Privacy Policy

We collect information you provide directly, such as your name, email address, and payment details when you create an account or make a booking. We also collect usage data including search queries, pages visited, device information, and IP address to improve our services. When you write reviews or upload photos, that content is associated with your account. Location data is collected only with your explicit consent to provide nearby recommendations.

Your data powers personalized travel recommendations, booking confirmations, and account management. We use aggregated, anonymized data for analytics to improve property rankings and search relevance. Review content is displayed publicly under your chosen display name. We never sell your personal information to third parties. Payment information is tokenized via Stripe and never stored on our servers.

We share necessary booking details with hotels, airlines, and experience providers to fulfill your reservations. We work with trusted service providers for payment processing, email delivery, and analytics. We may disclose information when required by law or to protect the safety of our users. All third-party partners are bound by data processing agreements that meet GDPR standards.

All data is encrypted in transit via TLS 1.3 and at rest using AES-256. We employ multi-factor authentication, regular penetration testing, and SOC 2 Type II certified infrastructure. Access to personal data is restricted to authorized personnel on a need-to-know basis. We maintain a comprehensive incident response plan and will notify affected users within 72 hours of any confirmed breach.

Under GDPR, CCPA, and applicable privacy laws, you have the right to access, correct, or delete your personal data. You can export a complete copy of your data from Settings > Privacy > Data Export. You may request deletion of your account and all associated data at any time. We honor Do Not Track browser signals and provide granular cookie consent controls.

We send transactional emails for booking confirmations, receipts, and security alerts. Marketing communications are opt-in only and can be managed from your notification preferences. Push notifications require explicit device-level permission. You can unsubscribe from all non-essential communications at any time without affecting your account.

Active account data is retained for the lifetime of your account. Booking records are retained for 7 years for tax and legal compliance. Deleted account data is purged within 30 days, except where legal retention is required. Anonymous analytics data may be retained indefinitely. Review content may persist in anonymized form after account deletion.