GoTraveli Privacy Policy & Compliance
Last Updated: April 26, 2026
Part 1: Privacy Policy (Main Body)
GoTraveli Privacy Policy
Effective Date: April 24, 2026 Last Updated: April 24, 2026
Welcome to GoTraveli (hereinafter "the App" or "the Service"). This Privacy Policy is established by GoTraveli LLC ("we," "us," or "the Company," a registered entity in Wyoming, USA). Acting as the Data Controller of your personal data, we deeply understand the importance of your privacy. This Policy clearly explains how we collect, use, share, and protect your information.
1. Information We Collect
To provide you with our core services, we strictly adhere to the principle of "Data Minimization" and collect only the following necessary information:
- Basic Personal Data: We solely collect your email address for passwordless login verification via a One-Time Password (OTP) system. We absolutely do not collect or store any user passwords.
- Usage & Technical Data: We collect device models, operating system versions, and app crash logs exclusively for diagnostic purposes and performance optimization.
- User-Generated Content (UGC): This includes itinerary details, destinations, dates, notes, packing lists, expense records, and uploaded images that you actively create within the App. Images are stored solely within your personal account to enrich your private itineraries and are never used for any social public posting or third-party advertising displays.
- Location Data: Only when you explicitly grant the "While Using the App" permission will we collect your real-time GPS location to locally find nearby facilities (e.g., restrooms) and calculate routes. We absolutely do not conduct continuous background location tracking. Unless explicitly saved by you through active interactions (such as saving an itinerary), location data will not be persistently stored on our servers. We absolutely do not sell your location data to any third party.
2. How We Use Your Information
We process your data based on lawful bases (including the performance of a contract, your consent, and our legitimate interests). We have conducted a Legitimate Interest Balancing Test to ensure that our interests do not override your fundamental privacy rights. We use your information to:
- Provide, maintain, and improve the Service;
- Manage your account and subscription status;
- Data Aggregation & Analysis: We may use de-identified and aggregated data for internal product analysis and service optimization. Such data cannot be used to identify any individual.
- Automated Decision-Making Exemption: GoTraveli will not use your data for any Automated Decision-Making that produces legal or similarly significant effects concerning you.
3. Third-Party Service Providers & Data Sharing
We do not sell your personal information. We only share necessary information with third-party Data Processors who have executed strict Data Processing Agreements (DPAs) to maintain service operations:
- Infrastructure: Supabase (core database), Cloudflare (network security and acceleration), Resend (OTP email delivery), Zoho Mail (customer service email system).
- Maps & Location: Mapbox, OpenStreetMap, Google Maps.
- Payment Processing: Stripe, RevenueCat. We neither touch nor store your full credit card information.
4. AI Services & Usage Restrictions
- AI Liability Boundaries: GoTraveli integrates several industry-leading third-party computational models to drive smart conversations. As this technology is supported by external architecture, the accuracy of generated content and processing logic is subject to the global technical standards of the respective providers. You must independently evaluate the reference value of the output during use.
- Strict Restriction Warning: Users are STRICTLY PROHIBITED from inputting any Sensitive Personal Data into the AI interface or itinerary notes, including but not limited to health and medical information, financial data, government identification numbers, or precise residential addresses. Users shall not use AI-generated content for any illegal, harmful, or abusive purposes. The user bears full responsibility for any data breaches or legal disputes arising from active violations of these input or usage rules. The platform reserves the right to restrict or terminate access for violating accounts.
5. International Data Transfers
As a US-based company, your information may be transferred to and stored or processed in the United States or other countries where our service providers operate. For users from the European Union (EU) or the United Kingdom (UK), we rely on Standard Contractual Clauses (SCCs) or applicable data privacy frameworks to ensure the legality of cross-border transfers. If any existing lawful transfer mechanism is invalidated, we will immediately implement alternative compliant safeguards. (Please refer to our "Data Localization & Cross-Border Transfer Special Statement" for detailed mechanisms).
