GDPR Compliance
Last updated: November 29, 2025
1. Introduction
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to organizations processing personal data of individuals in the European Economic Area (EEA). TravelBlogr is committed to complying with GDPR and protecting your privacy rights.
2. Your Rights Under GDPR
If you are located in the EEA, you have the following rights regarding your personal data:
2.1 Right to Access
You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format.
How to exercise: Email us at privacy@travelblogr.com with the subject "GDPR Access Request"
2.2 Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data.
How to exercise: Update your information in your account settings, or contact us at privacy@travelblogr.com
2.3 Right to Erasure ("Right to be Forgotten")
You have the right to request deletion of your personal data in certain circumstances, such as when:
- The data is no longer necessary for the purposes it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
How to exercise: Delete your account in settings, or email us at privacy@travelblogr.com with the subject "GDPR Erasure Request"
2.4 Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.
How to exercise: Email us at privacy@travelblogr.com with the subject "GDPR Portability Request"
2.5 Right to Restrict Processing
You have the right to request restriction of processing of your personal data in certain circumstances.
2.6 Right to Object
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
2.7 Right to Withdraw Consent
Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.
2.8 Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where an alleged infringement of GDPR occurred.
3. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Consent: You have given clear consent for us to process your personal data for specific purposes
- Contract: Processing is necessary to fulfill our contract with you (providing the Service)
- Legal Obligation: Processing is necessary to comply with legal obligations
- Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving our service, preventing fraud) and does not override your rights
4. Data We Collect
We collect and process the following categories of personal data:
- Identity Data: Name, username, email address
- Profile Data: Profile picture, bio, preferences
- Content Data: Travel stories, photos, comments you create
- Technical Data: IP address, browser type, device information
- Usage Data: How you interact with our platform
For more details, see our Privacy Policy.
5. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
- Account Data: Retained while your account is active, deleted within 30 days of account deletion
- Content: Retained while your account is active, deleted with account deletion
- Analytics Data: Anonymized after 26 months
- Legal Requirements: Some data may be retained longer if required by law
6. International Data Transfers
Your personal data may be transferred to and processed in countries outside the EEA. We ensure appropriate safeguards are in place:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Binding Corporate Rules
Our service providers (Supabase, Railway, Cloudinary) have appropriate data protection measures in place.
7. Data Security
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk:
- Encryption of data in transit (HTTPS/TLS)
- Encryption of data at rest
- Regular security assessments
- Access controls and authentication
- Employee training on data protection
8. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
- Notify affected individuals without undue delay if the breach is likely to result in a high risk
- Provide information about the nature of the breach and measures taken
9. Automated Decision-Making
We may use automated decision-making in limited circumstances:
- Content Recommendations: AI-powered suggestions for travel destinations and content
- Spam Detection: Automated filtering of spam and abusive content
You have the right to request human intervention, express your point of view, and contest automated decisions.
10. How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us:
- Email: privacy@travelblogr.com
- Subject Line: Include "GDPR Request" and specify which right you're exercising
- Response Time: We will respond within 30 days (may be extended by 2 months for complex requests)
We may need to verify your identity before processing your request. We will not charge a fee unless your request is manifestly unfounded or excessive.
11. Supervisory Authority
If you are not satisfied with our response or believe we are processing your data unlawfully, you have the right to lodge a complaint with your local data protection authority. You can find your local authority at:
European Data Protection Board - List of Supervisory Authorities
12. Contact Information
For any questions about GDPR compliance or to exercise your rights: