Privacy Policy
Last updated: May 12, 2026
1. Introduction
Go The Local Way Ltd. ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use our AI-powered travel platform ("the Platform").
We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Greek data protection law.
2. Data Controller
Go The Local Way Ltd., registered in Athens, Greece, is the data controller for the personal data described in this policy. Contact: privacy@gothelocalway.com
3. Data We Collect
3.1 Information You Provide
- Account data: name, email address, password (hashed), profile photo (optional)
- Booking data: selected experiences, dates, group size, payment information
- Communication data: messages with the AI assistant, messages to local partners, reviews
- Preference data: travel interests, dietary requirements, accessibility needs, language preferences
3.2 Data Collected Automatically
- Usage data: pages visited, features used, search queries, interaction patterns
- Device data: browser type, operating system, screen resolution, device identifiers
- Location data: approximate location from IP address; precise location only with your explicit consent (for nearby experience suggestions)
- AI conversation history: queries to our travel assistant and generated responses for service improvement
3.3 Data from Third Parties
- Social login providers (Google, Apple) if you choose to sign in via these services
- Payment processors (Stripe) for transaction verification
4. How We Use Your Data
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Provide and maintain the Platform | Contract performance |
| AI personalization and recommendations | Legitimate interest / Consent |
| Process bookings and payments | Contract performance |
| Send transactional emails (confirmations, updates) | Contract performance |
| Marketing communications | Consent (opt-in) |
| Improve AI model accuracy | Legitimate interest |
| Fraud prevention and security | Legitimate interest |
| Legal compliance | Legal obligation |
5. AI-Specific Data Processing
Our AI travel assistant processes your queries, preferences, and conversation history to provide personalized recommendations. Key points:
- Conversations are stored to maintain context within a planning session and improve future recommendations
- We use aggregated, anonymized conversation data to improve our AI models
- You can delete your conversation history at any time from account settings
- No automated decisions with legal or significant effects are made solely by AI without human review
6. Data Sharing
We share personal data only with:
- Local experience providers: name, contact details, and booking specifics necessary to deliver your booked experience
- Payment processors: Stripe processes payments on our behalf under their own privacy policy
- Cloud infrastructure: Vercel (hosting), Supabase (database) — all EU-based or with EU adequacy measures
- Analytics: aggregated, non-identifiable usage statistics only
- Legal requirements: when required by law, court order, or to protect our rights
We do not sell your personal data to third parties.
7. International Transfers
Your data is primarily stored within the European Economic Area (EEA). Where transfers outside the EEA are necessary (e.g., certain infrastructure providers), we ensure appropriate safeguards via Standard Contractual Clauses (SCCs) or adequacy decisions.
8. Data Retention
- Account data: retained while your account is active, deleted within 30 days of account closure
- Booking records: retained for 7 years for tax/legal compliance
- AI conversation history: retained for 12 months, then anonymized for model improvement
- Marketing consent records: retained for 3 years after last interaction
9. Your Rights
Under GDPR, you have the right to:
- Access your personal data (Art. 15)
- Rectify inaccurate data (Art. 16)
- Eraseyour data ("right to be forgotten") (Art. 17)
- Restrict processing (Art. 18)
- Data portability — receive your data in a structured format (Art. 20)
- Object to processing based on legitimate interest (Art. 21)
- Withdraw consent at any time without affecting prior processing (Art. 7)
- Lodge a complaint with the Hellenic Data Protection Authority (hdpa.gr)
To exercise these rights, email privacy@gothelocalway.com. We will respond within 30 days.
10. Cookies
10.1 Essential Cookies
Required for Platform functionality (authentication, session management). Cannot be disabled.
10.2 Functional Cookies
Remember your preferences (language, currency, recent searches). Enabled by default; you can opt out.
10.3 Analytics Cookies
Help us understand usage patterns (page views, feature adoption). Only deployed with your consent.
You can manage cookie preferences at any time through the cookie settings accessible in the Platform footer.
11. Security
We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, regular security audits, and access controls. While no system is perfectly secure, we take reasonable steps to protect your data.
12. Children
The Platform is not directed to individuals under 18. We do not knowingly collect data from minors. If we learn a child has provided personal data, we will delete it promptly.
13. Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email or Platform notification at least 30 days before taking effect.
14. Contact Us
For privacy-related inquiries: privacy@gothelocalway.com
Data Protection Officer: dpo@gothelocalway.com
Go The Local Way Ltd., Athens, Greece