Privacy Policy

1. Who We Are and How to Contact Us

WNDR ("WNDR", "we", "us", "our") operates the travel social network available at wndrtravel.com and via the iOS and Android mobile applications published under the identifiers com.wndrstudio.wndr (iOS) and com.wndr.app (Android).

WNDR acts as the data controller for all personal data processed through the platform within the meaning of the EU General Data Protection Regulation (GDPR), the UK GDPR, the Spanish Organic Law 3/2018 (LOPDGDD), the California Consumer Privacy Act (CCPA/CPRA), and Brazil's Lei Geral de Proteção de Dados (LGPD).

For all privacy-related matters, contact our designated privacy point of contact:

• Email: [email protected]
• Website: wndrtravel.com
• General support: [email protected]

We respond to all privacy requests within 30 calendar days. In complex cases, we may extend this by a further 60 days and will inform you of any extension within the initial 30-day period.

2. Scope of This Policy

This Privacy Policy applies to:

• All visitors to wndrtravel.com
• All registered users of the WNDR mobile and web applications
• Any person whose data WNDR processes in connection with the services described herein

This Policy does not apply to third-party websites, applications, or services linked from WNDR (including booking platforms, affiliate partners, or Google Maps/Street View). Those services are governed by their own privacy policies, which we encourage you to review.

3. Data We Collect and Why

3.1 Account and Registration Data

When you create an account, we collect:

• Email address — to create your account, authenticate you, and send service communications
• Password — stored exclusively as a bcrypt hash; we never store or can access your plain-text password
• Username — to identify you on the platform

3.2 Profile Data (Voluntarily Provided)

The following profile fields are entirely optional and provided at your discretion:

• Profile picture, bio, and display name
• Age and date of birth
• Gender identity
• Country of origin and current country of residence
• Languages spoken
• Travel style, interests, and favorite destinations
• Countries visited (used for achievement tracking and map visualization)

You may leave any or all of these fields empty. Providing them enhances your experience and enables features like Buddy Finder matching. Providing gender or age constitutes consent to their use for matching purposes (see Section 6).

3.3 User-Generated Content

• Posts, photos, and videos you publish on the platform
• Comments, likes, tags, and reactions
• Blog entries and travel plans
• Country and city page contributions (Q&A, tips)
• Content shared in group chats

3.4 Messaging Data

Private messages and group chat messages are stored on our servers to enable the messaging feature. See Section 9 for full details on how we handle this data and the encryption measures in place.

3.5 Technical and Usage Data

When you use WNDR, we automatically collect limited technical data necessary to operate the service:

• Authentication tokens (JWT) — to maintain your session securely
• Device type and operating system — for technical compatibility and debugging
• IP address — for security, fraud detection, and abuse prevention; not used for marketing
• Error and crash logs — to identify and fix technical issues
• Feature usage data — aggregated and anonymised where possible, to understand how features are used and improve the service

We do not use third-party advertising trackers, behavioural analytics platforms, or data brokers.

3.6 Location Data

WNDR may request access to your device's location exclusively if you affirmatively grant permission. See Section 8 for full details.

3.7 Payment Data

When you purchase a service (Trip Planning or items from WNDR Shop), payment processing is handled exclusively by Stripe, Inc. WNDR never receives, stores, or processes your full card number, CVV, or bank account details. We receive only a transaction confirmation token and the last four digits of the card for reference purposes.

3.8 Data We Do Not Collect

• We do not collect health or medical data
• We do not collect racial or ethnic origin (beyond what you choose to share in your bio)
• We do not collect religious or philosophical beliefs
• We do not collect biometric data
• We do not collect precise sexual orientation beyond what a user chooses to share voluntarily in their profile
• We do not use advertising cookies or third-party tracking pixels
• We do not sell, rent, or trade your personal data to any third party for commercial purposes — ever

4. Legal Bases for Processing (GDPR)

For users in the EU/EEA and UK, every processing activity has a documented legal basis under Article 6 GDPR (and Article 9 for special category data):

