Privacy Policy
Last updated: May 6, 2026
1. Introduction
Welcome to Vamos Local. This Privacy Policy explains how Vamos Local ("we," "us," or "our") collects, uses, stores, and protects your personal data when you use our platform at vamoslocal.com.
By accessing or using Vamos Local, you acknowledge that you have read and understood this Privacy Policy. This policy should be read together with our Terms of Service, which govern your use of the platform.
We are committed to complying with applicable data protection laws, including Brazil's Lei Geral de Proteção de Dados (LGPD) and, where applicable, the European Union's General Data Protection Regulation (GDPR).
2. Data We Collect
We collect personal data in several ways depending on how you interact with the platform:
- Account & Authentication: Name, email, and Google profile photo from Google OAuth.
- Tour Questionnaire: Interests, pace, walking capacity, group size, preferred language, health notes, and tour preferences.
- Booking Data: Dates, group size, payment method selection, meeting point, or hotel pickup addresses.
- Guide Profiles: Languages spoken, specialties, biographic details, and availability schedules.
- Chat messages: Logs of correspondence between travelers and guides.
- Transactional/Marketing Logs: Newsletter preferences, delivery logs, and feedback submissions.
2.A Live Location During Tours
Live location sharing is an optional feature designed to help tourists and their assigned guide find each other on tour day. When enabled, your device transmits GPS coordinates to our servers. Sharing is off by default and requires per-booking browser permissions. You can disable it at any time. Location data logs are deleted within 180 days.
3. How We Use Your Data
We process your data for the following purposes:
- Generating and personalizing AI walking tour itineraries.
- Fulfilling, adjusting, and processing bookings and transactions.
- Matching travelers with appropriate local guides in their selected city.
- Sending automated transactional alerts, updates, and optional marketing letters.
- Ensuring safety, platform performance, and compliance.
4. Third-Party Services
We share data with third-party providers only as required for operations. We never sell your personal data. Our main subprocessors include:
- Stripe: Secure card processing (compliant with PCI standards).
- BTCPay Server: Bitcoin Lightning processing.
- AWS Bedrock: Private AI execution for itinerary optimization and guide-chat assistant.
- Google OAuth: Secure authentication.
- Flukebase & Mox: Platform messaging, feedback logs, and transactional mail relay.
6. Email Communications
Transactional messages (booking confirmations, support updates) are required for platform usage. Marketing communications (newsletter) are strictly opt-in using a double opt-in process. You can unsubscribe immediately by clicking the link in any marketing email footer.
7. Data Retention
Account profiles are kept as long as your account is active. Financial and booking records are retained for a minimum of five (5) years to fulfill regulatory reporting requirements. GPS location logs are purged within 180 days of tour completion.
8. Data Security
We employ industry-standard transport security (HTTPS/TLS), database firewalls, role-based system access, and secure OAuth practices to keep your data protected against unauthorized access.
Privacy Center
Control Your Privacy Preferences
Use the tools below to access, port, limit, or delete the personal data associated with your Vamos Local profile.
9. Your Data Rights
You have the right to request access to your data, correction of errors, restriction of processing, data portability, and deletion. To exercise your rights, please make a request above or contact us at [email protected].
10. LGPD Compliance (Brazil)
Vamos Local operates subject to Brazil's Lei Geral de Proteção de Dados (LGPD). We process data based on legal grounds including contract performance, legitimate interest, regulatory compliance, and your explicit consent.
11. GDPR Considerations (EU)
If you are visiting from the European Economic Area, we honor your rights under the GDPR. You have the right to lodge complaints with your local national Data Protection Authority.
12. International Data Transfers
Your data may be processed in servers outside Brazil, notably in the United States by Stripe for transactions and AWS Bedrock for private AI optimizations. We enforce appropriate safeguards to guarantee compliant cross-border data protection.
14. Children's Privacy
We do not knowingly collect personal details from children under 13. If you suspect your child has registered without authorization, contact us immediately for removal.
15. Changes to This Policy
We may update this policy periodically. We will post notification of modifications on the platform or notify you directly via email.
16. Contact
For queries concerning this Privacy Policy, please contact us at [email protected].
