Privacy Policy
Last updated: 11/07/2026
Data controller
LonelyTrip is the data controller. Contact: privacy@lonelytrip.app.
Data we collect
- Account data: name, email, profile preferences.
- Booking & payment data: experience details, amounts, payment metadata (no full card numbers — handled by our payment provider).
- Messages exchanged between travelers, mentors and agencies.
- Technical data: IP, device, language, basic analytics.
Why we process it (legal bases)
- Performance of contract — to provide bookings, messaging, payouts.
- Legitimate interest — service security, fraud prevention, product improvement.
- Legal obligation — accounting, tax, AML where applicable.
- Consent — optional marketing communications and non-essential cookies.
Sub-processors
We rely on trusted providers including Supabase (hosting/database), Stripe (payments), and our email infrastructure provider. They process data on our behalf under DPAs.
Retention
We keep personal data only as long as needed for the purposes above, then delete or anonymize it. Transactional records may be retained for legal periods (typically 10 years for accounting).
International transfers
Where data is transferred outside the EEA, we rely on Standard Contractual Clauses or equivalent safeguards.
Your rights (GDPR)
You can access, rectify, delete, restrict, port your data and object to processing. Write to privacy@lonelytrip.app. You may also lodge a complaint with your local Data Protection Authority.
Marketing emails
Every marketing email includes an unsubscribe link. Transactional emails (booking, payment, account) are sent on the basis of contract performance.