• Contract performance (Art. 6.1.b) — account creation, authentication, delivering the social network features, processing payments, delivering Trip Planning itineraries
• Legitimate interests (Art. 6.1.f) — security and fraud prevention, abuse detection, crash logging, service improvement through aggregated analytics, enforcing our Terms of Service. Our legitimate interests are balanced against your rights and do not override them.
• Consent (Art. 6.1.a) — optional profile fields (age, gender, travel style, etc.), location access, Buddy Finder matching. You may withdraw consent at any time without detriment.
• Legal obligation (Art. 6.1.c) — compliance with Spanish and EU law, including tax retention requirements and response to lawful law enforcement requests
• Vital interests (Art. 6.1.d) — in exceptional cases where processing is necessary to protect life (e.g. responding to a credible and imminent threat)

Where we process special category data (such as gender identity provided voluntarily for Buddy Finder matching), the legal basis is your explicit consent under Article 9.2(a) GDPR, which you may withdraw at any time by removing the relevant information from your profile or contacting [email protected].

5. How We Use Your Data

We use the data we collect for the following purposes, each tied to a legal basis:

• Providing the Service: operating the social feed, posts, comments, messaging, map features, country/city pages, group chats, rankings, achievements, and all other platform features
• Account management: registration, login, password recovery, account settings
• Personalisation: showing your visited countries map, calculating achievement badges and rankings, suggesting relevant content based on your travel interests
• Buddy Finder matching: pairing you with compatible travel companions based on voluntarily provided profile data (see Section 6)
• Communication: sending transactional emails (account confirmation, password reset, payment confirmation, trip planning delivery, policy update notifications)
• Safety and security: detecting and preventing fraud, spam, abuse, and violations of our Terms and Content Policy
• Legal compliance: responding to lawful requests from courts, regulators, or law enforcement; maintaining records required by applicable law
• Service improvement: analysing aggregated, anonymised usage patterns to improve features and fix bugs
• Payment processing: completing and recording transactions for paid services

We will not use your data for purposes incompatible with those stated above without obtaining fresh consent or establishing a new legal basis.

6. Buddy Finder and Automated Profiling

The Buddy Finder feature uses an automated matching algorithm to suggest potentially compatible travel companions. The matching is based exclusively on information you have voluntarily provided in your profile, which may include:

• Age and gender identity
• Travel style and preferences
• Languages spoken
• Countries visited or planned destinations
• Origin and current country

Important disclosures:

• Participation in Buddy Finder is entirely voluntary. You may use WNDR without engaging with this feature.
• Age and gender constitute special category data under GDPR Article 9 when used for profiling. By providing this information and using Buddy Finder, you provide explicit consent to this specific use.
• Matching does not produce legal or similarly significant effects on you. It is a suggestion tool only.
• No fully automated decision-making within the meaning of GDPR Article 22 takes place — matching results are suggestions, not binding determinations.
• You may opt out of Buddy Finder at any time by removing the relevant profile fields or contacting [email protected]. Opting out will not affect your ability to use any other WNDR feature.
• WNDR does not share Buddy Finder profile data with any third party for commercial or advertising purposes.

7. User-Generated Content: Photos and Videos

When you upload photos or videos to WNDR:

• Files are stored on Cloudflare R2 (US-based), a secure object storage service. Transfers are protected by Standard Contractual Clauses.
• Photos and videos you post publicly are visible to all WNDR users and, where indexed, to search engines.
• You retain full intellectual property ownership of all content you upload (see Terms of Service, Section 4).
• By uploading content, you grant WNDR a limited licence to host, display, and distribute it as necessary to operate the platform (see Terms of Service).
• Metadata: We may strip EXIF metadata (including embedded GPS coordinates) from photos on upload for your privacy, but we do not guarantee this in all cases. We recommend removing sensitive metadata before uploading if this is a concern.
• Videos: video uploads are a planned future feature. When enabled, the same rules apply. You will be notified before the feature is activated.
• Upon account deletion, all your uploaded content is deleted from our servers. Due to CDN caching, residual copies may persist for up to 30 days before permanent removal.

8. Location Data

WNDR may request access to your device's location for features that require it (such as displaying nearby content or enabling location-tagged posts). The following rules apply:

• Permission is required: we will only access your location if you grant explicit permission through your device's operating system prompt (iOS or Android).
• Purpose limitation: location data is used only for the specific feature you activated it for. We do not build persistent location histories or track your movements over time.
• Revocation: you may revoke location permission at any time through your device settings (iOS: Settings → Privacy → Location Services → WNDR; Android: Settings → Apps → WNDR → Permissions → Location).
• Location data is not shared with third parties for advertising or commercial profiling purposes.

