Privacy Policy

Last updated: May 6, 2026

1. Introduction

Welcome to Vamos Local. This Privacy Policy explains how Vamos Local ("we," "us," or "our") collects, uses, stores, and protects your personal data when you use our platform at vamoslocal.com.

By accessing or using Vamos Local, you acknowledge that you have read and understood this Privacy Policy. This policy should be read together with our Terms of Service, which govern your use of the platform.

We are committed to complying with applicable data protection laws, including Brazil's Lei Geral de Proteção de Dados (LGPD) and, where applicable, the European Union's General Data Protection Regulation (GDPR).

2. Data We Collect

We collect personal data in several ways depending on how you interact with the platform:

  • Account & Authentication: Name, email, and Google profile photo from Google OAuth.
  • Tour Questionnaire: Interests, pace, walking capacity, group size, preferred language, health notes, and tour preferences.
  • Booking Data: Dates, group size, payment method selection, meeting point, or hotel pickup addresses.
  • Guide Profiles: Languages spoken, specialties, biographic details, and availability schedules.
  • Chat messages: Logs of correspondence between travelers and guides.
  • Transactional/Marketing Logs: Newsletter preferences, delivery logs, and feedback submissions.

2.A Live Location During Tours

Live location sharing is an optional feature designed to help tourists and their assigned guide find each other on tour day. When enabled, your device transmits GPS coordinates to our servers. Sharing is off by default and requires per-booking browser permissions. You can disable it at any time. Location data logs are deleted within 180 days.

3. How We Use Your Data

We process your data for the following purposes:

  • Generating and personalizing AI walking tour itineraries.
  • Fulfilling, adjusting, and processing bookings and transactions.
  • Matching travelers with appropriate local guides in their selected city.
  • Sending automated transactional alerts, updates, and optional marketing letters.
  • Ensuring safety, platform performance, and compliance.

4. Third-Party Services

We share data with third-party providers only as required for operations. We never sell your personal data. Our main subprocessors include:

  • Stripe: Secure card processing (compliant with PCI standards).
  • BTCPay Server: Bitcoin Lightning processing.
  • AWS Bedrock: Private AI execution for itinerary optimization and guide-chat assistant.
  • Google OAuth: Secure authentication.
  • Flukebase & Mox: Platform messaging, feedback logs, and transactional mail relay.

5. Cookies & Tracking

We use session cookies managed by Auth.js to keep you signed in. We do not place advertising pixels, cross-site trackers, or third-party behavioral analytics cookies. Feel free to manage your cookie preferences in the Privacy Center below.

6. Email Communications

Transactional messages (booking confirmations, support updates) are required for platform usage. Marketing communications (newsletter) are strictly opt-in using a double opt-in process. You can unsubscribe immediately by clicking the link in any marketing email footer.

7. Data Retention

Account profiles are kept as long as your account is active. Financial and booking records are retained for a minimum of five (5) years to fulfill regulatory reporting requirements. GPS location logs are purged within 180 days of tour completion.

8. Data Security

We employ industry-standard transport security (HTTPS/TLS), database firewalls, role-based system access, and secure OAuth practices to keep your data protected against unauthorized access.

Privacy Center

Control Your Privacy Preferences

Use the tools below to access, port, limit, or delete the personal data associated with your Vamos Local profile.

Contact Privacy Team

9. Your Data Rights

You have the right to request access to your data, correction of errors, restriction of processing, data portability, and deletion. To exercise your rights, please make a request above or contact us at [email protected].

10. LGPD Compliance (Brazil)

Vamos Local operates subject to Brazil's Lei Geral de Proteção de Dados (LGPD). We process data based on legal grounds including contract performance, legitimate interest, regulatory compliance, and your explicit consent.

11. GDPR Considerations (EU)

If you are visiting from the European Economic Area, we honor your rights under the GDPR. You have the right to lodge complaints with your local national Data Protection Authority.

12. International Data Transfers

Your data may be processed in servers outside Brazil, notably in the United States by Stripe for transactions and AWS Bedrock for private AI optimizations. We enforce appropriate safeguards to guarantee compliant cross-border data protection.

13. Shareable Itineraries & Public Data

Public share links for itineraries do not publish personal details, names, emails, or financial logs. Only stops, distances, and timeline schedules are visible to the public.

14. Children's Privacy

We do not knowingly collect personal details from children under 13. If you suspect your child has registered without authorization, contact us immediately for removal.

15. Changes to This Policy

We may update this policy periodically. We will post notification of modifications on the platform or notify you directly via email.

16. Contact

For queries concerning this Privacy Policy, please contact us at [email protected].