Privacy Policy
Last updated: 1 April 2026
1. Data Controller
TinyEscapes SIA ("we", "us", "our") is the data controller responsible for your personal data. We are registered in the Republic of Latvia:
- Company: TinyEscapes SIA
- Registration No.: 40203184762
- VAT ID: LV40203184762
- Address: Brīvības iela 47, Rīga, LV-1010, Latvia
- Managing Director: Māris Kalniņš
- Contact: legal@tinyescapes.com
2. Data We Collect
We collect the following categories of personal data:
- Account data: email address, name, and profile information you provide when creating a guest account.
- Booking data: dates, property selected, guest count, and payment confirmation references.
- Payment data: transactions are processed by Stripe, Inc. We do not store full card details on our servers.
- Usage data: IP address, browser type, pages visited, referring URLs, and device identifiers collected via cookies and analytics tools.
- Communications: messages you send us via email or our concierge chat feature.
3. How We Use Your Data
- To process and manage your bookings and send confirmation emails.
- To provide customer support and respond to enquiries.
- To send newsletters and promotional offers (only with your explicit consent, which you may withdraw at any time).
- To improve our website, detect fraud, and ensure platform security.
- To comply with legal obligations under Latvian and EU law.
4. Legal Basis for Processing
We process your personal data on the following legal bases under GDPR Article 6:
- Contract performance – processing necessary to fulfil your booking.
- Legitimate interests – fraud prevention, security, and platform analytics.
- Consent – newsletter subscriptions and non-essential cookies.
- Legal obligation – retaining invoicing records as required by Latvian tax law.
5. Data Sharing
We do not sell your personal data. We share it only with trusted sub-processors required to deliver our service, including Stripe (payments), Supabase (database hosting), Resend (transactional email), and Google Analytics (usage analytics). Each processor is contractually bound to GDPR-compliant data handling standards.
6. Data Retention
We retain your account and booking data for up to 5 years after your last interaction, or as required by applicable law. You may request deletion at any time (subject to legal retention obligations).
7. Your Rights
Under GDPR, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete information.
- Request erasure ("right to be forgotten").
- Restrict or object to certain processing activities.
- Data portability in a machine-readable format.
- Withdraw consent at any time without affecting prior processing.
- Lodge a complaint with the Latvian Data State Inspectorate (dvi.gov.lv).
To exercise any of these rights, contact us at legal@tinyescapes.com.
8. Cookies
We use cookies and similar tracking technologies. For full details, please read our Cookie Policy.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website. The "Last updated" date at the top of this page reflects the most recent revision.