9. Private Messages and Group Chats

WNDR provides private messaging and group chat features. We handle this data as follows:

• Storage: messages are stored on our servers (Railway/PostgreSQL) to enable delivery and history.
• Encryption at rest: private messages and group chat content are encrypted at rest in our database. This means that the message data is not stored in plain readable text.
• Access controls: access to message data is restricted on a strict need-to-know basis for technical operations and legal compliance purposes only.
• No routine monitoring: WNDR does not routinely read or monitor the content of private messages.
• Exceptional access: we may access or disclose message content only when: (a) required by a valid legal order, court order, or law enforcement request; (b) necessary to investigate a credible and specific safety threat; or (c) required to investigate a reported violation of our Content Policy.
• Moderation: if a user reports a private message or group chat message for a Content Policy violation, the reported content may be reviewed by WNDR staff for moderation purposes.
• Deletion: upon account deletion, all your messages are deleted from our servers within 30 days, except where retention is required by law or an ongoing investigation.

Important: group chat messages sent to public or semi-public groups may be visible to a large number of users. Exercise the same caution you would in any public forum.

10. Third-Party Services and Data Processors

We engage the following third-party processors to operate our service. Each processor is bound by a Data Processing Agreement (DPA) and, where applicable, Standard Contractual Clauses (SCCs) for international transfers:

10.1 Infrastructure and Storage

• Railway (railway.app) — application hosting and PostgreSQL database. Based in the United States. Transfer protected by SCCs (EU Commission Decision 2021/914). Railway Privacy Policy.
• Cloudflare, Inc. — media storage (R2) and content delivery network (CDN). Based in the United States. Transfer protected by SCCs and Cloudflare's EU-US Data Privacy Framework certification. Cloudflare Privacy Policy.

10.2 Communications

• Resend (resend.com) — transactional email delivery (account confirmation, password resets, notifications). Based in the United States. Transfer protected by SCCs. Only your email address and name are shared for email delivery purposes.

10.3 Payments

• Stripe, Inc. — payment processing for Trip Planning and WNDR Shop (when active). Stripe acts as an independent data controller for payment card data. WNDR does not receive or store full payment details. Subject to Stripe's Privacy Policy.

10.4 Map and Virtual Tour Features

• Google LLC — Virtual Tour links embed Google Maps Street View iframes. When you interact with Virtual Tours, Google's own privacy policy governs data collection by their services. See Google's Privacy Policy. WNDR does not control Google's data practices.

10.5 App Distribution Platforms

• Apple Inc. — iOS App Store distribution. Apple's privacy practices are governed by Apple's Privacy Policy.
• Google LLC — Google Play Store distribution. Subject to Google's Privacy Policy.

10.6 Disclosure to Authorities

We may disclose your personal data to public authorities, regulators, or law enforcement where required by applicable law, valid court order, or other compulsory legal process. We will inform you of such disclosure where legally permitted to do so.

10.7 Business Transfers

In the event of a merger, acquisition, asset sale, or reorganisation involving WNDR, your personal data may be transferred to the successor entity. You will be notified by email and in-app notification at least 30 days before any such transfer takes effect and given the opportunity to delete your account before the transfer.

11. Affiliate and Booking Integrations

The WNDR "Reservations" section provides links to third-party booking platforms including Booking.com, Skyscanner, GetYourGuide, and Discovercars. These are affiliate or referral links through which WNDR may receive a commission if you make a booking, at no additional cost to you.

• Clicking these links will take you away from WNDR and to the third-party platform.
• Your interactions with those platforms — including any personal data you provide — are governed entirely by their own privacy policies.
• WNDR does not receive your personal data from these platforms as a result of your bookings.
• WNDR does not guarantee the accuracy, availability, or quality of third-party services.

12. Google Maps and Virtual Tours

WNDR embeds Google Maps Street View iframes within the Virtual Tours feature on country and city pages. When you load a Virtual Tour:

• Google's servers are contacted and Google may collect data about your interaction, including your IP address, in accordance with Google's Privacy Policy.
• WNDR has no control over and accepts no responsibility for Google's data collection through these embedded features.
• Virtual Tour links are provided solely for user convenience and constitute a link to a third-party service.

