Privacy Policy

Last Updated: 26th July 2025

1. Introduction

Ode to Paris ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our tour booking platform.

By using our service, you consent to the data practices described in this policy. If you do not agree with the practices described in this policy, please do not use our service.

2. Information We Collect

2.1 Automatically Collected Information (All Visitors)

Website Analytics Data:

  • • Visit counts and page views
  • • Referring website
  • • Time and date of visits
  • • Pages accessed and time spent on pages

Important: We do NOT collect personal identifying information from visitors who do not create accounts.

2.2 Information You Provide (Registered Users Only)

When you create an account to book tours, we collect:

Account Information:

  • • Full name
  • • Email address
  • • Phone number
  • • Google account information (when using Google SSO)

Booking Information:

  • • Tour preferences and selections
  • • Booking history
  • • Special requirements or requests
  • • Emergency contact information (when and if required)

2.3 Google Single Sign-On (SSO)

When you choose to sign in with Google:

  • 🔐We receive your Google profile information (name, email, profile picture)
  • We do NOT receive your Google password
  • Your Google account remains separate and secure
  • ⚙️You can revoke access through your Google account settings

2.4 Payment Information

  • Payment processing is handled entirely by Stripe
  • We do NOT store credit card numbers, CVV codes, or banking information
  • ℹ️We only receive confirmation of successful/failed payments from Stripe

3. How We Use Your Information

3.1 For All Users

  • • Maintain and improve website functionality
  • • Analyze website usage patterns and performance
  • • Monitor for security threats and fraud prevention
  • • Comply with legal obligations

3.2 For Registered Users

  • • Create and manage your account (including Google SSO)
  • • Process tour bookings and reservations
  • • Send booking confirmations and updates
  • • Provide customer support
  • • Communicate important service announcements
  • • Send promotional emails (with your consent)

4. Data Sharing and Disclosure

4.1 Service Providers

We share your information with trusted third-party service providers:

Stripe (Payment Processing)

  • Purpose: Secure payment processing
  • Data Shared: Name, email, payment information
  • Location: Global (GDPR compliant)

Google (SSO Authentication)

  • Purpose: Secure account authentication
  • Data Shared: Profile info (name, email, picture)
  • Location: Global (GDPR compliant)

Zepto Mail (Email Communications)

  • Purpose: Transactional emails
  • Data Shared: Name, email, booking details
  • Retention: Per our email policy

Tour Operators

  • Purpose: Fulfilling tour bookings
  • Data Shared: Name, phone, requirements
  • Retention: Per operator policies

5. Data Storage and Security

5.1 Data Location (GDPR Compliant)

  • 🇪🇺Our servers are hosted in Europe to ensure GDPR compliance
  • ☁️We use Vercel's infrastructure with EU data centers
  • 🔒Your data remains within GDPR-protected jurisdictions

5.2 Security Measures

  • • SSL/TLS encryption for all data transmission
  • • Password hashing and salting
  • • Regular security audits
  • • Access controls and authentication
  • • Secure backup systems

5.3 Data Retention

  • Analytics: Retained indefinitely (anonymized)
  • Active accounts: While account is active
  • Inactive accounts: Deleted after 3 years
  • Booking data: 7 years (legal compliance)

6. Your Rights Under GDPR

As we operate under GDPR guidelines, you have the following rights:

🔍 Right to Access

  • • Request a copy of all personal data we hold
  • • Receive information about data processing

✏️ Right to Rectification

  • • Correct inaccurate or incomplete data
  • • Update info through account settings

🗑️ Right to Erasure

  • • Request deletion of personal data
  • • We comply unless legally required to retain

📊 Right to Data Portability

  • • Receive data in machine-readable format
  • • Transfer data to another service provider

⏸️ Right to Restrict Processing

  • • Limit data use in certain circumstances
  • • Suspend processing during disputes

❌ Right to Object

  • • Object to processing based on legitimate interests
  • • Opt-out of marketing communications

How to Exercise Your Rights

Contact us at: support@odetoparis.com

We will respond within 30 days as required by GDPR.

7. Third-Party Authentication

Google Single Sign-On

When you use Google SSO to access our service:

  • 📋Google's Privacy Policy and Terms of Service also apply
  • 🔒We only access minimum necessary information (name, email, profile picture)
  • ⚙️You can disconnect your Google account from your profile at any time
  • 🔗Disconnecting Google SSO won't delete your account, but you'll need to set different authentication method.

5.4 USE OF COOKIES

We use strictly necessary cookies to operate our service securely and reliably. These cookies are essential and do not require user consent under GDPR.

🔐 Authentication

Used to log users in and manage sessions. Set by our platform or via Google SSO.

💳 Payment

Stripe may set cookies to process payments securely and prevent fraud.

🛡️ Security

Cloudflare Turnstile sets cookies to detect bots and protect our forms.

🚫 No Tracking

We do not use cookies for analytics, tracking, or marketing purposes.

For details, see Cloudflare’s Privacy Policy and Stripe’s Privacy Policy.

Contact Information

For privacy-related questions or concerns:

Privacy Officer: Daniel

support@odetoparis.com

Business Address

Paris 27 rue Rebeval 75019

This Privacy Policy is effective as of the date listed above and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.