Privacy Policy
How We Protect Your Data - GDPR, CCPA & LGPD Compliant
Last updated: January 7, 2026
1. Introduction
TravelDealForge.com ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website.
We comply with applicable data protection laws including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), Lei Geral de Proteção de Dados (LGPD), and other global privacy regulations.
2. Data Controller
TravelDealForge.com
Email: privacy@traveldealforge.com
Data Protection Officer: dpo@traveldealforge.com
3. Information We Collect
3.1 Information You Provide
- Account Information: Email address, name, password when you create an account
- Preferences: Language, currency, travel preferences you set
- Communications: When you contact us or subscribe to newsletters
- Search Data: Destinations and deals you search for (to improve recommendations)
3.2 Information Collected Automatically
- Device Information: Browser type, operating system, device type
- Usage Data: Pages visited, time spent, click patterns
- Location Data: Country/region (from IP address) for regional content
- Cookies: See our Cookie Policy for details
3.3 Information from Third Parties
- OAuth Providers: If you sign in with Google/Apple, we receive your email and name
- Analytics: Aggregated insights from Google Analytics
4. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide our services | Contract performance |
| Send deal alerts you subscribed to | Consent |
| Improve our website and services | Legitimate interest |
| Prevent fraud and security threats | Legitimate interest |
| Comply with legal obligations | Legal obligation |
| Send marketing emails | Consent |
5. Sharing Your Information
We may share your information with:
- Service Providers: Hosting, email, analytics (under data processing agreements)
- Affiliate Partners: When you click affiliate links, partners receive referral data (not your personal information)
- Legal Requirements: When required by law or to protect our rights
We do NOT sell your personal information.
6. Your Rights
6.1 GDPR Rights (EU/UK Residents)
- Right to Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Portability: Receive your data in a portable format
- Right to Restriction: Limit how we use your data
- Right to Object: Object to certain processing
- Right to Withdraw Consent: Withdraw consent at any time
6.2 CCPA Rights (California Residents)
- Right to Know: What personal information we collect
- Right to Delete: Request deletion of your data
- Right to Opt-Out: We do not sell personal information
- Right to Non-Discrimination: Equal service regardless of privacy choices
Do Not Sell My Personal Information: We do not sell your personal information. To manage your privacy settings, visit your Privacy Settings.
6.3 LGPD Rights (Brazilian Residents)
- Confirmation of data processing
- Access to your data
- Correction of incomplete or inaccurate data
- Anonymization, blocking, or deletion of unnecessary data
- Portability of data
- Information about sharing with third parties
7. Exercising Your Rights
To exercise any of your privacy rights:
- Online: Visit your Privacy Settings
- Data Export: Download Your Data
- Delete Account: Request Account Deletion
- Email: Contact privacy@traveldealforge.com
We will respond to requests within 30 days (GDPR) or 45 days (CCPA).
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data (active) | While account is active |
| Account data (inactive) | 24 months, then deleted |
| Session data | 30 days |
| Analytics data | 26 months |
| Deleted accounts | 30-day grace period, then permanent deletion |
9. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence. We ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
10. Security
We implement appropriate technical and organizational measures including:
- Encryption of data in transit (TLS 1.3) and at rest
- Regular security audits and vulnerability assessments
- Access controls and authentication
- Employee training on data protection
11. Children's Privacy
Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes by email or prominent notice on our website. The "Last updated" date at the top indicates when this policy was last revised.
13. Contact Us
For privacy-related questions or to exercise your rights:
Email: privacy@traveldealforge.com
Supervisory Authority: You have the right to lodge a complaint with a data protection authority in your country.
Privacy FAQs
Does TravelDealForge sell my personal data?
No, we do not sell your personal information to third parties. We only share data with service providers necessary to operate our platform, and all partners are bound by data processing agreements.
How can I delete my TravelDealForge account?
You can delete your account from your dashboard settings (Settings > Privacy > Delete Account), or by emailing privacy@traveldealforge.com. Your data will be permanently removed within 30 days.
What cookies does TravelDealForge use?
We use essential cookies for site functionality, preference cookies to remember your settings, and analytics cookies (with consent) to improve our service. See our Cookie Policy for full details.
How long does TravelDealForge keep my data?
Active account data is kept while your account is active. Inactive accounts are deleted after 24 months. Analytics data is retained for 26 months. Deleted accounts have a 30-day grace period before permanent removal.
What rights do I have under GDPR?
EU/UK residents have rights to access, rectify, erase, port, and restrict their data. You can also object to processing and withdraw consent. Exercise these rights via your Privacy Settings or by contacting us.