Privacy Policy for Trvl Bestie

Effective Date: July 28, 2025

Trvl Bestie B.V. (company registration number 000059837721; VAT number NL005078947B24) ("Trvl Bestie," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile app, and associated services (the "Platform").

By accessing or using the Platform, you consent to the practices described in this Privacy Policy.

1. Who We Are

Trvl Bestie is a women-only travel companion platform designed to connect adult women who wish to travel safely and confidently. Headquartered in the Netherlands, we operate as a data controller under the General Data Protection Regulation (GDPR) and follow internationally recognized privacy and data protection standards.

This Privacy Policy applies to all users globally. However, if you are located in the European Union (EU), European Economic Area (EEA), or United Kingdom (UK), additional GDPR-specific rights and obligations apply (see Section 8).

For privacy-related inquiries, contact: [email protected]

2. Information We Collect

We may collect and process the following personal data:

a. Identification and Contact Information

• Full name
• Date of birth
• Nationality and country of residence
• Gender (as stated on valid government-issued ID)
• Email address
• Profile photos

b. Verification Data

• KYC documents (e.g., passport, ID card)
• Facial recognition image

c. Usage and Interaction Data

• Travel preferences and trip details
• Chat messages and user interactions
• IP address, device identifiers, and browser type
• Log data (access time, pages viewed, etc.)

d. Payment Information

• Partial card details (via third-party processor)
• Billing and subscription history

We do not store full credit card data.

3. How We Use Your Information

We use your personal data to:

• Verify your identity and eligibility for the platform (women 18+)
• Match you with suitable travel companions
• Operate, maintain, and improve the Platform
• Provide customer support
• Prevent fraud and ensure platform security
• Comply with legal obligations (e.g., AML/KYC)
• Send service-related notifications and optional marketing (opt-in only)

If you consent to receive marketing communications, you may withdraw that consent at any time through your profile settings or by clicking the "unsubscribe" link in our emails.

We use your personal data to:

• Verify your identity and eligibility for the platform (women 18+)
• Match you with suitable travel companions
• Operate, maintain, and improve the Platform
• Provide customer support
• Prevent fraud and ensure platform security
• Comply with legal obligations (e.g., AML/KYC)
• Send service-related notifications and optional marketing (opt-in only)

4. Legal Basis for Processing (EU/EEA/UK Users)

We rely on the following legal grounds:

• Consent: For marketing communications and cookies
• Contractual necessity: To provide the Platform services
• Legal obligation: For identity verification and AML compliance
• Legitimate interest: To protect the integrity of the platform and enhance user safety

5. Data Sharing and Disclosure

We may share your data with:

• Third-party KYC/AML verification services (e.g., Veriff, Sumsub)
• Payment processors (e.g., Stripe, Adyen) — all PCI-DSS compliant
• Hosting and cloud infrastructure providers (e.g., Microsoft Azure)
• Analytics and fraud prevention tools (e.g., Google Analytics, Firebase, Sentry)
• Legal authorities or regulators when required by law

We do not sell your personal data to third parties.

We may share your data with:

• Third-party KYC/AML verification services
• Payment processors (PCI-DSS compliant)
• Hosting and cloud infrastructure providers (e.g., Microsoft Azure)
• Analytics and fraud prevention tools
• Legal authorities or regulators when required by law

We do not sell your personal data to third parties.

6. Data Retention

We retain personal data as long as necessary to:

• Fulfill the purposes stated above
• Comply with legal obligations
• Resolve disputes and enforce our agreements

Retention periods include:

• KYC data: 5 years after account closure (as required by AML regulations)
• Chat messages: 1 year after account deletion
• Profile information and photos: Deleted immediately upon account deletion
• Analytics data: Retained for up to 2 years (aggregated and anonymized where possible)

We retain personal data as long as necessary to:

• Fulfill the purposes stated above
• Comply with legal obligations
• Resolve disputes and enforce our agreements

KYC data is retained in line with regulatory requirements, typically for five (5) years after account closure.

7. Data Security

We host our services on Microsoft Azure, using:

• End-to-end encryption (TLS/SSL)
• Role-based access control (RBAC)
• Multi-factor authentication (MFA)
• Network firewalls and activity monitoring

Biometric data collected for identity verification (e.g., facial recognition images) is encrypted, stored separately from general profile data, and processed solely for compliance and fraud-prevention purposes. Access to this data is strictly limited to authorized personnel under audit control.

We regularly audit our security practices and take appropriate technical and organizational measures to protect your data.

In the event of a data breach that may affect your rights or freedoms, we will notify the relevant supervisory authority within 72 hours, and inform you without undue delay in accordance with Articles 33 and 34 of the GDPR.

We host our services on Microsoft Azure, using:

• End-to-end encryption (TLS/SSL)
• Role-based access control (RBAC)
• Multi-factor authentication (MFA)
• Network firewalls and activity monitoring

We regularly audit our security practices and take appropriate technical and organizational measures to protect your data.

8. Your Rights (Global and GDPR-Specific)

All users have the ability to delete their account directly through the Trvl Bestie mobile app. This feature is accessible within the user settings and meets the requirements set by app marketplaces such as Apple or Google.

When a user deletes their account, all associated personal data is permanently and irreversibly deleted. This includes profile information, chat history, and verification documents, except as required to comply with legal obligations (e.g., regulatory retention periods for financial and identity verification data).

Depending on your jurisdiction, you may have the following rights:

All Users Globally

• The right to access your data
• The right to correct inaccurate or outdated information
• The right to delete your data, subject to legal or contractual constraints
• The right to object to or restrict certain types of processing
• The right to withdraw consent (where consent was the basis of processing)

Additional Rights for EU/EEA/UK Users

• The right to data portability
• The right to lodge a complaint with a supervisory authority

To exercise any of these rights, contact [email protected].

All users have the ability to delete their account directly through the Trvl Bestie mobile app. This feature is accessible within the user settings and meets the requirements set by app marketplaces such as Apple or Google.

When a user deletes their account, all associated personal data is permanently and irreversibly deleted. This includes profile information, chat history, and verification documents, except as required to comply with legal obligations (e.g., regulatory retention periods for financial and identity verification data).

Depending on your jurisdiction, you may have the following rights:

All Users Globally

• The right to access your data
• The right to correct inaccurate or outdated information
• The right to delete your data, subject to legal or contractual constraints
• The right to object to or restrict certain types of processing
• The right to withdraw consent (where consent was the basis of processing)

Additional Rights for EU/EEA/UK Users

• The right to data portability
• The right to lodge a complaint with a supervisory authority

To exercise any of these rights, contact [email protected].

9. International Data Transfers

If your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or adequacy decisions to protect your privacy rights.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Enable core functionality
• Improve user experience
• Analyze site traffic

Where required by law, we obtain your consent before placing non-essential cookies. You may manage cookie preferences in your browser settings.

11. Children’s Privacy

Our Platform is not intended for individuals under 18. We do not knowingly collect personal data from children. As part of our KYC verification, all users are required to submit official identification to confirm their age. If we learn that we have inadvertently collected personal data from a minor, we will delete it promptly and take steps to block further access.

Our Platform is not intended for individuals under 18. We do not knowingly collect personal data from children. If we learn that we have, we will delete it promptly.

12. Updates to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you by email or by notice on our Platform. The "Effective Date" will always reflect the latest version.

13. Contact

If you have questions about this Privacy Policy or your personal data, contact us at:

TRVL Bestie B.V.
[email protected]

By using Trvl Bestie, you acknowledge that you have read and understood this Privacy Policy.