PRIVACY POLICY
TRAVELMANIAC LLC
Introduction
This Privacy Policy explains how TravelManiac LLC ("TravelManiac", "we", "us", "our") collects, uses, stores, shares, and protects personal data when you use our website, mobile apps, and related services ("Platform"). We comply with GDPR and other applicable privacy laws.
Data Controller
TravelManiac LLC is the data controller for personal data collected through the Platform.
Categories of Data We Collect
We may collect: Identity data (name, gender, date of birth), Contact data (email, phone, address), Travel data (booking details, preferences, passport info), Payment data (payment method, billing address, transaction IDs - full card details processed only by Stripe), Technical data (IP address, device type, browser type), Cookies and analytics data, Support interactions, Marketing preferences, Fraud indicators.
How We Collect Data
Information you provide directly, data from your bookings, data from cookies and analytics tools, data provided by TBO and other Service Providers, payment data from Stripe, communication tools such as live chat.
Purposes of Processing
We process data for: facilitating bookings and fulfilling contracts, payment processing, customer support, sending booking confirmations and service notifications, fraud detection and security, analytics and service improvement, marketing communications (with consent), legal compliance and dispute resolution.
Legal Bases for Processing
We rely on: performance of contract, legitimate interests (fraud prevention, improvement, security), consent (marketing, non-essential cookies), legal obligations.
Sharing of Data
We may share personal data with: Service Providers fulfilling your booking, TBO API partners, Stripe (payment processing), Hosting providers, Analytics providers (e.g., Google Analytics), Chat tools (e.g., tawk.to), Cloudflare and security systems, Advertising partners (if consented), Legal authorities when required.
International Transfers
Data may be transferred outside your country. We use appropriate safeguards such as Standard Contractual Clauses.
Retention
We retain personal data only as long as necessary for: booking fulfillment, accounting and legal obligations, fraud prevention, customer support. Typical retention is 2-7 years depending on the data category.
Marketing Communications
We send marketing communications only with your consent. You may unsubscribe at any time via email links or by contacting us.
Data Subject Rights
You have the right to: access your data, correct inaccuracies, request deletion, restrict processing, portability, object to processing, withdraw consent. Requests can be submitted to info@travelmaniac.org.
Automated Decision-Making
Fraud detection and risk scoring may involve automated systems. You may request human review.
Security
We use technical and organizational measures including encryption, access controls, monitoring, secure servers, and Stripe's PCI-DSS compliant infrastructure.
Children's Data
We do not knowingly collect data from children under 16 without parental consent.
Links to Third-Party Sites
We are not responsible for the privacy practices of third-party websites.
Changes to This Policy
We may update this Privacy Policy at any time. Continued use of the Platform indicates acceptance.
Contact Details
For privacy inquiries: info@travelmaniac.org