Curated travel, powered by AI.

Privacy Policy

Last updated: January 29, 2026

This Privacy Policy for Verolora (referred to as “we”, “us”, or “our”) describes how and why we collect, use, and share (i.e., process) your personal information when you use our services (the “Services”), which include, for example: · Visiting our website at verolora.com (the “Site”) or any site that links to this Privacy Policy · Engaging with us in other related ways – for instance, through our marketing or events.

Questions or concerns?
Reading this Privacy Policy will help you understand your rights and choices regarding your personal information. We are responsible for deciding how your personal information is handled, and we take that responsibility seriously. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns after reading, please contact us at contact@verolora.com.

Summary of Key Points:
This summary highlights important points from our Privacy Policy. For more details on any of these topics, you can read the full policy sections below. · Personal information we collect: When you use our Services, we may collect personal information that you provide to us (such as your email if you contact us) and information that is collected automatically (such as IP address and device details). See What Information Do We Collect for more. · Sensitive personal information: We do not intentionally collect any sensitive personal information (e.g., health, genetic, biometric data, information about race or ethnicity, religious or philosophical beliefs, etc.). · Information from third parties: We do not obtain personal information about you from third-party sources. We only process the information you provide or that is collected automatically when you use our Services. · How we process your information: We process your information to provide and improve our Services, communicate with you, enhance security and prevent fraud, and to comply with legal requirements. We only process your information when we have a valid legal reason to do so (such as your consent, to fulfill a contract, to protect legitimate interests, or to comply with law). See How Do We Process Your Information for more details. · Sharing of your information: We may share your information in specific situations and with certain categories of third parties, such as service providers and partners who assist us in operating the Site, advertising, and analytics. We do not sell your personal information. See When and With Whom Do We Share Your Personal Information for more information. · Cookies and tracking: We may use cookies and similar tracking technologies to collect information about your usage of our Site and to deliver relevant content or advertising. You can control cookies through your browser settings and other tools. See Do We Use Cookies and Other Tracking Technologies for details. · Data security: We have implemented reasonable security measures to protect your information. However, no online platform is 100% secure, so we cannot guarantee absolute security. See How Do We Keep Your Information Safe. · Your privacy rights: Depending on your location, you may have rights such as accessing, correcting, or deleting your personal information, or withdrawing consent. See What Are Your Privacy Rights for an overview of rights by region. · Exercising your rights: The easiest way to exercise your rights is by contacting us at contact@verolora.com. We will review and act upon any request in accordance with applicable data protection laws.
For more detailed information, please read the full Privacy Policy below.


Table of Contents:

  1. What information do we collect?
  2. How do we process your information?
  3. What legal bases do we rely on to process your personal information?
  4. When and with whom do we share your personal information?
  5. What is our stance on third-party websites?
  6. Do we use cookies and other tracking technologies?
  7. How long do we keep your information?
  8. How do we keep your information safe?
  9. Do we collect information from minors?
  10. What are your privacy rights?
  11. Controls for do-not-track features
  12. Do united states residents have specific privacy rights?
  13. Do other regions have specific privacy rights?
  14. Do we make updates to this notice?
  15. How can you contact us about this notice?
  16. How can you review, update, or delete the data we collect from you?
  17. Hat information do we collect?


1. What Information de collect:
Personal information you disclose to us In Short: We collect personal information that you voluntarily provide to us (for example, when you contact us or interact with the Services). We do not collect sensitive personal data.
We collect personal information that you voluntarily give us when you express interest in obtaining information about us or our Services, when you participate in activities on the Services, or when you otherwise contact us. For example, we may collect your name, email address, or other contact information if you provide it to us when reaching out for support or signing up for updates. · Sensitive Information: We do not intentionally collect any special categories of personal data about you (such as information about your race, ethnicity, political opinions, religious beliefs, health, genetic or biometric data, or sexual orientation). Please refrain from sending us sensitive personal information.

All personal information that you provide must be true, complete, and accurate. If your personal information changes, you should notify us of any changes so we can update our records.
Information automatically collected In Short: Some information – such as IP address and device characteristics – is collected automatically when you visit our Site.
When you access or use the Services, we automatically collect certain technical information about your device and usage of the Site. This information does not reveal your identity (we do not collect your name or contact details unless you provide them), but it may include details such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country or general location, and information about how and when you use our Services. This information is primarily needed to maintain the security and operation of our Site, for internal analytics, and to improve your user experience.

Like many businesses, we also use cookies and similar tracking technologies to collect some of this information. For more details, see Do We Use Cookies and Other Tracking Technologies? below and our Cookie Notice on our website.

The information we automatically collect includes, for example:
· Log and Usage Data: This is service-related, diagnostic, usage, and performance information our servers collect automatically when you access or use our Services. It may include your IP address, device information, browser type and settings, and information about your activity on the Site (such as the pages or features you accessed, the time and date of each request, search terms you entered, and other actions you take, as well as error logs and crash dumps). · Device Data: We collect device information such as details about the computer, phone, tablet, or other device you use to access the Services. Depending on the device, this data might include your IP address (or proxy server), device and application identification numbers, browser type, hardware model, Internet service provider or mobile carrier, operating system, and system configuration information. · Location Data: We may collect information about your device’s approximate location (e.g., country or city level location) as determined by your IP address. This is generally not precise. We do not collect GPS or precise geolocation data from your device. You can choose to disable location access in your device or browser settings, but some functionality of the Services (such as region-specific content) might be limited if you do so.
Google API: If our Services integrate with any Google API services (for example, using Google’s tools or login), our use of information obtained through those Google API services will comply with Google’s API Services User Data Policy (including the Limited Use requirements). This means any data obtained from Google APIs will be used only for the specific purposes intended and not for unrelated purposes without your consent.

