Draft for internal use. Replace with counsel-approved text aligned with GDPR and other applicable laws.
1. Data controller
Details of the data controller (identity, contact and, where applicable, DPO) should be completed for Lokalu’s legal structure.
2. Data we process
- Account data: email, name, phone if provided, authentication identifiers.
- Booking and payment data: traveler contact, experience details; transaction data handled by payment partners (e.g. Stripe).
- Usage data: technical logs, preferences, support messages.
- Published content: text, images and metadata you upload as a guide or provider.
3. Purposes and legal bases
We process data to provide the service (contract), comply with legal obligations, protect security and, where appropriate, send communications based on consent or legitimate interest as permitted by law.
4. Retention
Data is kept as long as needed for the stated purposes and statutory periods (e.g. accounting).
5. Recipients and processors
We may share data with processors (hosting, authentication, payments, transactional email, analytics if used). Some may be outside the EEA with appropriate safeguards.
6. Your rights
You may exercise access, rectification, erasure, objection, restriction and portability where applicable, and withdraw consent for consent-based processing. You may lodge a complaint with a supervisory authority.
7. Minors
The service is not directed at children without parental consent where required.
8. Changes
We will publish updates in the app with an effective date.