Who we are
Travel Mafia (travelmafia.eu) is a travel deal platform across Europe. We offer the cheapest rates on hotels, restaurants, spas, and experiences through direct partnerships. For privacy questions, contact us at travelmafiaeu@proton.me.
What we collect and why
Contact & account details
When you create an account, claim a Private Access experience, or make a booking, we collect your email address (and, for logged-in accounts, whatever profile info Google OAuth shares if you sign in that way). We use this to:
- Create and secure your account
- Confirm bookings and Private Access claims, and send related transactional email
- Respond to support requests
Payment data
Card and crypto payments are handled entirely by our payment processors (Whop, 0xProcessing) — we never see or store your card number or wallet seed. We store the resulting transaction status and amount to manage your booking.
Cookies & tracking pixels
travelmafia.eu uses Google Tag Manager, Google Analytics (GA4), TikTok Pixel, and Meta (Facebook) Pixel to measure site usage and ad performance. These set cookies/local identifiers and may share pageview and conversion events (e.g. a completed booking) with Google, TikTok, and Meta. You can block these via your browser's cookie/tracking settings or platform-level ad controls (e.g. Meta's off-platform activity controls).
Legal basis (GDPR)
We process your data under the following GDPR lawful bases:
- Contract — account, booking, and Private Access data is processed to provide the service you asked for.
- Consent — analytics/advertising cookies (GTM, GA4, TikTok Pixel, Meta Pixel) run on a consent basis where required by your jurisdiction. You can withdraw consent at any time via your browser or platform ad settings.
How long we keep your data
- Account & booking data — retained for as long as your account is active, or as required for tax/accounting records. You can request deletion at any time.
- Private Access claim data — retained to honor your claim and prevent duplicate claims.
Who we share data with
We share your data only with the services that power Travel Mafia:
- Supabase — database + auth platform. Data is stored on Supabase-managed servers within the EU. Supabase Privacy Policy.
- Google Cloud — our application runs on Google Cloud Run (EU region). Google Cloud Privacy Notice.
- Whop / 0xProcessing — payment processors for card and crypto checkout respectively.
- Google, TikTok, Meta — analytics and advertising (GTM/GA4, TikTok Pixel, Meta Pixel). See Google Privacy Policy, TikTok Privacy Policy, Meta Privacy Policy.
We do not sell your data.
Your rights (GDPR)
As an EU resident you have the right to:
- Access — request a copy of the data we hold about you.
- Deletion — ask us to erase your data. We will comply within 30 days.
- Correction — ask us to correct inaccurate data.
- Objection — object to processing based on legitimate interests.
- Portability — receive your data in a machine-readable format.
- Withdraw consent — unsubscribe from emails at any time using the unsubscribe link in any email, or contact us directly.
To exercise any right: email travelmafiaeu@proton.me with the subject line "Privacy Request". We respond within 30 days.
Security
Your data is stored in a private database with row-level security enabled — only our backend service can read or write it. API keys are never exposed to the browser. All traffic is encrypted in transit via TLS.
Changes to this policy
If we make material changes we will update the "Last updated" date at the top of this page. For significant changes we will notify affected users by email.
Contact
Travel Mafia
travelmafiaeu@proton.me
travelmafia.eu