2. How do we process your information:
In Short: We process your information to operate, provide, and improve our Services, to communicate with you, for security and fraud prevention, and to comply with legal obligations. We only process your information when we have a valid legal reason to do so.
We use personal information collected via our Services for a variety of business purposes, depending on how you interact with the Services. These purposes include: · To provide and manage the Services: We process your information to allow you to use the Site’s features, such as generating travel itineraries, and to ensure the Services function correctly. · To request feedback and communicate with you: If you provide your contact information, we may process that data when necessary to request feedback about your experience or to contact you regarding your use of the Services (for example, responding to your inquiries or providing customer support). · To send marketing and promotional communications: With your consent or as otherwise permitted by law, we may use your personal information (such as an email address if you provided one) to send you marketing materials and promotions about our Services or new features. You can opt out of our marketing emails at any time (see What Are Your Privacy Rights below). · To deliver targeted advertising and content: We may process certain information about your activities on our Site to develop and display content and advertising tailored to your interests and location. For example, we might use browsing data or cookies to show you travel-related advertisements that are more relevant to you. For more details, see our Cookie Notice on verolora.com and the section on cookies below. · To protect our Services and users: We process data as part of our efforts to keep the Site safe and secure. This includes using data to prevent fraud, detect security incidents, combat spam or malware, and take action against illegal or harmful activities. · To analyze usage trends and improve the Services: We may process data about how users use our Services to understand what features are most used or where users encounter issues. This helps us improve the design, content, and functionality of the Site and develop new features that enhance the user experience. · To measure performance of marketing campaigns: We may process personal information (like your interactions with our Site or ads) to evaluate and improve the effectiveness of our marketing and promotional campaigns. This helps us understand user engagement and tailor our marketing strategies. · To comply with legal requirements and prevent harm: We may process personal data if required to do so by applicable law, regulation, or legal process (for example, in response to a subpoena or lawful request by authorities). We may also process information if necessary to protect an individual’s vital interests, such as to prevent imminent harm or injury to any person.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason that is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and explain the legal basis that allows us to do so.

3. What legal bases do we rely on to process your personal information:
In Short: We only process your personal information when we have a valid legal reason to do so under applicable law. This means we process your data only when (i) you have given consent, (ii) it’s necessary to fulfill or prepare a contract with you, (iii) we have to comply with a legal obligation, (iv) it’s necessary to protect your vital interests or those of someone else, or (v) it’s necessary for our legitimate business interests (and those interests do not override your rights and freedoms).
If you are located in the European Economic Area (EEA) or United Kingdom (UK): Under the General Data Protection Regulation (GDPR) and UK GDPR, we must inform you of the specific legal bases we rely on to process your personal information. We may rely on the following legal grounds: · Consent: We may process your personal information if you have given us clear consent to do so for a specific purpose. For example, if you consent to receive marketing emails, we will use your email for that purpose. You have the right to withdraw your consent at any time. (See Withdrawing your consent under What Are Your Privacy Rights for how to do so.) · Legitimate Interests: We may process your information when it is necessary for our legitimate business interests and those interests are not overridden by your rights or interests. This means we have a business reason to use your data, which does not unfairly impact your privacy. For instance, we may process your personal information in order to: o Send you information about special offers, new services, or other updates (if you have an existing relationship with us, we might do this on the basis of our interest in marketing our services, within the bounds of applicable law). o Understand how our Services are used, so we can improve user engagement and retention. o Develop and display personalized content and advertisements to make our service more relevant to you. o Detect and prevent fraud or illegal activities to keep our Services secure. o Improve the functionality and user experience of our website by analyzing how users interact with it. · Performance of a Contract: We may process your personal data when it is necessary to enter into or perform a contract with you. For example, if you use our Services to create an itinerary, we need to process certain information to deliver that service to you. · Legal Obligation: We may process your information when we need to comply with a legal obligation. For instance, we might be required to retain certain data to comply with tax laws, or to disclose information in response to a court order or valid law enforcement request. · Vital Interests: We may process your information when it is necessary to protect your vital interests or those of another person. This is generally only applicable in life-or-death situations. For example, we might share information in a situation involving an imminent threat to the safety of any person.
If you are located in Canada: We will only process your personal information with your consent (which can be express or implied) or if otherwise permitted by Canadian law. In practice, by using our Site and providing personal information, you imply consent for us to use your information to provide the Services. In certain situations, the law allows us to process personal information without consent, including, for example: · If collection is clearly in the interests of an individual and timely consent is not available. · For investigations and fraud detection or prevention. · For business transactions (for instance, if the data is necessary for a merger or acquisition) provided certain conditions are met. · If the information is contained in a witness statement and collecting it is necessary to assess, process, or settle an insurance claim. · For identifying injured, ill, or deceased persons and communicating with next of kin. · If we have reasonable grounds to believe an individual may be a victim of financial abuse, and processing the information is necessary to investigate. · If it’s reasonable to expect that seeking the individual’s consent would compromise the availability or accuracy of the information and the collection is necessary for an investigation of a breach of an agreement or contravention of the laws of Canada or a province. · If disclosure is required by law (e.g., to comply with a subpoena, warrant, or court order). · If the information was produced in the course of an individual’s employment, business, or profession and the collection is consistent with the purposes for which the information was produced. · If the collection is solely for journalistic, artistic, or literary purposes. · If the information is publicly available and specified by regulations. · We may also disclose de-identified information (information that does not identify you) for research or statistical purposes in the public interest, provided certain requirements are met (such as obtaining any necessary approvals and ensuring confidentiality).
If we ever need to process your personal information in a way not described above, we will do so only if allowed by law and, where required, with your consent.

4. When and with whom do we share your personal information:
In Short: We may share your information with third-party service providers, partners, or in certain transactions, but only with specific parties and only as needed. We require any third party to safeguard personal information according to our policies.
We do not sell your personal information to anyone. However, we may need to share your data in the following situations: · Third-Party Service Providers: We may share your information with third-party companies and individuals that perform services on our behalf or help us operate the Services (commonly called “vendors”, “contractors”, or “service providers”). These third parties may need access to personal information to perform their functions, such as hosting our website, providing cloud storage, analyzing data, serving advertisements, sending email communications, providing customer service, or assisting in marketing efforts. We have contracts in place with our service providers to ensure your personal information is protected. They are not allowed to use your personal information for any purpose other than what we have instructed, and they are required to keep your information confidential and secure. Some categories of third-party providers we may share personal information with include, for example: o Affiliate marketing programs (for handling any referral or affiliate tracking on our Site) o Advertising networks (that display ads on our Site or elsewhere based on your visits) o User account registration and authentication services (if we offer user accounts or login through another service like Google) o Website hosting and infrastructure providers (companies that host our website and databases) o Testing and analytics tools (services that help us test new features or analyze how users interact with our Site) o Social media platforms (if our Site integrates with social features or you choose to share content via social media) o Sales and marketing tools (platforms that help us manage email communications or marketing campaigns) o Retargeting platforms (services that help us show you ads on other websites based on your interactions with our Site) o Product engineering & design tools (services we use to develop and improve our Services) o Performance monitoring tools (services that help us monitor the uptime and performance of our Site) o Payment processors (if you make any purchases or transactions through our Site, though currently our service is free and we do not directly process payments) o Order fulfillment or service delivery partners (if we ever partner with third parties to deliver a service you requested) o Financial and accounting tools (for invoicing or financial record-keeping if applicable) o Government authorities or law enforcement (but only if required by law or necessary to comply with legal obligations, as described below) o Data storage providers (secure cloud storage services for our data) o Data analytics services (third-party analytics like Google Analytics that collect usage data for analysis) o Communication & collaboration tools (services that facilitate communication within our team or with users) o Cloud computing services (general cloud platforms where we might host aspects of our Service) o AI platforms (external artificial intelligence services we use — for example, we use the Google Gemini AI to generate personalized itineraries. In doing so, some user-provided data might be sent to that AI platform to process your request, under strict controls and solely for providing you with the requested itinerary.) · Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by or to another company. If we (or our assets) are acquired by another company, your information would likely be transferred to the new owner to continue operating the Services. In such a case, we would require the new owner to honor this Privacy Policy or provide you notice and, if required, obtain your consent for any changes. · Legal Obligations: We may disclose your personal information if we believe it is necessary to comply with applicable law, regulation, legal process, or governmental request. This includes responding to court orders, subpoenas, or requests by public authorities (such as law enforcement or regulatory agencies). · Protection of Rights and Interests: We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our Terms of Use or other agreements, suspected fraud, situations involving potential threats to the safety or legal rights of any person, or to investigate or defend against third-party claims or allegations. · With Your Consent or at Your Direction: We might share your personal information for other purposes but only with your explicit consent. For example, if you request that we share your information with a third-party service or partner (say, you enter a contest or promotion we offer with another company), we will do so only with your permission.
We want to reiterate that when we share your data with service providers, they are contractually obligated to handle it with care and use it only for the purposes we specify. We do not allow them to use your data for their own marketing or other purposes.

5. What is our stance on third-party websites:
In Short: We are not responsible for the safety or privacy of any information that you share with third parties outside of our Site, even if those third-party websites are linked to or advertised on our Site. Any links to third-party sites or services are provided for your convenience, and you access them at your own risk.
The Services may include links to third-party websites, services, and applications that are not operated or controlled by us. For example, our Site may feature links to external travel service providers (like airline or hotel booking sites), social media platforms, or display advertisements that take you to third-party websites. If you click on a third-party link, you will be directed to that third party’s site or service.
Please note: Our Privacy Policy does not apply to information collected on any third-party websites or through any third-party services outside of our Services. We do not control and are not responsible for the content, privacy practices, or security of any third parties. If you provide any information to third-party sites, those sites’ privacy policies will govern the use of your information.
We make no endorsement or representations about any third-party websites or services that may be linked to from our Site. We cannot guarantee the safety or privacy of data you provide to any third parties. If you leave our Site (for example, by clicking an external link), any data you provide to a third party is not covered by this Privacy Policy.
We are not responsible for the content or practices of any site that is not our own, even if it is linked to or from our Services. We recommend that you review the privacy policies and terms of use of any third-party websites or services before providing any personal information or engaging with them. If you have questions about how those third parties use your data, please contact them directly.