6. Data Retention & Deletion
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy:
- Crash Logs: Retained for a maximum of 90 days.
- Inactive Account Data: Data of accounts that have not logged in for 24 consecutive months will be purged.
- Physical Deletion Mechanism: You may use the "Delete Account" feature within the App at any time. Once you actively initiate deletion, all your associated data will be marked for deletion and physically erased within 30 days from the production system and cleared from encrypted backup systems within a reasonable routine maintenance cycle.
7. Your Privacy Rights (GDPR & CCPA)
Depending on your applicable jurisdiction (e.g., European GDPR or US California CCPA), you are legally entitled to the following rights:
- Right of Access & Portability: Request a copy of your personal data held by us.
- Right to Rectification & Erasure: Request the correction of inaccurate data or the complete deletion of your account.
- Appeal Process: If you believe our processing of your data violates applicable laws, you have the right to lodge a complaint with the supervisory authority in your jurisdiction (e.g., an EU Data Protection Authority or the California Attorney General).
8. Data Breach & Third-Party Security Disclaimer
In the event of a data breach requiring mandatory notification, we will notify affected users and relevant regulatory authorities in accordance with applicable legal requirements (e.g., within 72 hours). We employ mainstream security technologies (such as in-transit encryption and database isolation) to protect your data. However, the Internet is inherently open, and any defensive measure has technical limitations. By using the Service, you acknowledge and accept the objective security risks inherent in cloud data transmission and storage. We do not guarantee absolute, uninterrupted, or error-free operation of the Service.
9. Children's Privacy
This Service strictly complies with the requirements of the Children's Online Privacy Protection Act (COPPA) and GDPR-K. GoTraveli is not directed to children under the age of 13 (or 16 in certain regions of the EU/UK). We do not knowingly collect personal information from children. If we discover that we have inadvertently collected such data, we will thoroughly erase it from our servers immediately.
10. Policy Updates
We may update this Privacy Policy from time to time. In the event of Material Changes, we will notify you in advance via in-app notifications or your registered email. Your continued use of the Service after receiving the change notification constitutes your acceptance of the updated policy.
11. Contact Us
If you have any questions about this Privacy Policy or your data rights, please contact our Data Protection Officer (DPO):
- Privacy Inquiry Line: privacy@gotraveli.com
- Legal & Compliance Affairs: legal@gotraveli.com
- Corporate Address: GoTraveli LLC, 1021 E Lincolnway Suite #10071, Cheyenne, WY 82001, USA
12. CCPA Privacy Notice Addendum
This section is specifically provided for consumers residing in the State of California, USA, as a supplement to the Privacy Policy above, ensuring full compliance with the statutory requirements of the California Consumer Privacy Act (CCPA) and its amended version, the California Privacy Rights Act (CPRA):
- Do Not Sell or Share My Personal Information: We explicitly declare that GoTraveli has not "sold" your personal information for monetary or other valuable consideration in the past 12 months, and will absolutely never do so in the future. Furthermore, we do not "share" your personal information for the purpose of cross-context behavioral advertising. Therefore, you do not need to manually submit a "Do Not Sell or Share My Personal Information" opt-out request to us.
- Your California-Specific Rights: As a California resident, you have the Right to Know (requesting disclosure of the specific pieces of personal information we collect, use, and disclose); the Right to Delete; the Right to Correct inaccurate personal information; and the Right to Non-Discrimination (freedom from any form of discrimination when exercising these privacy rights).
- Exercising Your Rights: To exercise the aforementioned rights, please contact us at
privacy@gotraveli.com. We will respond free of charge within the legally mandated 45-day timeframe. We may require you to provide your registered email address to verify your identity.
Part 2: Data Localization & Cross-Border Transfer
GoTraveli Data Localization & Cross-Border Transfer Special Statement
Effective Date: April 24, 2026
GoTraveli LLC (hereinafter "we," "us," or the "Company") deeply understands the sensitivity and importance of data sovereignty and cross-border data flows. As an entity registered in Wyoming, USA, this special statement aims to transparently and comprehensively disclose how we determine the physical locations for data storage and how we lawfully and securely transfer your personal data across borders.
