Privacy Policy

Last Updated: January 11, 2025

1. Introduction

Welcome to Tourlu. We are committed to protecting your privacy and handling your personal information with care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Business Information:

• Business Name: Tourlu
• Location: Ottawa, Ontario, Canada
• Contact: hi@tourlu.com

2. Information We Collect

We collect information that you provide directly to us and information that is automatically collected when you use our service.

Information You Provide

• Account Information: Name, email address, password (hashed), profile image/avatar
• Tour Data: Tour itineraries, stops, preferences, custom instructions, check-ins
• Payment Information: Billing address, payment method (processed securely through Stripe)
• Communication: Email communications, support requests

Information Automatically Collected

• Usage Data: Token usage, AI operations, feature usage, tour generation history
• Technical Data: IP address, browser type, device information, session data
• OAuth Data: Google account linking information (when using Google sign-in)

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our service
• Process transactions and manage token packages
• Send you service-related communications (verification emails, password resets, package expiration notices)
• Respond to your inquiries and provide customer support
• Monitor and analyze usage patterns to improve our service
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal information based on:

• Consent: When you create an account and agree to this policy
• Contract Performance: To provide the services you've requested (tour generation, token packages)
• Legitimate Interests: To improve our service, prevent fraud, and ensure security
• Legal Obligations: To comply with tax, accounting, and other legal requirements

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

Service Providers

We share information with trusted third-party service providers who assist us in operating our service:

• Stripe: Payment processing and billing (Privacy Policy)
• Google Maps Platform: Location services, places data, route calculation (Privacy Policy)
• OpenAI: AI-powered tour generation and customization (Privacy Policy)
• Mailgun: Email delivery services (Privacy Policy)

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Retention

We retain your personal information for the following periods:

• Account Data: Retained while your account is active, deleted immediately upon your request to delete your account
• Transaction Records: Retained for 7 years for tax and legal compliance purposes
• Support Communications: Retained for 2 years after the last communication
• Important: If you delete your account while you have purchased tokens, those tokens will be lost and are not refundable

6. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your account and personal information
• Data Export: Request an export of your data in a portable format (GDPR compliance)
• Opt-Out: Unsubscribe from marketing communications (service-related emails will continue)
• Object to Processing: Object to our processing of your personal information (GDPR)
• Restrict Processing: Request that we restrict processing of your personal information (GDPR)
• Data Portability: Request transfer of your data to another service provider (GDPR)

To exercise these rights, please contact us at hi@tourlu.com.

Complaint Mechanism (GDPR): If you are located in the European Economic Area (EEA), you have the right to lodge a complaint with your local data protection authority if you believe we have not addressed your concerns. You can find your local authority at https://edpb.europa.eu/about-edpb/board/members_en.

7. Cookies and Tracking Technologies

• We use essential session cookies for authentication and session management
• These cookies are required for the service to function and do not require consent
• We do not use advertising cookies or tracking cookies

8. Security Measures

We implement appropriate technical and organizational security measures to protect your personal information:

• Password hashing using bcrypt
• HTTPS encryption for all data transmission
• Secure session management
• Regular security assessments
• Access controls and authentication

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We take steps to ensure that your information receives adequate protection, including:

• Using service providers that comply with applicable data protection laws
• Implementing appropriate safeguards for international transfers

10. Children's Privacy

Our service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hi@tourlu.com.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Your continued use of the service after such changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Email: hi@tourlu.com

We will respond to your inquiry within a reasonable timeframe.