6. Do we use cookies and other tracking technologies:
In Short: Yes, we may use cookies, web beacons, pixels, and similar tracking technologies to collect and store information about your usage of our Site. These technologies help us in various ways, including to improve your browsing experience, analyze usage, and show you relevant ads. You have options to control or refuse these technologies.
Our Site may use cookies (small text files placed on your device) and similar tracking technologies such as web beaconsor pixels. Here is how we use them: · Essential Cookies: Some cookies are necessary for the Site to function properly. For example, they may allow you to navigate our pages and use key features. These cookies generally do not collect personal information, but without them, the Site may not work as intended. · Preference Cookies: We might use these to remember your preferences (such as your language or region) to personalize your experience. · Analytics Cookies: We use these to collect information about how visitors use our Site (which pages are visited, how long users stay, etc.). This helps us improve the Site’s performance and your experience. For instance, we use Google Analytics which places cookies to gather usage data (see below for more on Google Analytics). · Advertising Cookies: We (or our advertising partners) may use cookies and similar technology to collect information about your browsing habits and interests in order to show you relevant advertisements on our Site or elsewhere. These are also known as targeting or marketing cookies. They remember that you visited our Site and may help us serve you ads related to our Services when you visit other websites. · Web Beacons/Pixels: Our emails or Site pages might contain small electronic files known as web beacons or pixels. These allow us, for example, to count users who have visited those pages or opened an email and for other related website statistics (e.g., recording the popularity of certain content).
Third-Party Tracking and Advertising: We permit certain third parties (such as advertising networks and analytics providers) to use cookies and other tracking tools on our Site. These third parties may collect information about your online activities over time and across different websites when you use our Site. They use this information to provide you with interest-based advertising or other targeted content. For example, you might see an advertisement for our Services on another website after visiting ours.
If we use advertising features that might be considered a “sale” or “sharing” of personal information under some U.S. state privacy laws (like California’s CPRA or other state laws defining targeted advertising as “sharing”), you have the right to opt out of these practices. To opt out of certain online tracking (such as interest-based advertising), please see the instructions under your state-specific rights in section 12 below.
For more detailed information about how we use cookies and how you can manage your preferences, please see our Cookie Notice on verolora.com. (This notice provides specifics on types of cookies and how to opt out or adjust settings.)
Google Analytics: We use Google Analytics to understand how visitors engage with our Site. Google Analytics uses cookies and similar technologies to collect data about usage of our Services. This data (such as which pages you visit, how long you stay, how you arrived at our Site, and your general location) helps us analyze user traffic and improve our Site. Google Analytics may also set cookies for use in Google’s advertising networks (Google Analytics Advertising Features), which allow us to understand impressions and ad demographics. The Google Analytics Advertising Features we might use include: · Remarketing with Google Analytics – to show our ads on other websites to people who have visited our Site. · Google Display Network Impression Reporting – to understand how our ads perform. · Google Analytics Demographics and Interest Reporting – to get an overview of the types of users visiting our Site (e.g., age, interests) in aggregate form.
You can opt out of Google Analytics tracking by installing the official Google Analytics Opt-Out Browser Add-on(https://tools.google.com/dlpage/gaoptout), which prevents Google Analytics from using your information. For Google Analytics Advertising Features, you can adjust your ad settings via Google Ads Settings or opt out of interest-based ads through resources like the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) or Digital Advertising Alliance opt-out tool.
For more information on how Google collects and processes data, you can visit Google’s site “How Google uses information from sites or apps that use our services” and review Google’s Privacy Policy.
Your Choices: Most web browsers are set to accept cookies by default. If you prefer, you can usually set your browser to refuse cookies or alert you when cookies are being sent. You can also often delete cookies that have already been set. However, please note that if you disable cookies, some features of our Site might not function properly. Also, opting out of cookies or tracking signals in your browser does not necessarily mean you will not see any advertisements – it just means those ads will not be tailored to you using cookies.

7. How long do we keep your information:
In Short: We retain your personal information only as long as necessary for the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. We aim to only keep your data for as long as we truly need it.
We will keep your personal information for as long as it is needed to fulfill the purposes we collected it for (as described in this Privacy Policy), unless a longer retention period is required or allowed by law. For example, certain laws may require us to keep records for a set period of time (such as financial or transaction data for tax or audit purposes), or we may need to retain information in the event of a complaint or legal claim.
Once the purpose for processing your personal information has been satisfied, or you request deletion (and we have no other legal basis to retain it), we will either delete or anonymize your personal information. If deletion or anonymization is not immediately feasible (for instance, because the data is stored in backup archives that are not easily accessible), then we will securely store your personal information and isolate it from further processing until deletion is possible.
Data Anonymization: In some cases, rather than delete your data, we may choose to anonymize it so it can no longer be associated with you. For example, we might convert personal data into statistical or aggregated data that no longer identifies any individual. This aggregated data may be used for research or analysis, but it cannot be traced back to you.
Retention for Legal Compliance: Even if you request that we delete your information, we may retain certain minimal data as necessary to comply with our legal obligations or to resolve disputes. For instance, we might retain a record that you opted out of communications to ensure we honor that request moving forward.
In summary, we strive not to keep personal data in identifiable form for longer than necessary. When we have no ongoing legitimate business need or legal requirement to process your personal information, we will remove it from our systems or take appropriate steps to anonymize it.

8. How do we keep your information safe:
In Short: We employ organizational and technical security measures to protect your personal information. However, no website or internet transmission is completely secure, so we cannot guarantee absolute security. You should use the Site in a secure environment and notify us if you suspect any unauthorized access to your account or data.
We take the security of your personal information seriously and have implemented reasonable security measures to protect against unauthorized access, use, alteration, or destruction of your personal data. These measures include physical, administrative, and technical safeguards such as encryption, firewalls, secure hosting environments, and access controls to limit who on our team can access information.
Our security measures are designed to provide a level of security appropriate to the risk of the personal information we process. We also regularly review our security procedures to consider appropriate new technology and methods.
However, please remember that no method of transmission over the Internet or method of electronic storage is 100% secure or foolproof. While we strive to protect your personal information, we cannot guarantee that unauthorized third parties (hackers, cybercriminals, or others) will never be able to defeat our security measures or misuse your information. In other words, any transmission of personal information to and from our Services is at your own risk.
Here are some measures you can take to further protect yourself: · Secure Connections: Whenever possible, access our Site over a secure network. Avoid using unsecured public Wi-Fi networks to submit personal information. · Account Security: If you create an account with us (now or in the future), choose a strong, unique password and keep it confidential. Notify us immediately at contact@verolora.com if you suspect any unauthorized access to or use of your account. · Phishing Awareness: We will never ask you for your passwords via email or unsolicited communication. Be cautious of emails or websites that purport to be us and ask for your personal data. Always check that communications from us are legitimate.
Despite our efforts, there is an inherent risk in transmitting information via the internet. Thus, we recommend that you only access the Services within a secure environment. If we become aware of a data breach that affects your personal information, we will notify you and the appropriate authorities as required by law.

9. Do we collect information from minors:
In Short: We do not knowingly collect or solicit personal information from children under 18 years of age (or the age of majority in your jurisdiction), and we do not knowingly market to them. If we learn that we have received information from a child under 18, we will delete it.
Our Services are not intended for children under 18 years of age (or the equivalent minimum age in the jurisdiction where they reside). We do not knowingly solicit data from or market to children under 18. By using the Site, you represent that you are at least 18 years old (or are the parent or guardian of a minor who is using our Services with your consent and supervision).
If you are under 18, please do not provide any personal information to us. We also ask that parents or guardians supervise their children’s online activities and consider using parental control tools available from online services to ensure that minors do not access content that is not suitable for them.
In the event we learn that we have inadvertently collected personal information from a child under 18 without verified parental consent, we will take immediate steps to delete that information from our records. For example, if we discover a user profile that appears to belong to a minor, we will disable and remove that account and any data associated with it.
If you become aware of any data we may have collected from or about children under 18, please contact us at contact@verolora.com so that we can investigate and promptly remove such information.