13. International Data Transfers

WNDR is a global service and some of your data is processed by service providers located outside the European Economic Area (EEA) and UK, particularly in the United States. All such transfers are subject to adequate safeguards as follows:

• Standard Contractual Clauses (SCCs) approved by the European Commission (Implementing Decision (EU) 2021/914) for transfers to Railway and Cloudflare
• UK International Data Transfer Agreements (IDTAs) for transfers affecting UK residents
• EU-US Data Privacy Framework where applicable (Cloudflare)

A full list of our international data processors and the specific transfer mechanisms in place is available upon request at [email protected].

For users in Brazil, all international transfers comply with LGPD Article 33 requirements. For users in other jurisdictions, we take reasonable steps to ensure equivalent protections are in place.

14. Data Retention Periods

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by applicable law:

• Account and profile data: retained for the duration of your account, plus 30 days after deletion (to allow recovery from accidental deletion on request)
• User-generated content (posts, photos, videos): deleted immediately upon account deletion; CDN cached copies may persist up to 30 days
• Private messages: deleted upon account deletion within 30 days, subject to any ongoing legal hold
• Payment records: retained for 7 years from the transaction date, as required by Spanish tax law (Ley 58/2003 General Tributaria) and EU VAT regulations
• Security and authentication logs: retained for 12 months
• IP address logs: retained for 12 months for security and abuse prevention
• Trip Planning request data: retained for 2 years after delivery
• Privacy and legal correspondence: retained for 3 years from closure
• Content moderation records: retained for 2 years to support appeals and legal processes
• Law enforcement disclosure records: retained for the period required by applicable law

At the end of each retention period, data is securely deleted or irreversibly anonymised.

15. Security Measures

WNDR implements industry-standard technical and organisational security measures proportionate to the risks of processing, including:

• HTTPS/TLS encryption for all data in transit
• bcrypt hashing for all stored passwords
• Encryption at rest for private messages and sensitive user data
• JWT authentication tokens with expiry and rotation
• Rate limiting and brute-force protection on authentication endpoints
• Access controls limiting employee and administrator access to personal data on a strict need-to-know basis
• Regular automated database backups with secure storage
• Dependency monitoring for known security vulnerabilities

No security system is impenetrable. We cannot guarantee absolute security, but we commit to maintaining appropriate measures and to responding promptly to any breach.

16. Minimum Age and Children's Privacy

WNDR is rated for users aged 13 and over on the Apple App Store and Google Play Store.

Users under 13 (COPPA — United States): WNDR does not knowingly collect personal information from children under 13 years of age. If we become aware that we have inadvertently collected personal data from a child under 13, we will delete that account and all associated data as promptly as possible. If you believe a user under 13 has created an account, please contact us at [email protected] immediately.

Users aged 13–15 (GDPR — EU/EEA): Under GDPR Article 8 and the LOPDGDD, the minimum age for consent to data processing in Spain is 14. In other EU member states it may be 13, 15, or 16. For users in the EU/EEA under the applicable age of digital consent in their country, we require verifiable parental or guardian consent before processing their data. By registering, users in this age group represent that they have obtained such consent.

Users aged 13–17 (general): We encourage parents and guardians to be aware of and involved in their children's online activity. Parental control features on iOS and Android devices can be used to restrict access to WNDR.

WNDR does not direct advertising or commercial content at users known to be under 18.

17. Your Rights — EU/EEA and UK (GDPR / UK GDPR)

If you are located in the EU, EEA, or UK, you have the following rights under GDPR (or UK GDPR):

• Right of access (Art. 15): request a copy of all personal data we hold about you
• Right to rectification (Art. 16): request correction of inaccurate or incomplete data
• Right to erasure / right to be forgotten (Art. 17): request deletion of your data (subject to legal retention obligations)
• Right to restriction of processing (Art. 18): request that we limit how we use your data while a dispute is resolved
• Right to data portability (Art. 20): receive your data in a structured, machine-readable format (JSON)
• Right to object (Art. 21): object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent (Art. 7.3): withdraw consent at any time without penalty; withdrawal does not affect the lawfulness of prior processing
• Rights related to automated decision-making (Art. 22): not to be subject to solely automated decisions producing legal or similarly significant effects

To exercise any of these rights, email [email protected] with the subject line "Data Subject Request — [Right]". We will respond within 30 days. Requests are free of charge. We may need to verify your identity before processing the request.

