Privacy Policy

1. Introduction

Welcome to travelpa.ge ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our service.

2. Data Controller

The data controller responsible for your personal data is:
Mhd Emad Alden Almsouti
Emil-Kijewski-Str. 9
44229 Dortmund, Germany
Email: emad@almsouti.com

For any privacy-related questions, please contact us at the email address above.

3. Data We Collect

3.1 Information You Provide

• Account Information: Email address, name, username
• Profile Information: Bio, current location, traveler type, countries visited
• Social Links: URLs to your social media profiles
• Images: Profile picture and travel photos you upload
• Custom Links: Links you add to your profile

3.2 Automatically Collected Data

• Usage Data: Pages visited, features used, time spent on site
• Device Information: Browser type, operating system, IP address
• Cookies: We use cookies to remember your preferences (see Cookie Policy below)

4. How We Use Your Data

We use your personal data for the following purposes:

• Provide the Service: Create and display your travel profile
• Account Management: Manage your account and authentication
• Communication: Send important updates about the service
• Improvement: Analyze usage to improve our service
• Legal Compliance: Comply with legal obligations

5. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract: Processing necessary to provide the service you signed up for
• Consent: You have given explicit consent (e.g., for cookies)
• Legitimate Interest: Improving our service and preventing fraud
• Legal Obligation: Compliance with applicable laws

6. Third-Party Services

We use the following third-party services that may process your data:

6.1 Clerk (Authentication)

We use Clerk for user authentication. Clerk is GDPR compliant and processes your email and authentication data.Clerk Privacy Policy

6.2 Stripe (Payments)

We use Stripe for payment processing. Stripe is GDPR compliant and handles your payment information securely. We never store your credit card details.Stripe Privacy Policy

6.3 Amazon Web Services (Hosting & Storage)

We use AWS for hosting our website and storing data. All data is stored in EU regions (Frankfurt, Germany) to ensure GDPR compliance.AWS Privacy Policy

7. Data Retention

We retain your personal data for as long as your account is active. When you delete your account, we permanently delete all your data within 30 days, including:

• Profile information
• Uploaded images
• Custom links
• Subscription data

8. Your Rights (GDPR)

Under GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate data (edit your profile)
• Right to Erasure: Delete your account and all data
• Right to Data Portability: Export your data in JSON format
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at emad@almsouti.com or use the account settings in your profile.

9. Cookie Policy

We use only essential cookies that are necessary for the service to function. These cookies cannot be disabled as they are required for authentication and basic functionality.

Types of Cookies:

• Essential: Required for authentication and basic functionality (Clerk)

We do NOT use analytics, marketing, or functional cookies. Your theme preference (light/dark) follows your system settings and is not stored in cookies or localStorage.

Since we only use essential cookies that are technically necessary for the website to function, no cookie consent banner is required under GDPR.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption in transit (HTTPS)
• Secure authentication (Clerk)
• Regular security audits
• Access controls and monitoring

11. International Data Transfers

Your data may be transferred to and processed in countries outside the EU. We ensure appropriate safeguards are in place through:

• Standard Contractual Clauses with third-party processors
• GDPR-compliant service providers
• EU data residency where possible (AWS EU regions)

12. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

• Email: emad@almsouti.com
• Address: Emil-Kijewski-Str. 9, 44229 Dortmund, Germany
• Website: travelpa.ge

15. Supervisory Authority

If you are located in the EU and believe we have not addressed your concerns, you have the right to lodge a complaint with your local data protection authority.