Privacy Policy

Last updated: April 9, 2026

TripBento (“we,” “us,” or “our”) operates the website tripbento.com (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website or use our services, in compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

1. Data Controller

TripBento is the data controller responsible for your personal data. For questions about this policy or to exercise your rights, contact us at:

2. Personal Data We Collect

2.1 Data You Provide

CategoryDataPurposeLegal Basis (GDPR)
Contact informationName, email address, phone numberProcess booking requests, communicate about your tripContract performance (Art. 6(1)(b))
Trip preferencesDestination, travel dates, number of travelers, travel style, language preferenceGenerate personalized itineraries, match you with suitable guidesContract performance (Art. 6(1)(b))
Booking detailsSelected guide, service type, itinerary choicesFulfill booking requests, coordinate with guidesContract performance (Art. 6(1)(b))

2.2 Data Collected Automatically

CategoryDataPurposeLegal Basis (GDPR)
AnalyticsPage views, device type, browser, approximate location (country-level)Improve website performance and user experienceConsent (Art. 6(1)(a))
PerformancePage load times, web vitals metricsMonitor and optimize website speedConsent (Art. 6(1)(a))
TechnicalIP address (processed by Google Fonts)Deliver web fonts for consistent typographyLegitimate interest (Art. 6(1)(f))

3. Third-Party Data Processors

We share personal data with the following service providers who act as data processors under GDPR:

ProcessorPurposeData SharedLocation
VercelWebsite hosting, analytics, speed insightsIP address, page views, web vitalsUSA (EU-US Data Privacy Framework)
ResendTransactional email deliveryEmail address, name, booking detailsUSA (GDPR compliant, DPA available)
Google FontsWeb font deliveryIP addressUSA (EU-US Data Privacy Framework)

We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

4. International Data Transfers

Your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place:

  • EU-US Data Privacy Framework certification (where applicable)
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with all processors

5. Data Retention

  • Booking data: Retained for 3 years after the last booking, or as required by tax/legal obligations
  • Contact information: Retained until you request deletion or 3 years after last interaction
  • Analytics data: Aggregated and anonymized within 26 months
  • Email communication logs: Retained for 1 year

6. Your Rights Under GDPR (EEA/UK Residents)

If you are located in the European Economic Area or United Kingdom, you have the following rights:

  • Right of access — Request a copy of your personal data (Art. 15)
  • Right to rectification — Correct inaccurate or incomplete data (Art. 16)
  • Right to erasure — Request deletion of your data (“right to be forgotten”) (Art. 17)
  • Right to restriction — Restrict processing of your data (Art. 18)
  • Right to data portability — Receive your data in a structured, machine-readable format (Art. 20)
  • Right to object — Object to processing based on legitimate interests (Art. 21)
  • Right to withdraw consent — Withdraw consent at any time without affecting prior processing (Art. 7(3))

To exercise these rights, email privacy@tripbento.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

7. Your Rights Under CCPA (California Residents)

If you are a California resident, the CCPA provides you with:

  • Right to know — What personal information we collect, use, and disclose
  • Right to delete — Request deletion of personal information
  • Right to opt-out — Opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information as defined by the CCPA.
  • Right to non-discrimination — We will not discriminate against you for exercising your rights
  • Right to correct — Request correction of inaccurate personal information
  • Right to limit use of sensitive personal information — We do not collect sensitive personal information as defined by the CCPA

To exercise these rights, email privacy@tripbento.com or use the contact details above. We will verify your identity before processing your request.

8. Cookies and Tracking

We use cookies and similar technologies for analytics and performance monitoring. For full details, see our Cookie Policy.

You can manage your cookie preferences at any time through the cookie consent banner on our website. Analytics and performance cookies are only activated with your explicit consent.

9. Children's Privacy

Our Service is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us at privacy@tripbento.com and we will take steps to delete such information.

10. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • HTTPS encryption for all data in transit
  • Access controls limiting data access to authorized personnel only
  • Regular security reviews of our service providers
  • Escrow payment protection for financial transactions

No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. We encourage you to review this page periodically.

12. Contact Us

For questions, concerns, or to exercise your data rights: