1. Who We Are
Nomadly Marketplace ("we", "us", "our") is an independent digital marketplace platform created and operated by Reena Aquino. We are accessible at tarabespoketravels.com and its associated portals (partner.html, stays.html). Nomadly Marketplace is not affiliated with Nomadly Bespoke Travels or n0madly.com.
2. What Data We Collect
We collect the following categories of personal data:
- Account data — name, email address, password (encrypted), profile photo
- Booking data — service bookings, dates, preferences, payment records
- Communications — messages sent through our platform between users and partners
- Device & usage data — IP address, browser type, pages visited, session duration
- Location data — city-level location if you enable it for destination recommendations
- Payment data — processed securely via Stripe; we do not store card details
3. How We Use Your Data
- To provide and operate the marketplace and its services
- To process bookings and payments
- To communicate with you about your account, bookings, and enquiries
- To send service notifications and booking confirmations via email and WhatsApp (with your consent)
- To improve our platform through analytics
- To comply with legal obligations
4. Legal Basis (GDPR)
For users in the European Economic Area, we process your data under the following legal bases:
- Contract — processing necessary to fulfil your booking
- Legitimate interests — platform security, fraud prevention, analytics
- Consent — marketing communications and newsletter subscriptions
- Legal obligation — where required by EU or Maltese law
5. Data Sharing
We share data only where necessary:
- Service partners — booking details are shared with the relevant partner to fulfil your service
- Payment processors — Stripe (PCI-DSS compliant)
- Email delivery — MailerSend (GDPR compliant)
- Infrastructure — Google Firebase & Cloud Run (EU region)
- Messaging — Twilio for WhatsApp notifications (with your consent)
We do not sell your personal data to any third party.
6. Data Retention
We retain your data for as long as your account is active. Booking records are retained for 7 years for legal and accounting compliance. You may request deletion of your account and personal data at any time.
7. Your Rights
Under GDPR you have the right to:
- Access your personal data
- Correct inaccurate data
- Request deletion ("right to be forgotten")
- Object to or restrict processing
- Data portability
- Withdraw consent at any time
To exercise any of these rights, contact us at hello@tarabespoketravels.com.
8. Cookies
We use essential cookies for authentication and session management, and analytics cookies to understand platform usage. You can manage cookie preferences in our Cookie Policy.
9. Security
We implement industry-standard security measures including encrypted data transmission (HTTPS/TLS), Firebase Authentication for identity management, and restricted access controls. However, no system is 100% secure and we encourage strong password practices.
10. Contact
For any privacy-related enquiries, contact us at hello@tarabespoketravels.com. We aim to respond within 5 business days.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Continued use of the platform after changes constitutes acceptance.