10. What are your privacy rights:
In Short: Depending on your location, you may have certain rights regarding your personal information, such as the right to access, correct, delete, or restrict the use of your data. You can also withdraw consent if we are processing your information based on consent. We provide tools (like contact methods) to help you exercise these rights easily.
The privacy laws of your country, state, or region may grant you specific rights concerning your personal data. Here is an overview of the rights that may be available to you: · Right to Access: You have the right to request confirmation of whether we are processing your personal information, and if so, to request a copy of the personal information we hold about you. This is sometimes called a “data subject access request.” · Right to Rectification: You have the right to request that we correct or update any inaccurate or incomplete personal information about you. We want to ensure that the data we have is accurate and up-to-date. · Right to Erasure: You have the right to request deletion of your personal information in certain circumstances. This is sometimes known as the “right to be forgotten.” We will honor such requests to the extent required by applicable law. Please note there are exceptions – for example, we might retain data if needed for legal obligations or if it’s technically impossible to delete (in which case we will isolate it and secure it until deletion is possible). · Right to Restrict Processing: You have the right to ask us to suspend the processing of your personal information in certain scenarios – for instance, if you contest the accuracy of the data or if you object to our processing and we are evaluating your request. · Right to Data Portability: In some situations, you have the right to request that we provide you or a third party with certain personal information in a structured, commonly used, machine-readable format. This typically applies to information you provided and that we process by automated means based on your consent or a contract you have with us. · Right to Object: You have the right to object to our processing of your personal information in certain cases. For example, if we are processing your data based on legitimate interests, you may object to that processing if you believe it impacts your fundamental rights and freedoms. You also have the right to object at any time if we are processing your personal information for direct marketing purposes. · Right not to be subject to Automated Decision-Making: If a decision affecting your rights or interests is made solely by algorithms or automated systems, you have the right to be informed and to request human intervention or an opportunity to contest the decision. (Note: Our Services do not typically involve decisions that produce legal or similarly significant effects solely by automated means – the AI-generated itineraries we provide are for your convenience and you always have the final say in your travel decisions.)
If you are located in certain regions, for example the EEA, UK, Switzerland, or Canada, your rights as described above are protected by law. To exercise any of these rights, you can contact us using the details provided in How Can You Contact Us About This Notice? below. We will consider and respond to any request in accordance with applicable data protection laws. We may need to verify your identity before fulfilling your request (to ensure that we do not disclose your data to someone else).
Additionally, if you are in the EEA, UK, or Switzerland and believe we have processed your personal information unlawfully or violated your rights, you have the right to complain to your local data protection supervisory authority. For example: · In the EEA: You can find your country’s supervisory authority contact information here: https://edpb.europa.eu/about-edpb/board/members_en. · In the UK: The relevant authority is the Information Commissioner’s Office (ICO): https://ico.org.uk/make-a-complaint/. · In Switzerland: You can contact the Federal Data Protection and Information Commissioner (FDPIC): https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.
Withdrawing your consent: In cases where we rely on your consent to process your personal information (for example, for sending marketing emails), you have the right to withdraw your consent at any time. You can do this by: · Clicking the “unsubscribe” link in any marketing email we send you, which will remove you from future marketing email lists. · Contacting us at contact@verolora.com and specifying which consent you are withdrawing (for instance, you can say “I withdraw consent for receiving the newsletter”).
Please note that withdrawing consent will not affect the lawfulness of processing based on consent before it was withdrawn. In other words, if you gave consent for something and later withdraw it, we will stop the future processing, but it won’t undo any processing that happened while the consent was valid. Also, in many cases we may have alternative legal grounds to continue processing your information (such as fulfilling a contract or a legal obligation); if that’s the case, we will let you know.
Cookies and similar technologies: As noted earlier, you can typically remove or reject cookies through your browser settings. You can also opt out of certain targeted advertising programs as described in Section 6 and Section 12.
If you have any questions or concerns about your privacy rights or how to exercise them, you can always reach out to us at contact@verolora.com. We are here to help and will guide you through the process.

11. Controls for do not track features:
In Short: “Do Not Track” (DNT) is a setting in many web browsers that requests a website not track your online activities. Currently, there is no consistent industry standard for recognizing or honoring DNT signals, so we do not respond to them at this time.
Some web browsers (and some mobile operating systems) offer a Do-Not-Track feature that you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. When you turn on the DNT signal in your browser, it sends a message to websites you visit indicating that you do not want to be tracked.
However, it’s important to understand that at this time no uniform standard or consistent technology exists for recognizing and implementing DNT signals. Because of this lack of standardization, we (along with many other website operators) currently do not respond to DNT browser signals or any other mechanism that automatically communicates your preference not to be tracked online.
If a uniform standard for online tracking is established in the future and we are required to follow it, we will update this Privacy Policy to inform you of our new practices.
For residents of California: California law requires us to inform you how our Site responds to DNT signals. As explained above, we do not respond to DNT signals or similar mechanisms because there is not yet an industry or legal standard to do so. We will monitor developments around DNT and may re-evaluate our approach if standards emerge.
In the meantime, you can use other tools and methods described in this Privacy Policy (such as adjusting cookie settings or using opt-out options for analytics and advertising) to control the collection of your data.

