Privacy Policy

Holiday Friends ("we", "us", or "our") is committed to protecting the privacy and security of your personal data. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights regarding that data. By using Holiday Friends, you agree to the practices described in this Policy.

1. Information We Collect

We collect the following categories of personal data:

1.1 Account & Identity Information

• Full name or display name
• Email address
• Password (stored as a one-way cryptographic hash — never in plain text)
• Date of birth (used to verify minimum age of 20)
• Gender and nationality
• Account type (traveller, individual companion, or agency)

1.2 Profile Information

• Profile photos and additional gallery photos
• Biography and personal description
• Languages spoken and proficiency levels
• Service country and city
• Availability, occupation, education, and interests
• Services offered and pricing (for companion profiles)
• Contact details you choose to share (phone, WhatsApp, Line, Telegram, WeChat, Instagram, email)

1.3 Transaction & Activity Data

• Point balance, top-up history, and point transaction records
• Connection requests sent and received, including status and timestamps
• Profiles viewed, unlocked, or bookmarked
• Reviews written or received
• Referral and invitation records

1.4 Technical & Device Data

• IP address
• Browser type and version
• Device type and operating system
• Pages visited and features used (session logs)
• Timestamps of login events and key actions

1.5 Verification & Compliance Data

• KYC (Know Your Customer) documents for travellers who opt into verification
• Admin review notes and audit logs associated with your account
• Reports or complaints submitted about or by you

2. How We Use Your Information

We use the personal data we collect for the following purposes:

• Account management: To create, authenticate, and maintain your account.
• Platform functionality: To display your profile to other users, process connection requests, and manage point transactions.
• Safety & moderation: To review profiles before approval, detect prohibited activity, investigate reports, and enforce our Terms of Service.
• Legal compliance: To comply with applicable laws, respond to lawful government requests, and cooperate with law enforcement investigations.
• Communication: To send transactional emails (account verification, connection notifications, support replies). We do not send marketing emails without your opt-in consent.
• Fraud prevention: To detect and prevent fraudulent accounts, manipulation, or abuse of the platform.
• Platform improvement: To analyse anonymised usage patterns and improve our services, features, and user experience.
• Anti-trafficking compliance: To maintain records required for anti-trafficking due diligence and to share data with authorities where legally required.

3. Information Sharing

We do not sell, rent, or trade your personal data to third parties for marketing or commercial purposes.We may share your information only in the following limited circumstances:

• With other platform users: Basic profile information (display name, photos, bio, location, languages) is visible to registered users browsing the platform. Pricing details, services, and contact information are only disclosed after a paid unlock by another user.
• With infrastructure providers: We use the following third-party services to operate the platform. Each provider processes only the data necessary for their function and is contractually obligated to protect it:
  • Vercel – frontend hosting and delivery
  • Railway – backend server and database hosting
  • Cloudflare R2 – file and image storage
  • Payment processors – for processing top-up transactions (card data is handled directly by the processor and not stored on our servers)
• With law enforcement or regulatory authorities: We will disclose personal data when required by a lawful court order, subpoena, government directive, or applicable law. We may also proactively disclose data when we have a good-faith belief that disclosure is necessary to prevent trafficking, exploitation, violence, or other serious harm.
• In a business transfer: If Holiday Friends undergoes a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. You will be notified of any such transfer and the applicable privacy terms.

4. Data Storage & Security

We implement the following technical and organisational measures to protect your personal data:

• All data in transit is encrypted using HTTPS/TLS.
• Passwords are hashed using bcrypt and are never stored or transmitted in plain text.
• Database access is restricted to authorised systems and personnel only.
• Administrative actions are logged in an immutable audit trail.
• File uploads are stored in an access-controlled cloud storage bucket.
• Access to production systems requires authentication and is regularly reviewed.

No security system is completely infallible. While we take reasonable measures to protect your data, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law.

5. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide our services.

• Upon account deletion, your public profile will be removed from the platform within a reasonable timeframe.
• Transaction records, audit logs, and compliance data may be retained for up to 7 years after account closure for legal, regulatory, and fraud prevention purposes.
• Data relating to reported incidents or law enforcement requests may be retained for longer periods as required by applicable law.
• Anonymised or aggregated data that cannot identify you personally may be retained indefinitely for platform analytics and improvement.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and associated personal data, subject to retention obligations above.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Portability: Request a copy of your data in a structured, machine-readable format.
• Objection: Object to certain types of data processing, including profiling.
• Withdrawal of consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@holidayfriends.com. We will respond to all requests within 30 days. We may ask you to verify your identity before processing the request.

7. Cookies & Local Storage

We use essential cookies and browser local storage to maintain your login session and user preferences (such as language selection). These are strictly necessary for the platform to function and cannot be disabled without breaking core features.

We do not use third-party tracking cookies, advertising cookies, or behavioural profiling technologies. We do not share cookie data with any advertising networks.

8. Minors' Privacy

Holiday Friends is intended exclusively for adults aged 20 and above. We do not knowingly collect, store, or process personal data from anyone under the age of 20.

If we become aware that we have collected data from a person under the age of 20, we will immediately suspend their account, delete their data, and take appropriate action. If you believe a minor has created an account, please contact us immediately at support@holidayfriends.com.

9. International Data Transfers

Holiday Friends operates globally. Your personal data may be processed and stored on servers located in different countries from where you reside. By using our platform, you consent to the transfer of your data to countries that may have different data protection laws than your country of residence.

Where we transfer data internationally, we implement appropriate safeguards such as standard contractual clauses or by relying on adequacy decisions by relevant authorities.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via a notice on the platform or by email. The revised Policy will carry an updated revision date. Continued use of the platform after the effective date of changes constitutes your acceptance of the updated Policy.

11. Contact & Data Inquiries

If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please contact our data team at:

Holiday Friends – Privacy Team
Email: support@holidayfriends.com

We aim to respond to all privacy-related inquiries within 30 business days.