Guide ValidatorGuide Validator

Privacy Policy

1. Introduction

Guide Validator is a marketplace platform connecting licensed tour guides with travel agencies, DMCs, and transport providers. We are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

As a marketplace platform, we process data both for platform operations and to facilitate connections between service providers and clients. This policy covers both uses of your data.

2. Data We Collect

We collect different types of data depending on your role on the platform:

All Users:

  • Account Information: Name, email address, password (encrypted), account type, registration date
  • Contact Information: Email address, phone number (optional), business address (for agencies/DMCs)
  • Technical Data: IP address, browser type, device information, session data, cookies
  • Usage Data: Pages visited, searches performed, profiles viewed, time spent on platform

Tour Guides:

  • License Information: License number, card type, issuing authority, expiration date, verification status
  • Professional Profile: Bio, headline, specialties, languages, years of experience, certifications
  • Business Information: Service areas, rates, currency preferences, availability, liability insurance status
  • Media: Profile photos, portfolio images, promotional materials
  • Reviews & Ratings: Feedback from agencies and clients

Agencies, DMCs & Transport Providers:

  • Business Information: Company name, business registration, location, service offerings
  • Profile Data: Company description, specializations, target markets
  • Booking History: Past connections, guide preferences, communication records

Communication Data:

  • Messages sent through the platform between users
  • Booking inquiries and responses
  • Support correspondence with Guide Validator

3. Google Calendar Integration & Limited Use Disclosure

For Tour Guides: We offer optional Google Calendar integration to help you manage your availability. When you connect your Google Calendar, we access the following data:

  • Calendar Events: Event titles, start times, end times, and status (confirmed/tentative/canceled)
  • Access Scope: Read-only access to your calendar (we cannot create, modify, or delete your calendar events)
  • OAuth Tokens: Secure authentication tokens to access your calendar on your behalf

Limited Use Disclosure:

Guide Validator's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

How We Use Your Google Calendar Data:

  • Availability Sync: We read your calendar events to automatically block out times when you're unavailable for guiding
  • Display on Profile: Your availability status is displayed to agencies/clients viewing your profile
  • Booking Prevention: Prevents double-booking by showing when you're unavailable
  • No Other Use: We do not use your calendar data for any other purpose, including marketing, analytics, or AI training

Data Storage & Retention:

  • OAuth Tokens: Stored securely in encrypted format in our database
  • Calendar Events: Temporarily processed to calculate availability; not permanently stored
  • Sync Logs: Basic sync metadata (timestamp, success/failure) retained for 90 days for troubleshooting
  • Upon Disconnection: All tokens and sync data are immediately deleted when you disconnect your calendar
  • Account Deletion: All Google Calendar connection data is permanently deleted within 48 hours of account deletion

Your Control:

  • Optional Feature: Calendar integration is completely optional; you can manage availability manually
  • Revoke Access Anytime: Disconnect your calendar from your account settings at any time
  • Google Account Settings: You can also revoke access directly from your Google Account permissions page
  • No Penalties: Disconnecting your calendar does not affect your account status or features

No Data Selling or Transfer: We never sell, rent, or transfer your Google Calendar data to third parties. Your calendar information is used solely for the availability management feature described above.

For more information about how Google handles your data, please review Google's Privacy Policy.

4. How We Use Your Data

We use your personal data for the following purposes:

Platform Operations:

  • Creating and managing your account
  • Verifying guide licenses and credentials
  • Displaying your profile in our marketplace directory
  • Facilitating connections between guides and agencies/clients
  • Processing and displaying reviews and ratings
  • Maintaining platform security and preventing fraud
  • Syncing availability for guides who connect their calendars (see Section 3)

Communications:

  • Sending booking notifications and messages between users
  • Platform updates, service announcements, and policy changes
  • Responding to support inquiries and resolving disputes
  • Marketing communications (with your consent, opt-out available)

Improvement & Analytics:

  • Analyzing platform usage to improve features and user experience
  • Understanding search patterns and matching effectiveness
  • Identifying and fixing technical issues
  • Note: Google Calendar data is never used for analytics or improvement purposes

Legal Compliance:

  • Complying with legal obligations and government requests
  • Enforcing our Terms of Service and preventing misuse
  • Protecting against fraud, abuse, and illegal activity

5. Data Sharing

As a marketplace platform, we share certain data to facilitate connections:

Public Profile Information:

  • Guide profiles (name, photo, bio, specialties, languages, experience) are visible to all platform visitors
  • Agency/DMC profiles (company name, description, service areas) are publicly visible
  • Reviews and ratings are publicly displayed on profiles
  • License verification status (verified/unverified) is publicly indicated
  • Availability status (available/busy) derived from calendar sync is publicly visible

Private Information (Never Shared):

  • Full license numbers (partially masked in public view)
  • Email addresses and phone numbers
  • Login credentials and passwords
  • Private messages between users
  • Booking history details
  • Google Calendar access tokens and calendar event details

Third-Party Service Providers:

We share limited data with trusted service providers who assist with:

  • Cloud hosting and infrastructure (Vercel, Supabase)
  • Email communications (Resend)
  • Analytics and performance monitoring (excluding Google Calendar data)
  • Security and fraud prevention

These providers are contractually bound to protect your data and may only use it to provide services to us. Google Calendar data is never shared with any third-party service providers.

Legal Requirements:

We may disclose your data when required by law, court order, or government request, or to protect our rights, property, or the safety of users.

6. Data Security

We implement industry-standard security measures to protect your data:

  • Encrypted data transmission using SSL/TLS
  • Encrypted password storage using bcrypt hashing
  • Google OAuth tokens encrypted at rest in our database
  • Secure cloud infrastructure with regular backups
  • Access controls limiting employee access to personal data
  • Regular security audits and vulnerability assessments
  • Monitoring for suspicious activity and unauthorized access

While we take reasonable precautions, no internet-based service is 100% secure. You are responsible for maintaining the security of your account credentials.

7. Data Retention

We retain your personal data for as long as necessary to provide platform services and comply with legal obligations:

  • Active Accounts: Data is retained while your account is active
  • Closed Accounts: Core profile data may be retained for 30 days to allow account recovery, then deleted
  • Google Calendar Connections: Tokens and sync data deleted immediately upon disconnection or within 48 hours of account deletion
  • Reviews & Ratings: Retained indefinitely for marketplace integrity and transparency
  • Transaction Records: Retained for 7 years for legal and tax compliance
  • License Verification Records: Retained for 3 years after profile deletion for audit purposes

8. Your Privacy Rights

Depending on your location, you may have the following rights:

Access & Portability:

  • Request a copy of your personal data
  • Receive your data in a structured, machine-readable format

Correction & Deletion:

  • Update or correct inaccurate information in your profile
  • Request deletion of your account and associated data
  • Disconnect Google Calendar integration at any time from account settings
  • Note: Reviews you've written may be anonymized rather than deleted to preserve marketplace integrity

Restriction & Objection:

  • Object to processing of your data for marketing purposes
  • Request restriction of data processing in certain circumstances
  • Revoke calendar access permissions without affecting other account features

Withdrawal of Consent:

  • Withdraw consent for optional data processing (e.g., marketing emails, calendar sync)
  • Note: Some processing is necessary for platform operations and cannot be withdrawn while maintaining an account

To exercise these rights, contact us at info@guidevalidator.com. We will respond within 30 days.

9. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential Cookies: Required for platform functionality (login, session management, OAuth state)
  • Analytics Cookies: Help us understand how users interact with the platform (excluding calendar data)
  • Preference Cookies: Remember your language, search filters, and display preferences

You can control cookie settings through your browser, though disabling essential cookies may limit platform functionality.

10. International Data Transfers

Guide Validator operates globally. Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place when transferring data internationally, including:

  • Using service providers certified under data protection frameworks
  • Implementing standard contractual clauses
  • Ensuring adequate data protection measures in destination countries
  • Google Calendar data remains protected under Google's security infrastructure

11. Children's Privacy

Guide Validator is not intended for users under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has provided data to us, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or platform notification at least 30 days before taking effect. Your continued use of the platform after changes become effective constitutes acceptance of the updated policy.

13. Contact Us

For questions, concerns, or to exercise your privacy rights, please contact us at: info@guidevalidator.com

For data protection inquiries in specific jurisdictions, you may also contact your local data protection authority.

Last updated: January 11, 2026

VisaValidator advertisement