12. Do united states residents have specific rights:
In Short: Yes. If you are a resident of certain U.S. states, you may have additional privacy rights under state laws. These may include rights to access and obtain details about the personal information we have about you, correct inaccuracies, obtain a copy of your data, delete your data, or opt out of certain data processing activities. These rights vary by state but we outline a general overview below.
Several U.S. states have enacted privacy laws granting residents specific rights regarding their personal information. These states include, for example, California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, and Virginia. If you reside in one of these states, you may exercise the following rights with respect to your personal information (subject to certain limitations and exceptions under the law): · Right to Know/Access: You can request that we disclose to you the categories and specific pieces of personal information we have collected about you, as well as information about our processing of that data (such as the categories of sources of the information, the business purposes for collecting it, and the categories of third parties with whom we share it). · Right to Correct: You can request that we correct any inaccurate personal information we hold about you. · Right to Delete: You can request that we delete personal information that we collected from you and retain, subject to certain exceptions (for example, we may need to keep certain data to comply with legal obligations or to complete a transaction you requested). · Right to Data Portability: You may have the right to obtain a copy of the personal information you provided to us, in a portable and (to the extent technically feasible) readily usable format that allows you to transmit the information to another entity. · Right to Opt-Out of “Sale” or “Sharing” of Personal Data: If we engage in activities that are considered a “sale” of personal data or “sharing” of personal data for targeted advertising under applicable laws, you have the right to opt out of those activities. Note: We do not sell your personal data for money. If we use cookies or third-party advertising that might be considered “sharing” for targeted advertising, you can opt out using the mechanisms described in the cookie section above or via a “Do Not Sell or Share My Personal Information” link on our website (if provided). · Right to Opt-Out of Profiling: If we engage in profiling in furtherance of decisions that produce legal or similarly significant effects concerning you (and that profiling is not reasonably expected by you or necessary for our Services), you have the right to opt out of such profiling. Additionally, depending on the state you live in, you may have the following additional rights: · Right to Know Categories of Personal Data: For example, residents of Minnesota may have the right to know the categories of personal data being processed. · Right to Know Third Parties (Categories or Specific): For example, California, Delaware, and Maryland may allow you to request a list of the categories of third parties to whom we have disclosed personal data. Minnesota and Oregon laws may allow you to request a list of the specific third parties. (Note: Our practice is generally to list categories of recipients in this Privacy Policy rather than specific companies, but we will comply with any applicable request as required by law.) · Right to Know if Personal Data Sold: Connecticut’s law allows residents to request a list of third parties to whom personal data has been sold. (Again, we do not sell personal data, so this would be not applicable in our case.) · Right to Understand and Correct Profiling Decisions: Connecticut and Minnesota, for instance, include rights related to automated decisions. If we were making decisions based on profiling that have significant effects on you, you’d have the right to request information about how the decision was made and in some cases the right to correct or opt out of it. · Right to Limit Use of Sensitive Personal Data: In California, if we collect any sensitive personal information(like precise geolocation, social security number, etc.), you have the right to direct us to limit the use of that information to certain purposes (like providing the service). However, as noted, we do not intentionally collect sensitive personal data, so this may not apply. · Right to Opt Out of Collection of Sensitive Data (Florida): Florida’s law provides a right for consumers to opt out of the collection of sensitive personal data and personal data collected through the operation of a voice recognition or facial recognition feature. We do not use voice or facial recognition features on our Site.
To help illustrate, below is a general table of categories of personal information under California law and whether we collect those categories. This is reflective of our data collection in the last 12 months: Category of Personal Information Examples Collected? A. Identifiers Real name, alias, postal address, telephone number, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, or other similar identifiers. NO (We do collect IP address and possibly an email if you contact us, but we do not collect most other identifier types unless provided.) B. Personal information under Cal. Civ. Code 1798.80(e) This includes information like name, contact information, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information. NO (We do not collect financial information, education or employment data, or similar personal records.) C. Protected classification characteristics Characteristics of protected classifications under California or federal law, such as race, gender, age (if over 40), ethnicity, etc. NO D. Commercial information Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO (Our Site currently does not involve purchases or sales directly.) E. Biometric information Genetic, physiological, behavioral, or biological characteristics, like DNA, fingerprints, face recognition, voice recordings (for identification), or other biometric identifiers. NO F. Internet or other similar network activity Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. NO (We do collect some analytics data about usage of our Site, such as pages visited, etc., but not on an individualized basis tied to your identity.) G. Geolocation data Precise location (e.g., your exact GPS coordinates). NO (We may infer general location from IP, but not precise GPS data.) H. Sensory data Audio, electronic, visual, thermal, olfactory, or similar information (e.g., call recordings, CCTV footage). NO I. Professional or employment-related information Employment history or performance evaluations. NO J. Education information (non-public) Education records directly related to a student maintained by an educational institution (e.g., grades, transcripts). NO K. Inferences drawn from other personal information Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, or aptitudes. NO
We want to clarify that while the table above indicates “NO” for collection in each category, that is in the context of categories as defined by law. We do collect some personal data as described in this Privacy Policy (like IP address, which is an “identifier”). We have indicated “NO” in the table mainly because we do not collect most of the example items in each category, and any data we do collect is very limited (for example, category A – we collect an IP and possibly an email if you contact us, but none of the other items like name unless you provide it). The table is meant to give a broad picture of our data practices under the California law definitions.
In addition to the above, we may collect personal information outside of these categories in certain instances, such as when you: · Interact with us in person, on the phone, or via mail in the context of customer support inquiries. · Participate in surveys, contests, or promotions. · Use our Services in a way that involves asking for help or providing feedback (for instance, if you email us with a question, we will collect whatever information you provide in that communication).
Sources of Personal Information: To reiterate, the sources from which we collect personal information are primarily: · Directly from you (when you provide information through forms, emails, etc.). · Automatically from your device (through cookies and similar, when you interact with our Site).
(See Section 1: What Information Do We Collect for more details on sources and types of data.)
Use and Sharing of Personal Information: We have described how we use your information in Section 2 and how we share it in Section 4. Generally, we use the information for purposes such as providing and improving our Services, communicating with you, and security/fraud prevention. We share it with service providers and partners who help us run the Site (and in other special cases like business transfers or legal compliance, as described).
We collect and share your personal information through methods like: · Cookies and Tracking Technologies: (as described in the cookies section) for functionality, analytics, and advertising. · Web beacons/pixels/tags: integrated in our Site or emails to measure engagement. · Click redirects: If we use any link redirection for tracking (for example, if clicking an outbound link on our Site goes through a redirect that logs the click), this would collect data on link clicks. (Currently, we have not implemented any specific click redirect systems beyond standard analytics.)
Disclosure of Personal Information: We may disclose your personal information to our service providers pursuant to written contracts. These service providers are entities that process information on our behalf for business purposes, like cloud hosting, data analytics, etc. They will have access to personal data as needed to perform their functions but are not permitted to use it for other purposes. (See the list of categories of third-party providers in Section 4.)
We do not sell your personal information for monetary consideration. In the past 12 months, we have not sold or “shared” (as defined under California law, “sharing” relates to targeted advertising) any personal information to third parties for a business or commercial purpose.
We have disclosed personal information to third parties for business purposes in the past 12 months, but only in the ways described in this Policy (for example, to our service providers like website hosts or analytics services, which is considered a “business purpose” disclosure under the law). The categories of personal information disclosed for business purposes correspond to the limited data we collect (such as identifiers and usage data), and the categories of third-party recipients are those listed earlier (advertising partners, analytics providers, hosting providers, etc.).
Your Rights as a U.S. State Resident: As noted, you have certain rights which we summarized above (access, correction, deletion, etc.). These rights are not absolute – sometimes we may legally decline your request (for example, if fulfilling it would violate another law or infringe on another person’s privacy). If we decline a request, we will explain our reasons, and you may have the right to appeal that decision (described below).
How to Exercise Your Rights: If you are a resident of one of the states mentioned and wish to exercise any applicable rights, you may contact us by: · Emailing us at contact@verolora.com with the subject line “Privacy Rights Request” and letting us know what specific right you want to exercise and the details of your request. · Or by any other contact method provided in Section 15 of this Privacy Policy.
Please clearly state that your request is related to “Your U.S. State Privacy Rights” and which state you are a resident of, so we can direct your request appropriately.
Authorized Agent: In some states, you can designate an authorized agent to make a privacy rights request on your behalf. If you send an agent to exercise your rights, we will need proof that you gave the agent written permission to submit the request for you. We may also need to verify your identity directly, or confirm the agent’s identity, to prevent unauthorized requests. Please have your authorized agent contact us via the above methods and provide proof of authorization (for example, a signed letter by you, and we may follow up with you or the agent for verification).
Verification of Requests: To protect your privacy and security, we will take steps to verify your identity (or authority, if through an agent) before processing your request. For instance, if you have an account with us, we might ask you to verify via that account or via a return email from the address we have on file. If you do not have an account or if we have minimal information, we might ask for additional details to match against our records (such as a recent interaction, or other information we may have). We will use the personal information provided in a request only to verify identity or authority to make the request and to log the request (to maintain an audit trail as required by some laws).
If we cannot verify your identity, we may be unable to fulfill certain requests (for example, providing specific data if we can’t confirm it’s you). In such cases, we will inform you.
Appeals: Some states (like Colorado, Virginia, etc.) provide that if we deny your request, you have the right to appeal our decision. If we inform you that we are not taking action on a request, you may submit an appeal by emailing us at contact@verolora.com. Please include “Appeal” in the subject line and any relevant information about the original request. We will review your appeal and respond within the time frame required by law (generally 45 days). If your appeal is ultimately denied, we will inform you of any further recourse. For example, if you are in Colorado or another state with such provision, and you disagree with our appeal decision, you may contact your state’s Attorney General to submit a complaint.
California “Shine the Light” Law: California Civil Code Section 1798.83 (the “Shine The Light” law) allows California residents to request once a year, free of charge, information about what categories of personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year, and the names and addresses of those third parties. We do not currently share personal information with third parties for their own direct marketing purposes. Nonetheless, if you are a California resident and would like to make such a request, you may do so by sending a written request to us at the contact information provided in Section 15. Please include “Shine the Light Request” in your letter or email so we can route it properly.
We will continue to monitor the changing privacy laws in U.S. states and ensure that we meet our obligations. If there are significant changes to your rights or how we handle data, we will update this Privacy Policy accordingly.