This statement is an inseparable supplementary document to our Privacy Policy.
1. Primary Data Control & Core Storage Locations (Data Localization)
We provide services globally, but in terms of infrastructure architecture, we have adopted a centralized storage strategy with high security standards:
- Core Production Database: Your personal account data (strictly limited to email addresses), as well as the itinerary details and multimedia images you actively create, are primarily hosted on Supabase's secure cloud servers located in the United States (backed by top-tier infrastructure such as AWS).
- Edge Computing & CDN Nodes: To ensure a lightning-fast experience when you access the App globally, we utilize Cloudflare's globally distributed edge nodes. Your network requests (including IP addresses) may be routed to the data center physically closest to you for instantaneous processing, but the core persistent data remains uniformly stored in the United States.
2. Legal Basis for Cross-Border Transfer
Because our core servers are located in the US, if you are located in the European Economic Area (EEA), the United Kingdom (UK), Switzerland, or other jurisdictions with strict restrictions on cross-border data transfers, your personal data will be transferred to and processed in the United States.
To ensure that your data continues to enjoy a level of privacy protection equivalent to that in your region after being transferred to the US, we strictly rely on the following internationally recognized lawful transfer mechanisms:
2.1 For EU (EEA) and UK Users We absolutely do not rely on mechanisms that lack an adequacy decision from the European Commission for "naked transfers." When we transfer your data to third-party service providers (data processors, such as Supabase and Stripe), we strictly rely on:
- Standard Contractual Clauses (SCCs): We have executed the latest SCCs or International Data Transfer Agreements (IDTAs) approved by the European Commission (or the UK ICO) with all critical third-party service providers. These legally binding agreements mandate that US service providers must comply with high European data protection standards.
- Data Privacy Framework (DPF): If our US data processors have joined the EU-U.S. Data Privacy Framework or the UK Extension to the EU-U.S. DPF, we will prioritize relying on this Adequacy Decision to conduct the transfer.
- Transfer Impact Assessments (TIA): We undertake to conduct Transfer Impact Assessments (TIA) regularly for all transfers to third-country providers.
3. Supplementary Safeguards
We are acutely aware (as pointed out by the Court of Justice of the European Union in the Schrems II ruling) that transferring data to the US may entail risks of government surveillance under US national security laws (such as Section 702 of FISA or EO 12333). To minimize such risks to the greatest extent possible, we have implemented additional technical and organizational supplementary measures:
- End-to-End & Encryption at Rest: When your data is transmitted over public networks (e.g., from your App to our servers), industry-standard encryption protocols of TLS 1.3 or higher are utilized throughout the entire process. When data is in a state of Data at Rest on the servers, it is also encrypted by default (e.g., the AES-256 encryption standard employed by Supabase).
- Data Minimization & Passwordless Architecture: We have eliminated the possibility of leaking the highest-risk data at the source—we absolutely do not collect or store any user passwords (relying entirely on OTP). Furthermore, Location Data is only used locally for instantaneous calculations and is never uploaded to US servers for persistent storage.
- Strict Data Access Controls: Only a highly restricted number of authorized core GoTraveli technical personnel are permitted to access the production database, and only when troubleshooting severe system failures.
4. Your Rights & Consent
By actively checking the box and agreeing to our Terms of Service and Privacy Policy during registration or login to GoTraveli, you expressly acknowledge and consent: To provide you with core SaaS services such as cross-device synchronization, cloud backup, and smart AI conversations, your data must be transferred to the United States and processed in accordance with this statement.
If you withdraw your consent to the cross-border transfer of data, due to the nature of our system architecture, we will be unable to continue providing you with core cloud storage and itinerary planning services. In such an event, you must exercise your right to "Delete Account," and we will thoroughly delete all of your data in accordance with the law.
