Privacy Policy

1. Purpose and Scope

This Privacy Policy describes how LeTour2, Inc. (“LeTour2,” “we,” “our”) collects, uses, discloses, and protects personal information when you visit letour2.com, use our applications, or interact with our services. This policy applies to all Users worldwide, with specific provisions for residents of California (CCPA/CPRA), the European Union/EEA (GDPR), France (CNIL), Brazil (LGPD), and Nevada.

2. Age Requirements

LeTour2 services are intended for individuals 18 years of age and older. We do not knowingly collect personal information from children under 13 (or under 16 in the EU/EEA). If you believe a child has provided us personal information, please contact us at info@letour2.com.

3. Information We Collect

3.1 Information You Provide

Name, date of birth, nationality, passport/ID information, email address, phone number, mailing address, travel dates, destination preferences, accessibility needs, dietary restrictions, payment data (processed through Stripe — we do not store full card numbers), messages, emergency contacts, and health data you voluntarily provide.

3.2 Automatically Collected

IP address, browser type, device identifiers, pages visited, time on pages, search queries, approximate location via IP, and cookies.

3.3 Third-Party Sources

Stripe (transaction data), Google Analytics 4 (usage statistics), and advertising partners (conversion tracking).

4. Automated Collection

We use cookies (session and persistent), web beacons, JavaScript tracking (Google Analytics 4), and server logs. You can control these through our cookie consent banner or your browser settings.

5. Third-Party Tracking

We use Google Analytics 4, Stripe, Afterpay/Affirm/Klarna, and email marketing platforms. Each operates under its own privacy policy. We implement Google Consent Mode v2 to honor user consent preferences.

6. How We Use Your Information

• Processing bookings and payments
• Fraud prevention and security
• Customer support
• Marketing communications (with consent)
• Improving our services
• Legal compliance (California SOT requirements, tax reporting)
• Emergency situations
• Enforcing our Terms of Service

Legal Bases (GDPR/EU): Contract performance, legitimate interests, legal obligation, and consent.

7. Data Disclosure

We share data with:

• Independent Providers (booking details necessary to fulfill your travel)
• Payment processors (Stripe)
• Service providers (Vercel hosting, email delivery)
• Legal authorities (when required by law)
• Emergency services (when necessary to protect life or safety)

We do NOT sell personal information.

8. Opting Out

• Marketing emails: use the unsubscribe link in any email
• Cookies: use our consent banner or your browser settings
• Google Analytics: use the Google Analytics opt-out browser add-on
• Global Privacy Control (GPC): we honor GPC signals
• Account deletion: email info@letour2.com

9. Nevada Residents

We do not sell personal information as defined under Nevada law. To submit an opt-out request, email info@letour2.com with the subject line: “Nevada Privacy Request.”

10. California Residents (CCPA/CPRA)

California residents have the right to:

• Know what personal information is collected and how it is used
• Delete personal information (with certain exceptions)
• Correct inaccurate personal information
• Opt out of the sale or sharing of personal information (we do not sell)
• Limit the use of sensitive personal information
• Non-discrimination for exercising privacy rights

Submit requests to info@letour2.com with subject line: “California Privacy Request.” We will respond within 45 days.

11. EU/EEA Residents (GDPR)

EU/EEA residents have the right to:

• Access your personal data (Art. 15)
• Rectification of inaccurate data (Art. 16)
• Erasure (“right to be forgotten”) (Art. 17)
• Restrict processing (Art. 18)
• Data portability (Art. 20)
• Object to processing (Art. 21)
• Withdraw consent at any time
• Lodge a complaint with your supervisory authority

International transfers are made via Standard Contractual Clauses (SCCs). French users may exercise digital estate rights per the Loi pour une République Numérique. CNIL: www.cnil.fr

Submit GDPR requests to info@letour2.com with subject line: “GDPR Request.”

12. Brazilian Residents (LGPD)

Brazilian residents have rights under the LGPD including confirmation of processing, access, correction, anonymization, portability, deletion, and consent revocation. Submit requests to info@letour2.com with subject line: “LGPD Request.”

13. Data Security

We use SSL/TLS encryption, PCI-DSS compliant payment processing (Stripe), encrypted storage, and access controls. In the event of a breach, we will notify affected users within 72 hours (GDPR) or without unreasonable delay (CCPA).

14. Data Retention

• Active account data: duration of account + 3 years
• Transaction records: 7 years (tax and legal compliance)
• Marketing consent records: 3 years
• Server logs: 90 days

15. Data Correction

To request correction of inaccurate personal information, contact info@letour2.com. We will respond within 30 days.

16. Policy Changes

Material changes will be communicated via website notice and email. For EU users, consent-based changes will require renewed consent.

17. Contact