Legal & Data Protection

Privacy & Cookie Policy

Last Updated: April 2026 | Version 2.0 | Governing Law: England & Wales

Who we are
Data we collect & why
Biometric & identity verification data
Lousan AI Voice Concierge data
Affiliate & cookie data
Data sharing & sub-processors
International data transfers
Your rights under UK GDPR
Data security
Retention periods
Cookies
Changes to this policy
Contact us

SOLOgetaways ("we", "us", "our") is dedicated to protecting the privacy of every member of our community — solo travellers, solo parents, and women who use our platform. This policy explains clearly and honestly how we collect, use, and protect your personal data.

1. Who We Are

SOLOgetaways operates the website sologetaways.com and the Lousan AI Voice Concierge service. We are the Data Controller for all personal data processed in connection with our services under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For all data protection matters, contact us at: hello@sologetaways.com

2. Data We Collect & Why

2a. Standard Membership Data

When you purchase a membership or join our waitlist, we collect:

Full name and email address
Payment information (processed securely by Stripe — we never store card data)
Membership tier, start date, and renewal status
Travel preferences and interests you voluntarily share
Travel profile information (solo adventurer, solo parent, etc.)

Legal basis: Contract performance (Article 6(1)(b) UK GDPR) — this data is necessary to provide you with the membership you have purchased.

2b. Enquiry & Communications Data

When you submit an enquiry or sign up for our newsletter or Lousan waitlist, we collect your name, email address, and the content of your enquiry.

Legal basis: Consent (for marketing and waitlist communications) and legitimate interests (for responding to service enquiries).

3. Biometric & Identity Verification Data

Special Category Data Notice: Biometric data used for identification is classified as Special Category Data under UK GDPR Article 9 — the highest protection tier. We handle this data with the utmost care and in full compliance with our legal obligations.

To access our Buddy-Up matching feature (Phase 2), members are required to complete a one-time biometric identity verification. This process involves:

A photograph of a government-issued identity document (passport or national ID)
A real-time liveness selfie matched against the identity document
Automated verification of document authenticity

How it works

Verification is performed exclusively by our authorised sub-processor, Stripe Identity. SOLOgetaways does not store, view, or retain biometric images or document scans directly. Stripe processes this data on our behalf under a Data Processing Agreement and their own privacy policy, available at stripe.com/privacy.

What we retain

We retain only a verification status flag ("Verified" / "Not Verified") and the date of verification — not the biometric data itself.

Legal basis: Explicit consent (Article 9(2)(a) UK GDPR). You will be asked to provide clear, informed, freely given consent before any biometric verification takes place. You may withdraw consent at any time, though doing so will remove access to the Buddy-Up matching feature.

Retention: Verification status is retained for the duration of your active membership and deleted within 30 days of membership expiry or cancellation.

4. Lousan AI Voice Concierge Data

Lousan is coming soon. This section describes how data will be handled once Lousan launches. We are publishing this now so you have full transparency before the service goes live.

When you activate a Lousan Voice Pass, our AI concierge (powered by Voiceflow) will process the following data during your active trip period:

Voice inputs and transcriptions during active concierge sessions
Expense and ledger entries you dictate via the Voice Ledger feature
Location data, where voluntarily shared for the Safety Check-In feature
Session timestamps and duration

Safety Check-In Feature

When you activate the Safety Check-In feature, scheduled check-in messages are sent to your nominated emergency contact. This feature does not record continuous ambient audio. By activating this feature you consent to your nominated contact receiving automated check-in alerts on your behalf.

Legal basis: Contract performance and consent. Voice session data is used solely to deliver the concierge service during your active pass period.

Retention: Voice session data is retained for 7 days following your trip end date to allow ledger review, then permanently deleted. We do not use your voice data for AI training purposes without separate explicit consent.

Sub-processor: Voiceflow Inc. processes voice and conversational data on our behalf. Their privacy policy is available at voiceflow.com/privacy.

5. Affiliate & Cookie Data

When you click links to our partner providers — including Klook, SEARADAR, Welcome Pickups, NordVPN, and EKTA — a referral cookie may be placed on your device via Travelpayouts and other affiliate networks. This allows our partners to attribute the referral and pay us a commission at no additional cost to you.

This is standard practice for independent travel concierge services and is disclosed transparently on our website. We never allow advertisers to pay to influence our recommendations.

Legal basis: Legitimate interests and, where required by law, consent via our cookie notice.

6. Data Sharing & Sub-Processors

We do not sell your personal data. We share data only with the following authorised sub-processors, each bound by appropriate Data Processing Agreements:

Stripe Inc. — payment processing and identity verification (stripe.com/privacy)
Voiceflow Inc. — AI voice concierge processing (voiceflow.com/privacy)
Zapier Inc. — workflow automation (zapier.com/privacy)
Travelpayouts & affiliate networks — referral tracking for partner bookings

We may also share data where required by law, regulation, or court order, or to protect the rights and safety of our members or third parties.

7. International Data Transfers

Some of our sub-processors — including Stripe and Voiceflow — are based in the United States. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the ICO, or reliance on an adequacy decision where applicable.

8. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

Right of access — request a copy of the data we hold about you
Right to rectification — request correction of inaccurate data
Right to erasure — request deletion of your data
Right to restriction — request we limit processing of your data
Right to portability — receive your data in a machine-readable format
Right to object — object to processing based on legitimate interests
Right to withdraw consent — for any processing based on consent, including biometric verification and marketing communications

To exercise any of these rights, contact us at hello@sologetaways.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe we have mishandled your personal data.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

SSL/TLS encryption for all data in transit
Access controls limiting data to authorised personnel only
Regular review of our security practices and sub-processor arrangements
Secure payment processing through Stripe — we never store card data

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and affected individuals without undue delay.

10. Retention Periods

Membership account data: duration of membership plus 2 years
Biometric verification status: duration of membership plus 30 days
Lousan voice session data: 7 days from trip end date
Financial transaction records: 7 years (statutory requirement)
Marketing communications: until you unsubscribe or withdraw consent
Enquiry data: 12 months from last contact

11. Cookies

We use the following categories of cookies:

Strictly necessary: Required for the site to function correctly. No consent required.
Analytics: Help us understand how visitors use the site. Consent required.
Affiliate / marketing: Referral tracking for partner commission. Consent required.

You can manage or disable cookies at any time through your browser settings. Disabling affiliate cookies does not affect your ability to use our site or access partner services.

12. Changes to This Policy

We may update this policy from time to time to reflect changes in our services or legal obligations. We will notify active members of any material changes by email at least 14 days before they take effect. The current version is always available at sologetaways.com/privacy.html.

13. Contact Us

For any questions about this policy or how we handle your personal data, please contact us:

SOLOgetaways
Email: hello@sologetaways.com
Website: sologetaways.com

We aim to respond to all data protection queries within 5 working days and are required to respond within 30 days under UK GDPR.

← Return to Home