5. Fallback Clause
Global laws and regulations regarding data transfers are constantly evolving. If any transfer mechanism we currently rely upon (such as SCCs or the DPF) is invalidated by a court or regulatory authority in a relevant jurisdiction, we commit to immediately suspending the relevant transfers and using our best commercial efforts to seek alternative lawful transfer mechanisms, or, if technically feasible, exploring regionalized data localization storage solutions to ensure your data rights remain uninfringed.
Part 3: Third-Party Sharing List
GoTraveli Third-Party Information Sharing List
Effective Date: April 24, 2026
To ensure the stable operation of GoTraveli (the "App") and provide you with our core functionalities, we must integrate specialized services provided by select third parties. We solemnly promise: GoTraveli does not and will never "sell" your personal data. Furthermore, for the purposes of the CCPA/CPRA, GoTraveli does not "sell" or "share" your personal information for cross-context behavioral advertising. We share information only within the scope of "absolute necessity" and exclusively with third parties who have executed strict Data Processing Agreements (DPAs).
To deliver GoTraveli's core features, we have integrated several industry-leading third-party service providers via their Enterprise-grade APIs. The categories of our current third-party partners and their data processing details are as follows:
| Business Scenario & Category | Partner / Service Provider | Scope of Shared Personal Information | Purpose of Processing & Core Functions | Core Compliance & Disclaimer |
|---|---|---|---|---|
| Infrastructure & Cloud Storage | Supabase<br>Cloudflare | • Email address<br>• User-generated itineraries and images<br>• IP addresses and basic network request metadata | To provide passwordless OTP login verification, cloud database storage, multimedia file hosting, global network acceleration (CDN), and anti-DDoS security protection. | We utilize industry-standard encryption for cloud transmission. Data is used solely to maintain your account and itinerary synchronization. |
| Maps, Navigation & Geocoding | Mapbox<br>OpenStreetMap<br>Google Maps | • IP addresses<br>• Searched location keywords<br>• Ephemeral GPS coordinates (only when location permission is explicitly granted) | To render map tiles, calculate navigation distances, and search for nearby public facilities. | Transient Processing: Location coordinates are processed on a transient basis and not persistently stored in GoTraveli’s primary database. |
| Smart Interaction & AI Computing | Industry-leading third-party intelligent computing model providers | • Text prompts actively entered by you<br>• Relevant basic itinerary context information | To process natural language requests and generate personalized travel recommendations. | Strict Warning & Limitation of Liability: Output generated by AI models is provided for informational purposes only. GoTraveli assumes no liability for errors or omissions in third-party AI computing outputs. A full list of specific AI model providers is available upon request to our DPO. |
| Payment & Subscriptions | Stripe (Web)<br>RevenueCat, Apple, Google (Mobile) | • Anonymous in-app User IDs<br>• Device country/region<br>• App Store purchase receipts | To process transaction deductions, calculate taxes, and verify subscription status to unlock Pro premium benefits. | Independent Controllers: Financial transactions are governed by the respective provider’s own privacy policies and terms of service. All core payment data is directly encrypted and processed by PCI-DSS certified institutions. |
| Official Communication & Support | Resend<br>Zoho Mail | • Email address<br>• Email body and attachments actively sent by you | To send system-level transactional emails and to receive and process your feedback or legal infringement complaints. | Strictly limited to one-way system notifications or two-way customer support communication. |
Cross-Border Data Transfers: Where the use of the above third-party services involves the transfer of personal data outside the European Economic Area (EEA) or the UK, such data transfers are protected by Standard Contractual Clauses (SCCs) or other approved transfer mechanisms under the GDPR.
Updates to Our Partnerships: As our business evolves, we may add or replace the aforementioned service providers. Prior to any integration, we conduct strict Security Impact Assessments to ensure new providers are bound by data privacy frameworks equal to or more stringent than our current standards. In the event of any material changes, we will notify you in accordance with applicable laws.
