: device tokens used to deliver push notifications when enabled.

How We Use Your Information

Provide, maintain, and improve the Service.
Process transactions and send related information, including confirmations and invoices.
Facilitate communication between travel advisors and their clients.
Send administrative notifications such as security alerts, support messages, and service updates.
Enforce our Terms of Use and protect against fraudulent or unauthorized activity.
Comply with legal obligations and respond to lawful requests from public authorities.

How We Share Your Information

We do not sell your personal information. We share data only in the following circumstances:

Service providers: we use third-party services to operate the platform, including Firebase (authentication and database), Stripe (payments), Resend (email delivery), Twilio (SMS), and Evervault (card data encryption). These providers access data only as needed to perform their services and are bound by their own privacy policies.
Travel advisor ↔ client relationship: client data entered by a travel advisor is accessible to that advisor (and their agency, if applicable). Clients who create an account can view their own booking and trip information.
Agency members: if a travel advisor belongs to an agency, certain data may be shared with agency administrators as configured by agency settings.
Legal requirements: we may disclose information if required by law, regulation, legal process, or governmental request.

Data Security

We implement industry-standard security measures to protect your data, including:

Encryption in transit (TLS/HTTPS) and at rest for all stored data.
End-to-end encryption for card authorization data via Evervault — card numbers, CVVs, and expiration dates are never stored on our servers. Data is encrypted client-side and transmitted directly to the processor.
Two-factor authentication (TOTP) required for sensitive operations such as viewing card authorization details.
Ownership-scoped database rules ensuring users can only access their own data.
Automatic expiration of card authorizations after 48 hours.
Audit logging for sensitive data access events.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements, or complying with legal obligations).

SMS Communications

Our platform enables travel advisors to send transactional SMS messages to their clients regarding bookings, payments, trip updates, and related travel services.

Opt-in: Clients opt in to receive SMS messages through an explicit in-app prompt when they first log in to the Pixie Dust CRM client app. The opt-in dialog clearly describes the types of messages that will be sent and provides a link to our SMS Privacy Policy. Clients may also enable or disable SMS at any time through their app Settings. Opt-in is completely voluntary and is not required to use the app or receive travel agent services.

SMS Privacy Policy displayed in-app — SMS Privacy Policy shown alongside opt-in

Opt-out: You can opt out at any time by replying STOP to any message, toggling off SMS in your app Settings, or emailing jeff@pixiedustcrm.dev. After opting out, you will receive one confirmation message and no further SMS messages.

Message frequency: Varies based on trip activity, typically 1–10 messages per month. Message and data rates may apply.

No marketing messages: All SMS messages are transactional. We do not send promotional or advertising messages via SMS.

Data sharing: We do not sell, rent, or share your phone number or SMS opt-in data with third parties for marketing purposes. SMS opt-in data and consent are not shared with any third parties. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

Help: Reply HELP to any message for assistance, or contact us at jeff@pixiedustcrm.dev.

For complete details on SMS data handling, consent, opt-out procedures, and data retention, please see our SMS Privacy Policy.

Cookies and Local Storage

The Service uses cookies and browser local storage for authentication, session management, and user preferences. We do not use third-party advertising cookies or cross-site tracking. Essential cookies are required for the Service to function and cannot be disabled.

Your Rights

Depending on your jurisdiction, you may have the right to:

Access the personal information we hold about you.
Correct inaccurate or incomplete information.
Delete your account and associated data.
Export your data in a portable format.
Opt out of non-essential communications.
Withdraw consent where processing is based on consent.

To exercise any of these rights, contact us at jeff@pixiedustcrm.dev. We will respond within 30 days.

Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately and we will delete it.

Third-Party Links

The Service may contain links to third-party websites or services that are not operated by us. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party services you access.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at jeff@pixiedustcrm.dev.