Privacy Policy

Effective date: February 10, 2026

Introduction

amazonia.tours ("we", "us", or "our") operates the amazonia.tours website. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our platform.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

By using our platform, you acknowledge that you have read and understood this Privacy Policy.

Data We Collect

We collect the following categories of personal data:

Account Information

Email address (required for account creation)
Username (required, publicly visible)
Display name (optional)
Profile picture (obtained via social login provider)

Guide & Organization Profiles

If you register as a guide or manage an organization, we additionally collect:

Biography and professional description
Phone number and contact details
Specialties, languages spoken, and certifications
Organization address, website, and social media links
Geographic coordinates (for map display)

Media Uploads

When you upload photos or videos, we store the files along with metadata such as dimensions, file type, and descriptive alt text.

Interaction Data

When you click contact buttons (WhatsApp, phone, email), we log the interaction type, your browser's user agent, referring page, and IP address. This data is used for analytics and spam prevention.

Recommendations

When you recommend another user, we store the recommendation message and the relationship between both accounts.

Technical Data

We automatically collect certain technical information including your IP address, browser type, operating system, and page interactions for error monitoring and performance optimization.

How We Use Your Data

We process your personal data for the following purposes:

Account managementPerformance of contract

To create and manage your account, authenticate you, and provide our services.

Platform functionalityPerformance of contract

To display guide profiles, organization listings, and enable the recommendation network.

CommunicationPerformance of contract

To send transactional emails such as account verification and important service updates.

Analytics and improvementLegitimate interest

To understand how the platform is used, monitor errors, and improve user experience.

Security and spam preventionLegitimate interest

To protect our platform from abuse, detect fraud, and prevent spam through contact logging and honeypot fields.

Cookies & Local Storage

We use cookies that are strictly necessary for the operation of our platform. We do not use advertising or tracking cookies.

Cookie	Purpose	Duration	Type
en_session	Authentication session	Session (expires on logout or after inactivity)	Strictly necessary
en_theme	Remembers your light/dark theme preference	1 year	Functional
en_locale	Remembers your language preference	1 year	Functional
en_layout	Remembers your layout preference	1 year	Functional
en_toast	Displays temporary notification messages	Session	Strictly necessary
Client hints	Detects your color scheme preference to prevent flash of unstyled content	Session	Functional

We also use hidden form fields (honeypot technique) to prevent spam submissions. This does not involve cookies or tracking.

Third-Party Services

We work with the following trusted third-party providers to deliver our services:

Auth0

Purpose:: Authentication & identity management
Data shared:: Email address, name, and profile picture from your social login provider
Data location:: EU region (auth0.com)
Privacy policy:: https://auth0.com/privacy

Sentry

Purpose:: Error monitoring & performance tracking
Data shared:: Error details, browser information, and anonymized session replays (10% sample rate)
Data location:: EU/US (sentry.io)
Privacy policy:: https://sentry.io/privacy/

Resend

Purpose:: Transactional email delivery
Data shared:: Email address and email content
Data location:: US (resend.com)
Privacy policy:: https://resend.com/legal/privacy-policy

Supabase Storage

Purpose:: File & image storage
Data shared:: Uploaded media files
Data location:: EU region
Privacy policy:: https://supabase.com/privacy

OpenStreetMap / Nominatim

Purpose:: Map display & geocoding
Data shared:: Your IP address may be visible when loading map tiles
Data location:: Various
Privacy policy:: https://wiki.osmfoundation.org/wiki/Privacy_Policy

We also load stock images from Pexels (pexels.com). No personal data is shared with Pexels; only image files are loaded by your browser.

Data Storage & Security

Your data is stored on servers located in the European Union. We use industry-standard security measures to protect your personal data, including:

Encrypted connections (HTTPS/TLS) for all data in transit
HttpOnly, Secure, and SameSite cookie attributes to prevent cross-site attacks
OAuth-based authentication — we never store your password
Server-side session management with automatic expiration
Access controls limiting who can view and modify data

While we take every reasonable precaution, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

Your Rights (GDPR)

Under the General Data Protection Regulation, you have the following rights regarding your personal data:

Right of access — You can request a copy of the personal data we hold about you.

Right to rectification — You can update or correct your personal data through your account settings, or contact us for assistance.

Right to erasure — You can request deletion of your account and associated data. Some data may be retained for legal obligations.

Right to restrict processing — You can ask us to limit how we process your data in certain circumstances.

Right to data portability — You can request your data in a structured, machine-readable format.

Right to object — You can object to processing based on legitimate interests, including analytics.

Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us at hello@amazonia.tours. We will respond within 30 days as required by GDPR.

You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

Account data: retained while your account is active, deleted upon request
Session data: automatically expires after the session timeout period
Contact interaction logs: retained for up to 12 months for analytics, then anonymized
Media uploads: retained while your account is active, deleted upon account deletion
Error logs and monitoring data: retained for up to 90 days

When data is no longer needed, it is securely deleted or anonymized so it can no longer be linked to you.

Children's Privacy

Our platform is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at hello@amazonia.tours and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we will notify you through the platform or via email.

We encourage you to review this policy periodically. The "effective date" at the top of this page indicates when the latest revision was made.

Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

Email:: hello@amazonia.tours
Website:: amazonia.tours