Part 4: Cookie Statement
GoTraveli Cookie Policy
Effective Date: April 24, 2026
This Cookie Policy is designed to clearly explain to you how GoTraveli LLC ("we," "us," or "the Platform") uses cookies and similar technologies on our official website (https://gotraveli.com) and related web services. We are committed to protecting your privacy and strictly adhere to the core principle of "data minimization."
1. What are Cookies and Similar Technologies?
Cookies are small data files sent by a web server and stored on your browser or device when you visit a website. They are widely used to make websites function properly, improve access efficiency, and provide necessary technical system information. References to "Cookies" in this policy also include similar technologies such as local storage (LocalStorage), session storage (SessionStorage), web beacons, and pixels utilized for core functionality.
2. Lawful Basis and Exemption for Necessary Cookies
GoTraveli represents and warrants that we do not engage in any form of targeted advertising or cross-site user behavior tracking. Therefore, in accordance with the EU ePrivacy Directive and applicable data protection laws (such as the GDPR and CCPA/CPRA), all cookies used on our website are classified as "Strictly Necessary Cookies."
Because these cookies are strictly necessary to provide an Information Society Service explicitly requested by the user (such as account login and payment security), the law exempts us from the obligation to obtain your prior consent (i.e., displaying a "Cookie Consent Banner") before placing such cookies.
3. Types, Providers, and Duration of Cookies We Use
The "Strictly Necessary Cookies" we use are categorized as follows:
| Cookie Category | Provider | Purpose & Scenario | Storage Duration |
|---|---|---|---|
| Authentication | Supabase | Used to identify your login status (based on OTP verification), ensuring you do not need to log in repeatedly when accessing your itineraries. | Session (ends when browser closes) or Persistent (up to 30 days) |
| Security & Anti-Fraud | Cloudflare | Used for bot detection and bot management, detecting abnormal traffic, preventing Cross-Site Request Forgery (CSRF), and defending against malicious attacks. | Session / Short-term Persistent |
| Functional | GoTraveli | Solely used to record your language choices or basic UI preferences to maintain essential website operations. | Persistent (expires based on preference reset) |
| Payments | Stripe | Used to process secure transactions and prevent fraud, without involving your detailed credit card information. | Session / Persistent (required for ongoing security) |
4. Our Privacy-First Commitment (What We Do Not Do)
Unlike many other platforms that rely on data monetization, GoTraveli strictly adheres to a privacy-first commitment regarding cookie usage:
- No Third-Party Ad Tracking: We absolutely do not use any third-party tracking cookies (such as Google Analytics or Meta Pixel) to record or analyze your cross-site browsing behavior.
- No Targeted Advertising: We absolutely do not use cookies to serve you any form of targeted or retargeted commercial advertisements.
- No Personal Profiling: We will never use cookie data to build your personal interest profile or sell data to any Data Brokers.
- CCPA/CPRA Exemption: We do not "share" your personal information collected via cookies for cross-context behavioral advertising as defined under the CCPA/CPRA.
5. Limited Data Processing by Third-Party Service Providers
To provide the aforementioned core functions, some of our infrastructure service providers (such as Supabase, Cloudflare, and Stripe) will place "Strictly Necessary Cookies" on your device in accordance with their security and compliance requirements.
The placement and processing of these cookies are strictly bound by the Data Processing Agreements (DPAs) we have signed with each provider. Service providers are only permitted to use them to maintain the stability and security of GoTraveli services and are strictly prohibited from using them for any independent data monetization or cross-marketing.
6. How Do You Manage Cookies?
Although we only use necessary cookies to ensure the website operates, you can still manage, reject, or delete cookies according to your preferences through your browser settings (such as Chrome, Safari, Firefox, Edge). On mobile devices (iOS/Android), you can also clear app cache through your system settings.
⚠️ Strict Warning: If you forcefully disable or block "Strictly Necessary Cookies" through your browser, some of our core services (especially account login, cloud itinerary synchronization, and Pro subscription payment verification) will fail to function properly.
