1. Overview
TreksBuddy is an online travel platform that enables users to discover and book hotels, rental vehicles, and guided tour packages worldwide. We are committed to protecting your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) where applicable.
By accessing or using our platform, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree with these terms, please do not use our services.
2. Information We Collect
We collect the following categories of personal information:
2.1 Information You Provide Directly
- Account registration: Full name, email address, password (hashed), phone number, and profile photo.
- Booking details: Travel dates, number of guests, special requests, and payment information (processed securely via Stripe; we do not store full card numbers).
- Business registration: Business name, business address, registration documents, bank account details for payouts, and contact information.
- Reviews & communications: Content of reviews you submit, messages you send to us or to listing owners, and support requests.
- Identity verification: Where required, government-issued ID documents to verify your identity or business.
2.2 Information Collected Automatically
- Device & browser data: IP address, browser type and version, operating system, device identifiers, and screen resolution.
- Usage data: Pages visited, links clicked, search queries entered, time spent on pages, and referring URLs.
- Location data: Approximate location derived from IP address; precise location only if you grant permission in the mobile app.
- Log files: Server logs that record every HTTP request, including date/time, URL, status code, and bytes transferred.
2.3 Information from Third Parties
- Social sign-in: If you choose to sign in with Google or Facebook, we receive your public profile data (name, email, profile picture) from that provider.
- Payment processors: Stripe may share transaction status and fraud-detection signals with us.
- Analytics partners: Aggregated, anonymised data from analytics providers to help us understand usage trends.
3. How We Use Your Information
We use the information we collect for the following purposes:
Creating and managing your account, authenticating your identity, and personalising your experience.
Processing reservations, handling payments, issuing invoices, and managing cancellations or refunds.
Responding to inquiries, resolving disputes, and providing technical assistance.
Sending promotional emails, newsletters, and offers — only with your consent, which you can withdraw at any time.
Understanding how users interact with our platform, fixing bugs, and improving features.
Detecting fraud, enforcing our Terms of Service, and complying with legal obligations.
4. Legal Basis for Processing
Where GDPR or similar legislation applies, we rely on the following legal bases to process your personal data:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and authentication | Contract (Art. 6(1)(b)) |
| Processing bookings and payments | Contract (Art. 6(1)(b)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Fraud prevention and security | Legitimate Interests (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal Obligation (Art. 6(1)(c)) |
| Analytics and platform improvement | Legitimate Interests (Art. 6(1)(f)) |
5. Sharing Your Information
We do not sell your personal data. We may share your information with:
- Service providers and partners: Third-party vendors who help us operate the platform — including Stripe (payment processing), cloud hosting providers, email delivery services, and analytics tools. These parties are contractually bound to protect your data and use it only for the purposes we specify.
- Listing owners: When you make a booking, we share your name, contact details, and booking information with the hotel, vehicle rental operator, or tour guide necessary to fulfil your reservation.
- Legal authorities: When required by law, court order, or governmental authority, or where we believe disclosure is necessary to protect the rights, property, or safety of TreksBuddy, our users, or the public.
- Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
6. Cookies & Tracking Technologies
We use cookies and similar technologies (web beacons, local storage) to operate and improve our platform. Cookies are small text files stored on your device.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Authentication tokens, session management, security (CSRF) | Session / up to 30 days |
| Functional | Language preferences, currency selection, saved searches | Up to 1 year |
| Analytics | Usage statistics, page performance, error tracking (e.g. Google Analytics) | Up to 2 years |
| Marketing | Targeted advertising, remarketing (only with consent) | Up to 90 days |
You can manage or disable cookies through your browser settings. Note that disabling strictly necessary cookies may affect the functionality of our platform. You can also opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on .
7. Data Retention
We retain your personal data for as long as necessary to:
- Maintain your account and provide services you have requested.
- Comply with legal, tax, and accounting obligations (generally 7 years for financial records).
- Resolve disputes and enforce our agreements.
- Prevent fraud and improve safety.
When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law or legitimate business interest. Aggregated, anonymised data may be retained indefinitely for analytics purposes.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, please contact us at privacy@treksbuddy.com.
Request a copy of the personal data we hold about you.
Ask us to correct inaccurate or incomplete data.
Request deletion of your personal data ("right to be forgotten").
Ask us to restrict processing of your data in certain circumstances.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interests or for direct marketing.
Withdraw consent at any time where processing is based on consent.
Lodge a complaint with your local data protection authority.
We will respond to all requests within 30 days. In complex cases, this may be extended by a further two months, and we will inform you accordingly.
9. Children's Privacy
Our platform is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@treksbuddy.com and we will take steps to delete that information.
10. International Data Transfers
TreksBuddy operates globally. Your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your home country.
Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Transfers to countries recognised as providing adequate data protection.
- Binding Corporate Rules where applicable.
11. Security
We implement industry-standard technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, alteration, or disclosure. These measures include:
- TLS/HTTPS encryption for all data transmitted between your device and our servers.
- Passwords stored as irreversible cryptographic hashes (bcrypt).
- Payment data handled exclusively by PCI-DSS-compliant processors (Stripe).
- Role-based access controls limiting employee access to personal data.
- Regular security audits and vulnerability assessments.
- Automated monitoring and alerting for suspicious activity.
Despite these measures, no method of transmission over the internet is 100% secure. If you suspect your account has been compromised, please contact us immediately.
12. Third-Party Links
Our platform may contain links to third-party websites, services, or applications that are not operated by us. Once you leave our platform, this Privacy Policy no longer applies. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites. We encourage you to review the privacy policy of every site you visit.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Send a notification to the email address associated with your account.
- Display a prominent notice on our platform for at least 30 days.
Your continued use of our platform after any changes constitutes your acceptance of the revised Privacy Policy.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact our Data Protection team: