Privacy Policy

Last updated: April 1, 2026

1. Introduction

Viajamas ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Viajamas platform and website at viajamas.co. Please read this policy carefully. If you disagree with its terms, please discontinue use of our Services.

We are committed to being transparent about the data we collect and how we use it. This policy applies to all users of the Viajamas website, mobile applications, and any other digital properties we operate (collectively, the "Services"). We update this Privacy Policy from time to time, and we encourage you to review it periodically.

2. Information We Collect

Information you provide directly: When you create an account, we collect your name, email address, and password. When you use our platform, you may provide additional information such as your phone number, profile photo, travel preferences, home city, frequent flyer numbers, passport and visa details, hotel and flight booking confirmations, trip notes, and any other documents you choose to store. You may also provide payment information when subscribing to a paid plan, although full payment card details are handled exclusively by our PCI-DSS compliant payment processors.

Usage data: We automatically collect data about how you interact with our Services. This includes pages and features accessed, time and duration of visits, click paths, search queries within the platform, device type and operating system, browser type and version, IP address (used for geolocation at the country/city level only), referring URLs, and crash or error reports.

Communications data: If you contact our support team, we retain records of that correspondence including the content of messages, timestamps, and any attachments you share with us in the context of resolving your issue.

Information from third parties: If you choose to connect third-party services (such as Google Calendar, Gmail for flight confirmation parsing, or airline loyalty programs), we receive data from those services only to the extent necessary to provide the integration you requested. We do not store third-party credentials — OAuth tokens are used and stored securely in encrypted form.

Cookies and tracking technologies: We use cookies and similar technologies as described in our Cookie Policy. Briefly, these include session authentication cookies, preference cookies, and optional analytics cookies. We do not use advertising cookies or cross-site tracking technologies.

3. How We Use Your Information

We use the information we collect for the following purposes:

Providing and improving the Services: To create and manage your account, enable you to build and share itineraries, store travel documents, track travel budgets, and access all platform features. We analyze usage patterns in aggregate to identify which features are most valuable and how to improve them.

Communications: We send transactional emails including account confirmations, password reset links, subscription receipts, and important service notices. With your consent, we may also send product update newsletters and travel tips. You can unsubscribe from marketing communications at any time.

Support: To respond to your questions and resolve issues with your account or the platform.

Security and fraud prevention: To detect and prevent unauthorized access, abuse, fraud, and other harmful activity. We monitor for anomalous login patterns and suspicious account activity.

Legal compliance: To comply with applicable laws, respond to lawful requests from public authorities, enforce our Terms of Service, and protect our legal rights.

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We do not use your travel itinerary data, travel documents, or trip notes for advertising targeting.

4. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area or the United Kingdom, we process your personal data only when we have a valid legal basis to do so:

Contract performance: Processing necessary to provide the Services you have requested, including maintaining your account, storing your data, and enabling collaboration features.

Legitimate interests: Processing for our legitimate business interests such as improving our Services, preventing fraud, and ensuring platform security, where these interests are not overridden by your rights.

Consent: Processing based on your explicit consent, such as optional analytics cookies or marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.

Legal obligation: Processing required to comply with applicable law, including tax and accounting obligations and responses to lawful legal process.

5. Data Security

We implement robust technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Encryption: All data stored in our systems is encrypted at rest using AES-256 encryption. All data in transit between your device and our servers is protected by TLS 1.3. Documents and itinerary content are encrypted at the application layer in addition to storage-level encryption.

Access controls: We implement strict role-based access controls. Viajamas employees can access personal data only on a need-to-know basis for customer support and operational purposes. All internal access is logged and audited.

Infrastructure security: Our platform is hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification. We conduct regular vulnerability assessments and penetration tests. We maintain a formal incident response plan.

Employee training: All employees with access to personal data receive regular privacy and security training. We maintain strict data handling policies and conduct background checks on employees with access to sensitive data.

Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. If you believe your account has been compromised, please contact us immediately at security@viajamas.co.