7. Changes to this Policy
We may update this policy from time to time to reflect changes in technology, operational practices, or legal requirements. Any significant changes will be notified via our platform.
8. Contact Us
If you have any questions about this Cookie Policy or our data protection practices, please feel free to contact our Data Protection Officer (DPO):
- Email: privacy@gotraveli.com
- Address: GoTraveli LLC, 1021 E Lincolnway Suite #10071, Cheyenne, WY 82001, USA
Part 5: Data Protection Officer (DPO)
GoTraveli Data Protection Officer (DPO) Special Statement
Effective Date: April 24, 2026 Document ID: COMP-DPO-2026-01
To fulfill our highest commitment to user privacy protection, GoTraveli LLC has voluntarily designated a Data Protection Officer (DPO) and a dedicated Privacy Team. Although our strict data minimization architecture means that applicable privacy laws (such as the GDPR) typically do not mandate us to appoint a statutory DPO, we proactively align with the highest global compliance standards to ensure your personal information is handled with the utmost care and legality.
1. Identity & Contact Information
Our DPO and Privacy Team serve as your primary point of contact regarding personal data processing, the exercise of data rights, and privacy inquiries.
- Official Email: privacy@gotraveli.com
- CC Email: legal@gotraveli.com (Legal & Compliance Department)
- Mailing Address: Attn: Data Protection Officer / Privacy Team, GoTraveli LLC, 1021 E Lincolnway Suite #10071, Cheyenne, WY 82001, USA
2. Mandate & Responsibilities
GoTraveli’s DPO and Privacy Team execute the following core responsibilities internally:
- Compliance Oversight: Supervising the company’s implementation of the Privacy Policy and applicable international privacy laws (e.g., GDPR, CCPA).
- Risk Assessment: Leading Data Protection Impact Assessments (DPIAs) before the company introduces significant technological changes (especially integrating new AI models or processing geolocation data).
- Regulatory Liaison: Serving as the official communication hub between the company and data protection regulatory authorities across global jurisdictions.
- Rights Response Coordination: Coordinating responses to user requests regarding the "Right to Erasure," "Right to Data Portability," and "Right of Access," committing to respond within a reasonable timeframe (typically 30 calendar days, subject to extensions as permitted by law for complex requests).
3. Operational Mechanism & Independence
To ensure the effectiveness and independence of privacy oversight, GoTraveli implements the following mechanisms:
- Objective Review & Reporting: The Privacy Team maintains a direct reporting line to the company's core executive management. This ensures that compliance judgments regarding data processing activities are free from undue interference by short-term commercial interests.
- Confidentiality Obligations: The Privacy Team strictly adheres to professional confidentiality requirements, bearing the highest level of confidentiality responsibility regarding the content of user requests and the company's internal security mechanisms.
4. How to Contact the DPO to Exercise Your Rights
If you have the following needs, please write directly to our DPO:
- Data Access / Portability Requests: Seeking to obtain a copy of your data held by us.
- Correction / Deletion Requests: Requesting the correction of erroneous account information or the complete deletion of your account.
- Compliance Inquiries: Having questions about our AI conversational features or data processing practices.
⚠️ Processing SOP (Standard Operating Procedure): To protect your account security and prevent malicious data theft, we generally require you to send your request using the original email address bound to your GoTraveli account to verify your identity. In cases of significant doubt regarding identity, we reserve the right to request additional information necessary to confirm your identity. We commit to using commercially reasonable efforts to process your legitimate requests; concurrently, for requests that are manifestly unfounded, excessive, or repetitive, we reserve the right to lawfully request additional information or refuse to process them.
