Privacy Policy
Last updated: 21 May 2026
1. Who We Are
This Privacy Policy describes how Yovu Travel OÜ(“Yovu”, “we”, “us”) collects, uses, and protects your personal data when you use the Yovu Travel platform. We are the data controller for the purposes of the EU General Data Protection Regulation (GDPR).
Yovu Travel OÜTartu maantee 67/1, Tallinn, Harju maakond 10115, EE
support@yovu.travel
+372 53335144
2. Data We Collect
We collect the following personal data:
- Booking data: name, email address, phone number, country of residence, and special requests.
- Payment data: payment confirmation references. We do not store full card numbers.
- Usage data: pages visited, device type, browser, and IP address (via analytics).
- Communication data: emails or messages you send to our support team.
- Optional data: marketing preferences if you opt in.
3. How We Use Your Data
- To process and manage your bookings and send confirmation emails.
- To communicate with you about your booking or inquiries.
- To share necessary details with the experience supplier to fulfill your booking.
- To improve our platform and user experience through analytics.
- To send marketing communications, only if you have opted in.
- To comply with legal obligations under Estonian and EU law.
4. Legal Basis for Processing
- Contract performance: processing your booking.
- Legitimate interests: platform improvement and fraud prevention.
- Consent: marketing emails (you may withdraw at any time).
- Legal obligation: compliance with applicable laws.
5. Data Sharing & Processors
We share your personal data only as necessary:
- Experience suppliers: booking and travel details needed to run your trip. Guest email addresses are not shared directly; supplier messages are routed through Yovu relay addresses where enabled.
- Payment processors (Stripe): to securely process your payment. We do not store full card numbers.
- Email (Resend): transactional messages such as confirmations and manage-booking codes.
- Database & hosting (Supabase, Vercel): application data storage and delivery, configured for EU/EEA processing where available.
- Channel partners (e.g. Bokun): when you book inventory connected to an external reservation system.
- Analytics providers: aggregated, anonymised usage data only, where you have not opted out of non-essential cookies.
- Legal authorities: when required by law.
We do not sell your personal data to third parties. Processor agreements and Standard Contractual Clauses apply where data may leave the EEA.
6. Data Retention
We retain your booking data for up to 7 years to comply with Estonian accounting and tax regulations. Marketing preferences are retained until you withdraw consent. Analytics data is retained for 26 months.
7. Your Rights Under GDPR
You have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data (“right to be forgotten”) where applicable.
- Restrict or object to certain processing activities.
- Data portability — receive your data in a structured, machine-readable format.
- Withdraw consent for marketing at any time without penalty.
- Lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).
To exercise any of these rights, contact us at support@yovu.travel.
8. Cookies
We use essential cookies required for the platform to function, and optional analytics cookies to understand how users interact with our site. You can control cookie preferences through your browser settings. We do not use advertising or tracking cookies.
9. Data Security
We implement appropriate technical and organisational measures to protect your data, including TLS encryption in transit, encryption of guest email addresses at rest, role-based access controls, signed links for vouchers and receipts, rate limiting on sensitive endpoints, webhook signature verification, and audit logging when administrators access decrypted guest contact data. Our database infrastructure is hosted on Supabase (EU region).
10. International Transfers
Your data is stored within the European Economic Area (EEA). Where we use service providers outside the EEA, we ensure adequate safeguards are in place in accordance with GDPR requirements (e.g., Standard Contractual Clauses).
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or a prominent notice on our platform. Continued use after the effective date of changes constitutes acceptance.
12. Contact Us
For privacy-related questions or to exercise your rights:
Yovu Travel OÜTartu maantee 67/1, Tallinn, Harju maakond 10115, EE
support@yovu.travel
+372 53335144