Privacy

Privacy Policy

Localty connects travelers with local communities. This policy explains what personal data we collect, why we collect it, and the rights you have under the EU General Data Protection Regulation (GDPR) and equivalent laws.

Last updated: 26 June 2026

1. Who we are

Localty (“Localty”, “we”, “us”, or “our”) operates the Localty platform, websites, and related services (the “Platform”). For the purposes of the GDPR, the data controller is [Company Legal Name], registered at [Registered Address], company number [Company Registration Number].

For any privacy-related question you can reach our Data Protection contact at [privacy@localty.example].

2. Data we collect

We collect the following categories of personal data:

  • Account data — name, email address, password (stored hashed), and account preferences.
  • Profile & role data — whether you are a Traveler, Partner, or Administrator, and any details you add to your profile.
  • Booking & experience data — the experiences you browse, request, or book, and related communications.
  • Partner data — business details, contact information, and documents submitted during partner onboarding and verification.
  • Rewards data — points earned and redeemed, tier status, and reward history.
  • Technical data — IP address, device and browser type, and usage data collected through cookies (see our Cookie Policy).
  • Communications — messages, support requests, reviews, and newsletter subscriptions.

3. How we use your data

  • To create and manage your account and provide the Platform.
  • To process booking requests and connect you with local partners and communities.
  • To operate our Multi-Level Verification System (MLVS) and generate transparent Experience Profiles.
  • To run the rewards program, including calculating and redeeming points.
  • To send service messages and, with your consent, newsletters and educational content about responsible travel.
  • To improve, secure, and personalize the Platform, and to comply with legal obligations.

5. Multi-Level Verification data

Localty uses a proprietary Multi-Level Verification System (MLVS) to build trust between travelers and local partners. It relies on several layers, each of which may process personal or business data:

  • Self-Assessment — information partners submit during onboarding about their business and practices.
  • On-Site Verification — an independent visit by a Localty verifier who collects direct observations, photos, interviews and supporting documents.
  • Verification Contributions — structured contributions from travellers who visited the experience, used to support future reassessments.

Verification results are displayed publicly through the Experience Profile and the Localty Focus Badge, while underlying documents and personal contact details are kept confidential and accessed only by authorised personnel.

6. Rewards program data

When you participate in the rewards program we process the points you earn and redeem, your tier status, and related transaction history. This data is used solely to operate the program and is retained for as long as your account is active or as required to resolve disputes. Full program rules are set out in our Terms & Conditions.

7. Sharing with partners and providers

We share personal data only as needed and never sell it. Recipients may include:

  • Local partners and communities, to fulfill booking requests you make.
  • Service providers who host our infrastructure, process payments, and send communications on our behalf.
  • Authorities or advisors where required by law or to protect our rights.

All processors act under written agreements that require appropriate safeguards.

8. International data transfers

Because Localty operates across borders, your data may be transferred outside your country or the European Economic Area. Where this happens, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses or an adequacy decision.

9. Data retention

We keep personal data only for as long as necessary for the purposes described above, then delete or anonymize it. Account data is retained while your account is active; certain records (e.g. transactions) may be retained longer to meet legal obligations.

10. Your rights under the GDPR

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request erasure (the “right to be forgotten”).
  • Restrict or object to certain processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time, without affecting prior processing.
  • Lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at [privacy@localty.example]. We respond within the timeframes required by law.

11. Security

We use technical and organizational measures — including encryption in transit, access controls, and role-based permissions — to protect your data. No system is perfectly secure, but we work continuously to safeguard your information.

12. Children

The Platform is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the Platform or by email. The “Last updated” date reflects the latest version.

14. Contact us

Data Controller: [Company Legal Name]
Address: [Registered Address]
Privacy contact: [privacy@localty.example]
General contact: [hello@localty.example]