Last updated: April 11, 2026
This Privacy Policy explains how Trevelio s.r.o. ("Trevelio," "we," "us," or "our") collects, uses, stores, and protects your personal data when you use the Trevelio platform and related services. This policy applies to all users of the Service, including Organizers, Guests, and team members.
We are committed to protecting your privacy and processing your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Slovak data protection legislation.
The data controller responsible for your personal data is:
Trevelio s.r.o.
Slovak Republic
Email: privacy@trevelio.com
If you have any questions or concerns about how we process your personal data, you may contact us at the address above.
When you register for an account, we collect your name, email address, and password (stored in hashed form). If you register or sign in via Google OAuth, we receive your name, email address, and profile identifier from Google.
Organizers who create a Tenant provide business information including organization name, brand details (logo, colors, description), contact information, and, where applicable, business registration details.
When a Guest makes a booking, we collect the Guest's name, email address, phone number, and any additional information required by the Organizer for the specific trip (such as dietary requirements, emergency contact details, or passport information as specified in the booking form).
Payment processing is handled by Stripe, Inc. We do not directly collect, store, or have access to full credit card numbers or bank account details. Stripe processes and stores payment information in accordance with PCI-DSS standards. We receive from Stripe a limited set of transaction data, including payment status, amount, currency, transaction identifiers, and the last four digits of the payment card.
We automatically collect certain technical data when you use the Platform, including your IP address, browser type and version, operating system, referring URL, pages visited, time spent on pages, and the date and time of your visit.
We retain records of communications sent through the Platform, including booking confirmations, notification emails, and any correspondence with our support team.
We process your personal data for the following purposes, each with the corresponding legal basis under Article 6(1) GDPR:
We share your personal data with the following categories of recipients, only to the extent necessary for the purposes described in this policy:
Payment data is processed by Stripe for the purpose of facilitating payment transactions. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy.
We use AWS S3 for secure file storage, including images and documents uploaded by Organizers. AWS acts as a data processor on our behalf.
We use Brevo as our email service provider for sending transactional emails (booking confirmations, account notifications) and, where applicable, marketing communications. Brevo acts as a data processor on our behalf.
When a Guest makes a booking, the relevant booking and contact data is shared with the Organizer whose trip was booked. The Organizer is an independent data controller for the personal data they receive through the Platform and is responsible for processing that data in accordance with applicable data protection laws.
We may share personal data with professional advisors (legal, accounting), law enforcement or regulatory authorities when required by law, or in connection with a merger, acquisition, or sale of assets (in which case we will notify affected users).
Some of our service providers (including Stripe and AWS) are headquartered in the United States. Where personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, including:
You may request a copy of the applicable safeguards by contacting us at privacy@trevelio.com.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:
Under the GDPR, you have the following rights with respect to your personal data. To exercise any of these rights, please contact us at privacy@trevelio.com.
You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.
You have the right to request correction of inaccurate personal data or completion of incomplete data.
You have the right to request deletion of your personal data, subject to legal retention obligations. We will erase your data unless we have a lawful basis for continued processing (e.g., tax record retention).
You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where processing is based on consent or a contract.
You have the right to object to the processing of your personal data based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
We will respond to all data subject requests within one month of receipt. In complex cases, this period may be extended by a further two months, in which case we will inform you of the extension and the reasons for the delay.
If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The lead supervisory authority for Trevelio is:
Urad na ochranu osobnych udajov Slovenskej republiky
(Office for Personal Data Protection of the Slovak Republic)
Hranicna 12, 820 07 Bratislava 27, Slovak Republic
Website: https://dataprotection.gov.sk
You may also lodge a complaint with the supervisory authority of the EU member state in which you reside or work.
The Platform is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that data as soon as possible. If you believe that a child under 16 has provided personal data to us, please contact us at privacy@trevelio.com.
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Platform's functionality. If we make material changes, we will notify you by email or by posting a prominent notice on the Platform at least 30 days before the changes take effect.
We encourage you to review this policy periodically. Your continued use of the Service after the effective date of the revised policy constitutes your acknowledgment of the changes.
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:
Trevelio s.r.o.
Email: privacy@trevelio.com
Website: https://trevelio.com