6. Data Retention

We retain your personal data for as long as your account is active and for a reasonable period thereafter to comply with our legal obligations, resolve disputes, and enforce our agreements.

When you delete your account, we begin the account deletion process within 30 days. Your personal data, itineraries, documents, and account information are permanently deleted from our production systems within 30 days of account deletion. Backups containing your data are purged within 90 days of the deletion date. Some data may be retained longer where required by law (for example, financial transaction records may be retained for up to 7 years to comply with tax regulations).

If you delete specific content (such as a stored document or itinerary) without deleting your account, that content is deleted from our production systems within 7 days and from backups within 90 days.

Usage logs and analytics data in anonymized, aggregated form may be retained indefinitely as they cannot be linked back to individual users.

7. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right of access: You may request a copy of the personal data we hold about you. We will provide this in a structured, commonly used, machine-readable format within 30 days of your request.

Right to rectification: You may correct inaccurate or incomplete personal data. Most account information can be updated directly in your account settings.

Right to erasure: You may request deletion of your personal data. You can delete your account (and all associated data) directly through Settings > Account > Delete Account. Alternatively, contact us at privacy@viajamas.co.

Right to data portability: You may export your data (itineraries, documents, and account information) at any time through Settings > Export Data. We provide exports in standard formats (JSON, PDF).

Right to restriction: In certain circumstances, you may request that we restrict the processing of your personal data.

Right to object: You may object to processing of your personal data based on our legitimate interests. You may also opt out of marketing communications at any time.

Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time through your account settings or by contacting us.

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what categories of personal information are collected, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising privacy rights.

To exercise any of these rights, contact us at privacy@viajamas.co. We will respond within 30 days. We may need to verify your identity before processing your request.

8. Cookies and Tracking

We use cookies and similar technologies to operate and improve our Services. See our Cookie Policy for a complete description of the cookies we use, their purposes, and how you can manage them. In summary:

Essential cookies are required for the platform to function and cannot be disabled. Analytics and functionality cookies are optional and require your consent. We do not use advertising or cross-site tracking cookies. You can manage your cookie preferences through the cookie banner on first visit or through Settings > Privacy > Cookie Preferences at any time.

9. Third-Party Services and Data Sharing

We share data with third parties only in the following circumstances:

Service providers: We use carefully selected third-party service providers to support our operations. These include cloud infrastructure providers, payment processors, customer support software, and email delivery services. All service providers are bound by data processing agreements that prohibit them from using your data for any purpose other than providing services to us and require them to maintain appropriate security standards.

Integration partners: If you choose to connect third-party services (such as Google Calendar or airline loyalty programs), we share only the minimum data required to enable the integration.

Legal process: We may disclose personal data if required by law, court order, or government regulation, or if we believe in good faith that disclosure is necessary to protect our legal rights, enforce our policies, or protect the safety of our users or the public. When legally permissible, we will notify you of such requests.

Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the acquiring entity. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

We never share your personal data with data brokers, advertising networks, or third parties for their own marketing purposes.

10. International Data Transfers

Viajamas is headquartered in Peru. If you are accessing our Services from outside Peru, your personal data will be transferred to and processed in Peru, where data protection laws may differ from those in your country.

For users in the EEA, UK, and Switzerland, we ensure that international transfers are protected by appropriate safeguards including Standard Contractual Clauses approved by the European Commission. We regularly review our transfer mechanisms to ensure compliance with applicable law.

11. Children's Privacy

Our Services are not directed to children under the age of 13 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@viajamas.co and we will promptly delete that information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting a prominent notice on our website and, where appropriate, sending an email to the address associated with your account at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

The date at the top of this Privacy Policy indicates when it was last updated. We encourage you to review this page periodically to stay informed about our privacy practices.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@viajamas.co
Mail: Viajamas, Inc., Attention: Privacy Team
Av. Javier Prado Este 4200
Lima 15023, Peru

For EEA/UK users, if you believe we have processed your personal data in violation of applicable law, you have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we can attempt to resolve your concern directly.