Privacy Policy

1. Introduction

THE KIVO TRAVELLER™ ("KIVO", "we", "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and protect your personal information.

This policy complies with the European Union's General Data Protection Regulation (GDPR) and Brazil's Lei Geral de Proteção de Dados (LGPD).

2. Data We Collect

3. How We Use Your Data

We use your personal information to:

• Process and manage bookings
• Facilitate communication between guests and hosts
• Process payments securely
• Provide customer support
• Improve and personalize your platform experience
• Send notifications about bookings and updates
• Comply with legal obligations and prevent fraud
• Perform analytics and improve our services (anonymized data)

4. Legal Basis for Processing (GDPR/LGPD)

We process your personal data based on:

• Contract Performance: to provide requested services
• Consent: when explicitly provided (e.g., marketing)
• Legitimate Interests: to improve our services and prevent fraud
• Legal Obligations: to comply with legal and tax requirements

5. Data Sharing

We do not sell your personal data. We share information only with:

• Hosts/Guests: information necessary to complete the booking
• Service Providers: Stripe (payments), Supabase (data storage), Vercel (hosting)
• Authorities: when legally required
• Third Parties with Consent: only when authorized by you

6. Data Security

We implement technical and organizational security measures to protect your data, including:

• SSL/TLS encryption for all transmissions
• Secure storage on servers with security certifications
• Restricted access to personal data (need-to-know basis)
• Continuous security monitoring
• Regular and secure backups

7. Your Rights (GDPR/LGPD)

You have the right to:

• Access: request copies of your personal data
• Rectification: correct incorrect or incomplete data
• Erasure: request deletion of your data ("right to be forgotten")
• Portability: receive your data in a structured format
• Object: object to the processing of your data
• Restriction: request restriction of processing
• Withdraw Consent: withdraw consent at any time

To exercise these rights, contact us at privacy@thekivotraveller.com

8. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes described in this policy or as required by law. Booking data is retained for 7 years for tax and legal purposes. Data from accounts inactive for more than 3 years may be deleted after notification.

9. Cookies

We use cookies and similar technologies for:

• Essential Cookies: necessary for platform functionality
• Performance Cookies: for analysis and site improvement
• Functionality Cookies: to remember your preferences

You can manage your cookie preferences in your browser settings.

10. International Transfers

Your data may be transferred and processed in countries outside the EU/EEA. When this occurs, we ensure adequate safeguards exist, such as Standard Contractual Clauses approved by the European Commission.

11. Minors

Our platform is not intended for persons under 18 years of age. We do not intentionally collect data from minors. If you become aware that we have collected data from a minor, contact us for immediate deletion.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email or through platform notices. Continued use after changes constitutes acceptance of the updated policy.

13. Supervisory Authority

If you have concerns about how we handle your personal data, you have the right to file a complaint with the competent supervisory authority:

• Portugal: CNPD - Comissão Nacional de Proteção de Dados (www.cnpd.pt)
• Brazil: ANPD - Autoridade Nacional de Proteção de Dados (www.gov.br/anpd)