Skip to main content
Ceibo Travel

Privacy Policy

Current version: April 2026

Introduction

This Privacy Policy describes how personal data of users who access or use the Ceibo Travel platform (the "Platform") is collected, used, and protected.

We are committed to protecting users’ privacy and processing personal data in accordance with the highest international data protection standards, applying principles of lawfulness, transparency, data minimization, confidentiality, and security.

Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings set forth below:

  • Personal Data: any information that identifies or may identify a natural person, directly or indirectly.
  • Processing: any operation or set of operations performed on personal data, such as collection, storage, use, modification, consultation, deletion, or destruction.
  • User: any person who accesses or uses the Platform.
  • Controller: the individual or legal entity that determines the purposes and means of processing personal data.
  • Technology Provider: a third party providing infrastructure, storage, authentication, or support services necessary for the operation of the Platform.

Personal Data Collected

Through the Platform, and depending on how the User interacts with it, we may collect the following personal data:

  • Identification data: first and last name.
  • Contact data: email address.
  • Travel and documentation data: country of nationality, passport expiration date, and date of birth. Passport numbers are not stored.

Providing certain data is optional. Users may access certain Platform functionalities without creating an account or providing additional optional information. However, some specific features may require account creation and the provision of additional information to function properly.

The User declares that the data provided is accurate, up-to-date, and belongs to them.

Use of Personal Data

We use Users’ personal data for the following purposes:

  • To create, manage, and maintain the User’s account.
  • To provide personalized information regarding visa requirements, documentation, and entry conditions for different countries.
  • To store and manage travel and passport information uploaded by the User.
  • To send reminders related to passport and visa expirations.
  • To display the User’s progress within the Platform’s functionalities.
  • To respond to inquiries and provide support.
  • To improve the Platform’s performance, security, and overall user experience.
  • To detect, prevent, and address misuse, unauthorized access, or security incidents.

Personal data is not used for purposes other than those described above.

Legal Bases and Principles of Processing

Personal data is processed only where there is a valid legal basis and in accordance with internationally recognized principles, including:

  • Transparency and fairness.
  • Purpose limitation.
  • Data minimization.
  • Accuracy and data updating.
  • Security and confidentiality.

Legal bases for processing include, among others:

  • The User’s free, informed, and explicit consent.
  • The necessity to provide the requested service.
  • The protection of the Platform’s operation and security.

Users may withdraw their consent at any time, without retroactive effect.

Data Retention

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected or until the User requests its deletion.

The Controller may retain minimal information where reasonably necessary to handle claims, comply with applicable obligations, or protect rights.

Security and Confidentiality

The Controller adopts reasonable technical and organizational measures proportionate to the risk to protect personal data, including:

  • Encryption of data in transit.
  • Restricted and controlled access.
  • Use of secure technological infrastructure provided by specialized third parties.
  • Periodic security reviews and controls.

However, the User acknowledges that no system is completely secure.

Recipients and International Transfers

Personal data will not be sold or commercialized.

It may be processed by technology providers offering infrastructure or support services, under the Controller’s instructions and subject to contractual confidentiality and security obligations.

In the event of international data transfers, the Controller will adopt reasonable contractual and organizational measures to ensure an adequate level of protection.

User Rights

Users may exercise the following rights regarding their personal data, as recognized by international data protection standards:

  • Access their personal data.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of their data.
  • Withdraw consent at any time.
  • Request restriction of or object to processing.
  • Request data portability, where technically feasible.

Requests may be submitted by emailing hello@ceibo.me.

Cookies

A cookie is a small text file that a website stores on your device. Ceibo uses cookies and similar technologies (such as browser local storage) as described below. This section complements the current Cookie Policy available at ceibo.me/cookies.

Categories of Cookies

  • Strictly necessary: required for site functionality (login, security, routing). Always active and cannot be disabled.
  • Analytics: help us understand how the site is used to improve it. Activated only with your consent.
  • Preferences: remember interface choices. Activated only with your consent.

Cookies and Storage Used

  • sb-* (Supabase Auth) — Strictly necessary. Maintains login session and refreshes authentication tokens. Duration: until logout or token expiration.
  • cookie_consent_v1 — Strictly necessary. Stores your cookie preferences. Duration: 12 months.
  • sidebar_state — Preferences. Remembers sidebar state. Duration: 7 days.
  • PostHog (ph_*) — Analytics. Anonymous product analytics (visitor/session identifiers). Activated only with consent. Duration: up to 12 months.
  • UserJot widget — Analytics. Loads feedback widget. Activated only with consent. Duration: session-based.
  • Umami — Cookieless analytics. Aggregated and anonymous traffic statistics. Does not use cookies or collect personally identifiable information; operates under legitimate interest and respects Do Not Track signals. No client-side storage.

Managing Preferences

You may change your preferences at any time via the “Cookie Preferences” link in the footer of each page. Most browsers also allow blocking or deleting cookies through their settings. Note that disabling strictly necessary cookies will affect login and essential features.

If your browser sends a Global Privacy Control (GPC) signal, we will treat it as a refusal of analytics cookies.

Minors

The Platform is not directed to individuals under 18 years of age. Personal data from minors is not knowingly collected. If such a situation is detected, the data will be promptly deleted.

Changes

The Controller may modify this Privacy Policy at any time. Updated versions will be published on the Platform and will become effective upon publication.

General Framework

This Privacy Policy establishes general principles for personal data protection at a global level. Specific legal provisions applicable to certain jurisdictions may be addressed through additional annexes or addenda, where appropriate.

    Privacy Policy | Ceibo Travel