Part 6: Compliance Matrix (Public Notice)
GoTraveli Global Privacy & Security Compliance Matrix
Effective Date: April 24, 2026 Applicable Entity: GoTraveli LLC (Wyoming, USA) Contact Email: privacy@gotraveli.com
As an enterprise providing intelligent travel planning SaaS services to a global audience, GoTraveli is committed to embedding the highest standards of data protection ("Privacy by Design") into our system architecture and daily operations. This matrix outlines how we respond to and implement major global privacy laws, industry standards, and platform compliance requirements.
| Applicable Regulations & Industry Standards | Core Compliance Requirements | GoTraveli Implementation Mechanism & Defense Posture |
|---|---|---|
| GDPR<br>(EU General Data Protection Regulation) | Data Minimization, Cross-Border Transfers, DPO Designation | Deep Compliance: Utilizes passwordless login; relies on EU SCCs for lawful data transfers, with core sub-processors officially DPF-certified; established a dedicated DPO channel to handle user data rights requests. Maintains a detailed Record of Processing Activities (RoPA) per Art. 30. |
| CCPA / CPRA<br>(California Consumer Privacy Act) | Do Not Sell Personal Info, Transparency Disclosures | Zero Sale Commitment: Solemnly declares absolute refusal to sell any user personal data; publicly discloses a detailed "Third-Party Sub-Processor List" to ensure maximum transparency. |
| Security Incident Response | Vulnerability Management, Data Breach Notification Mechanism | 72-Hour Emergency Protocol: Established standard incident response procedures; in the event of a data breach, commits to notifying relevant regulatory authorities and affected users within the legally required 72 hours. Utilizes encryption at rest (AES-256) and in transit (TLS 1.3). |
| PCI-DSS<br>(Payment Card Industry Data Security Standard) | Credit Card Data Processing & High-Strength Protection | Zero-Touch Compliance: Absolutely never touches raw credit card data; all payments are tokenized and processed by PCI Level 1 certified providers (e.g., Stripe). |
| COPPA & GDPR-K<br>(Children's Online Privacy Protection) | Prohibition on Unconsented Minor Data Collection | Strict Access: Explicitly prohibits usage by individuals under 13 (or 16 in certain regions); established an exclusive guardian rectification channel to report and permanently destroy erroneously collected data. |
| DMCA<br>(Digital Millennium Copyright Act) | Safe Harbor Principle, Infringing Content Takedown Mechanism | Official Appeal Channel: Established a dedicated legal email to receive copyright notices; strictly enforces a repeat infringer termination policy, banning accounts with multiple violations. |
| Apple / Google EULA<br>(App Store Guidelines) | UGC Moderation, Abuse Prevention Mechanisms | Tiered Risk Control: Implements a post-event zero-tolerance policy and community reporting mechanism; maintains internal security audit logs to prevent API abuse through warnings and account bans. |
| AI Ethics & Safety<br>(Generative AI Compliance) | Algorithm Transparency, Anti-Discrimination, Sensitive Data Isolation | Strong Liability Shield: Declares AI outputs as probabilistic recommendations, not factual statements; strictly prohibits the input of sensitive data; disclaims financial liability for real-world travel delays resulting from reliance on AI. |
| ePrivacy Directive<br>(EU Cookie Directive) | Informed Consent for Tracking Technologies | Statutory Consent Exemption: Deploys only "Strictly Necessary Cookies" to secure login and payments, legally exempting the service from intrusive consent banners; solemnly commits to rejecting any cross-site ad tracking. |
| ADA / Accessibility<br>(Americans with Disabilities Act) | Accessible Digital Experiences | Commercially Reasonable Efforts: References WCAG guidelines to optimize the digital experience and provides a feedback channel, without constituting an absolute legal guarantee of specific accessibility technical standards. |
📌 Legal Disclaimer
This Compliance Matrix is intended solely as an overarching overview of GoTraveli's compliance architecture, designed to enhance transparency and enable users, regulators, and partners to rapidly understand our privacy and security framework. This matrix itself does not constitute a standalone legal contract. For your specific legal rights and our detailed obligations, please strictly refer to the full text of our "Terms of Service (ToS)" and "Privacy Policy."