13. Do other regions have specific privacy rights:
In Short: Yes. Apart from the EU/UK and U.S. state laws already discussed, other countries (like Australia, New Zealand, South Africa, etc.) have their own privacy laws. We aim to comply with those as well and provide their residents with applicable rights.
We recognize that privacy laws vary around the world. We strive to respect applicable laws in the regions where we operate or where we knowingly collect personal information. Below are some region-specific disclosures:
Australia and New Zealand: If you are in Australia or New Zealand, your personal information is handled in accordance with the Australian Privacy Act 1988 (including the Australian Privacy Principles) and the New Zealand Privacy Act 2020 (including the Information Privacy Principles).
This Privacy Policy is intended to fulfill our obligations to provide you with notice about how we collect, use, and disclose your personal information, including the types of personal information we collect from you, the purposes for which we use it, the sources of that information, and the third parties with whom we might share it.
Please note that if you choose not to provide certain personal information that we need to deliver the Services (for example, if you do not allow us to collect basic technical data or an email address when required), it may affect our ability to provide the Service to you. In particular, it might prevent us from offering you certain features or responding to your requests.
Access and Correction: Under Australian and New Zealand law, you have the right to request access to personal information we hold about you and to request correction of any inaccuracies. To make such a request, please contact us (see Section 16). We may need to verify your identity and ask for specifics about the information you need. In certain situations, we may be permitted by law to refuse access or correction (for example, if granting access would infringe someone else’s privacy or pose a serious threat to health or safety), but we will provide reasons if we do so.
Complaints: If you believe we have breached the Australian Privacy Principles, you can contact us to complain, and we will attempt to resolve the issue. You also have the right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC). More info: https://www.oaic.gov.au/privacy/privacy-complaints.
For New Zealand, if you have a privacy concern that we have not addressed satisfactorily, you can contact the Office of the Privacy Commissioner (OPC) in New Zealand. More info: https://privacy.org.nz/your-rights/making-a-complaint/.
Republic of South Africa: If you are in South Africa, we strive to process personal information in accordance with the Protection of Personal Information Act (POPIA). You have the right to request details of the personal information we hold about you, and to request correction or deletion of personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, obtained unlawfully, or that we are no longer authorized to keep.
To request access to or correction of your personal information, please contact us (see Section 16). We will respond in accordance with POPIA and other applicable laws.
If you are not satisfied with how we handle your privacy-related complaint or request in South Africa, you can reach out to the Information Regulator (South Africa). The Information Regulator’s contact details are: · General inquiries: enquiries@inforegulator.org.za · POPIA Complaints: POPIAComplaints@inforegulator.org.za · PAIA (Promotion of Access to Information Act) Complaints: PAIAComplaints@inforegulator.org.za
They have forms (such as POPIA/PAIA Form 5) for lodging complaints which can be obtained from the Information Regulator’s website.
Other Countries: If your country or region is not specifically mentioned, but you are aware of certain privacy rights or regulations that apply to you, we will happily address your requests or concerns in line with applicable law. You can contact us at contact@verolora.com with any questions regarding your privacy rights.