You also have the right to lodge a complaint with a supervisory authority:

• Spain: Agencia Española de Protección de Datos (AEPD)
• EU ODR platform: ec.europa.eu/consumers/odr
• UK: Information Commissioner's Office (ICO)

18. Your Rights — California Residents (CCPA/CPRA)

If you are a resident of California, USA, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you the following rights:

• Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business or commercial purposes, and the categories of third parties with whom we share it
• Right to Delete: request deletion of personal information we have collected, subject to certain exceptions
• Right to Correct: request correction of inaccurate personal information
• Right to Opt-Out of Sale or Sharing: WNDR does not sell your personal information and does not share it for cross-context behavioural advertising. No opt-out mechanism is required, but we confirm this right is honoured by default.
• Right to Limit Use of Sensitive Personal Information: you may limit our use of sensitive personal information to that which is necessary to perform the service
• Right to Non-Discrimination: we will not discriminate against you for exercising any CCPA right

To submit a CCPA request, email [email protected] with subject "CCPA Privacy Request". We will respond within 45 days (extendable to 90 days with notice). Requests are free up to twice per 12-month period.

California residents may also designate an authorised agent to submit requests on their behalf.

19. Your Rights — Brazil Residents (LGPD)

If you are a resident of Brazil, the Lei Geral de Proteção de Dados (LGPD — Law No. 13,709/2018) grants you rights including access, correction, anonymisation, portability, deletion, information about sharing, and the right to revoke consent. To exercise these rights, contact [email protected]. You may also contact Brazil's national data protection authority, the Autoridade Nacional de Proteção de Dados (ANPD).

20. Cookies and Local Storage

WNDR uses only the following technically necessary data storage mechanisms:

• JWT authentication tokens stored in secure local storage — required to keep you logged in
• User preference tokens — to remember your in-app settings (e.g. language preference)

We do not use:

• Advertising or marketing cookies
• Third-party tracking pixels or tags
• Analytics cookies from Google Analytics, Mixpanel, or similar platforms
• Social media tracking cookies

Because we use only strictly necessary cookies with no non-essential tracking, a cookie consent banner is not required under the ePrivacy Directive. However, if you wish to clear all locally stored tokens, you may do so through your browser or device settings. Note that clearing authentication tokens will log you out of the app.

21. Account and Data Deletion

You may delete your account and all associated personal data at any time:

• In-app: Settings → Account → Delete Account
• By email: send a request to [email protected] with the subject "Account Deletion Request" and your registered email address

Account deletion is immediate and irreversible. Once confirmed:

• Your profile, posts, photos, and all user-generated content will be deleted
• Your private messages will be deleted within 30 days
• Your account will no longer be visible to other users
• Certain data may be retained as required by law (see Section 14)
• Payment records required by tax law will be retained for 7 years

If you have made purchases through WNDR, please ensure you have records of any transactions you may need for tax or dispute purposes before deleting your account, as we cannot provide transaction records after deletion beyond what is required for our own legal obligations.

22. Data Breach Notification

In the event of a personal data breach that poses a high risk to your rights and freedoms, WNDR will:

• Notify the Spanish Data Protection Authority (AEPD) within 72 hours of becoming aware of the breach, as required by GDPR Article 33
• Notify affected users without undue delay by email and/or in-app notification, describing the nature of the breach, the data affected, likely consequences, and the measures taken or proposed, as required by GDPR Article 34
• Where applicable, notify UK and Brazilian regulators in accordance with UK GDPR and LGPD requirements

If you believe your account has been compromised, contact us immediately at [email protected].

23. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Update the "Last updated" date at the top of this page
• Notify you of material changes by email (to your registered address) and by in-app notification at least 14 days before the changes take effect
• For changes that require fresh consent, request your consent before they take effect

Your continued use of WNDR after the effective date of a revised Policy constitutes your acceptance of the revised terms. If you do not agree with the updated Policy, you may delete your account before the changes take effect.

Previous versions of this Policy are available upon request at [email protected].

24. Contact and Complaints

For all privacy-related inquiries, requests, or concerns:

• Privacy & Legal: [email protected]
• General support: [email protected]
• Website: wndrtravel.com

We take all privacy concerns seriously and will acknowledge receipt of your request within 5 business days and provide a full response within 30 calendar days.

If you are not satisfied with our response, you have the right to lodge a complaint with the competent supervisory authority for your country (see Section 17 for EU/UK contacts, Section 19 for Brazil).