14. Do we make updates to this notice:
In Short: Yes. We will update this Privacy Policy as needed to stay in compliance with relevant laws and to reflect any changes in our practices. When we make significant changes, we will notify you in an appropriate manner.
We may update this Privacy Policy from time to time. If we make minor changes (for example, to improve clarity or address a new small feature) the updated version will be posted on this page with a new “Last updated” date.
If we make material changes to how we collect, use, or share your personal information, we will take additional steps to inform you. Depending on what is required by law or what is appropriate, we might: · Post a prominent notice on our Site (for example, a banner or pop-up notice of the Privacy Policy change). · Directly send you a notification (if we have your email on file, we may email you about the update).
We encourage you to review this Privacy Policy periodically for any changes. If you continue to use our Services after an updated Privacy Policy becomes effective, it indicates that you have read and understood the changes.
For your reference, we will note the effective date of the latest version at the top of the policy. Prior versions of our Privacy Policy may be obtained by contacting us.

15. How can you contact us about this notice:
If you have questions, concerns, or comments about this Privacy Policy or our data practices, you can contact us in the following ways: · Email: Send us an email at contact@verolora.com. We will do our best to respond in a timely manner. · By Mail: You can write to us at the following address: contact@verolora.com
If you contact us by mail, please allow reasonable time for us to receive and process your correspondence.

16. How can you review, updates, or delete the data we collect from you:
You have the right to request access to the personal information we have collected from you, to request corrections of any inaccuracies, and to request deletion of your personal information (subject to certain exceptions provided by law).
To submit a request to review, update, or delete your personal data, you can contact us by email at contact@verolora.com. Please clearly describe your request – for example, whether you want to access your data, correct it, or delete it. We may ask you for information to verify your identity before proceeding with your request, as described in section 12 above.
We will respond to your request within the timeframe required by the applicable law. For example, under some laws we have up to 30-45 days to respond, with the possibility of an extension. Rest assured, we will not discriminate against you for exercising any of your privacy rights.
If you have an account on our Site (if this becomes applicable), you may also have access to self-service tools that allow you to update certain personal information (like your profile information) or delete your account directly. However, since currently our Service does not have user accounts or profiles, contacting us at the email above is the best way to manage your information.
Note: Even after deletion of your personal data, some information may remain in our backups or logs for a short period or as required to comply with legal obligations. We will securely store any such information and isolate it from further use until it can be erased.

17. International data transfers and cross-border processing:
To provide our Services, your personal information may be transferred to, and stored or processed in, countries outside of your country of residence, including the United States, where our third-party AI providers (such as Google LLC) and website hosting partners operate. These countries may have data protection laws that are different from the laws of your country. By using our Services, you acknowledge that your personal data (specifically, your travel queries and technical identifiers) may be transmitted to these jurisdictions. For transfers from the European Economic Area (EEA), United Kingdom (UK), or Switzerland to the United States, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework (DPF) to ensure that your information remains subject to a level of protection essentially equivalent to that provided under the GDPR. You may request more information regarding these specific transfer mechanisms by contacting us at contact@verolora.com.

18. Artificial intelligence and automated decision-making disclosure:
Verolora utilizes external Generative Artificial Intelligence, to process the travel parameters you provide and to synthesize personalized itineraries. This processing constitutes a form of automated logic where algorithms analyze your inputs to generate recommendations based on large-scale patterns in the model’s training data. While this automation is used solely for informational trip planning and does not produce legal or similarly significant effects under Article 22 of the GDPR, we are committed to algorithmic transparency. You have the right to request information about the logic involved in these automated processes and to obtain human intervention regarding any automated output. Furthermore, in accordance with Article 50 of the EU AI Act, we hereby disclose that any itinerary or travel text labeled as “AI-Generated” has been produced through an automated system without independent human verification by a travel professional.

19. Compliance with Austrian privacy laws (DSG & TKG 2021):
In accordance with the Austrian Data Protection Act (Datenschutzgesetz – DSG) and the Telecommunications Act 2021 (TKG 2021), we have implemented specific safeguards for users within the Republic of Austria. IP addresses collected through our server log files are anonymized immediately upon receipt to prevent the identification of individual users, except where strictly necessary for security and fraud prevention (Art. 6(1)(f) GDPR). We do not conduct individualized profiling that allows for the tracing of a user’s personality or private sphere. If you believe your data rights have been infringed, you have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, Austria.