Privacy Policy

Last updated: April 2026

This Privacy Policy explains how Wannago ("we", "us", "our") collects, uses and protects your personal data when you use wannago.world (the "Platform").

Wannago is operated as a sole trader under Dutch law by Privilege Mendes, based in the Netherlands. As a Dutch operator serving EU users, we are subject to the EU General Data Protection Regulation (GDPR) and supervised by the Autoriteit Persoonsgegevens (AP), the Dutch data protection authority.

For privacy queries: privacy@wannago.world

1. What Data We Collect

Data you provide directly

  • Account data: email address, username, display name
  • Profile data: avatar, travel history, countries visited, group trips completed, travel preferences
  • Content: posts, comments, experience reviews and any other content you submit to the Platform
  • Communications: any messages you send to us directly

Data collected automatically

  • Usage data: pages visited, features used, time spent on the Platform
  • Device data: browser type, operating system, device type, IP address
  • Cookies and similar technologies: see our Cookie section below

Data from third parties

If you sign in with Google or another OAuth provider, we receive basic profile information (name, email, profile picture) from that provider in accordance with their privacy policy and your settings with them

2. How We Use Your Data

We use your data to:

  • Provide the Platform — create and manage your account, display your profile and content, enable posting and commenting
  • Personalise your experience — show relevant trips, destinations and community content based on your travel history and preferences
  • Improve the Platform — understand how users interact with the Platform, fix bugs, develop new features
  • Safety and moderation — detect and prevent spam, abuse and violations of our Terms of Use
  • Communications — send you account-related emails (password resets, notifications you have opted into), and occasional product updates
  • Legal compliance — comply with applicable laws and regulations

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

3. Milo — Our Automated Agent

Wannago operates an automated community agent called Milo. Milo reads public posts on the Platform to identify unanswered questions and surface relevant past discussions. Milo does not access your private data, does not process data beyond what is visible in public posts, and is clearly identified as a system agent on all content it produces.

4. Legal Bases for Processing (GDPR)

Wannago is subject to the EU General Data Protection Regulation (GDPR) as a Netherlands-based operator. We process your personal data under the following legal bases:

  • Contract (Article 6(1)(b)): processing necessary to provide you with the Platform — account creation, displaying your content, enabling posting and commenting
  • Legitimate interests (Article 6(1)(f)): improving the Platform, preventing abuse, ensuring security — where these interests are not overridden by your fundamental rights and freedoms
  • Consent (Article 6(1)(a)): for non-essential cookies and optional marketing communications — you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal
  • Legal obligation (Article 6(1)(c)): where we are required to process data by EU or Dutch law

5. Data Sharing

We share your data only in the following circumstances:

  • Service providers: we use third-party services to operate the Platform, including Supabase (database and authentication) and Vercel (hosting). These providers process data on our behalf under data processing agreements
  • Authentication providers: if you sign in with Google, your authentication is handled by Google in accordance with their privacy policy
  • Legal requirements: we may disclose data if required by law, court order or to protect the rights and safety of Wannago or others
  • Business transfers: if Wannago is acquired or merges with another entity, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy

We do not share your personal data with tour operators, advertisers or any other commercial third parties.

6. Your Public Content

Posts, comments and experience reviews you submit to the Platform are publicly visible by default. Your username and profile information associated with your posts are also public. Search engines and AI crawlers may index this content.

Your email address, birthday, and any private profile fields are never publicly displayed.

If you delete a post, it will be removed from public view. However, copies may persist in backups for a limited period.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Platform. If you delete your account:

  • Your profile and personal data are deleted within 30 days
  • Public posts you made may remain on the Platform in anonymised form unless you specifically request their removal
  • Backups are purged within 90 days

We retain certain data for longer where required by law or for legitimate business purposes (e.g. fraud prevention records).

8. Cookies

We use cookies and similar technologies for:

  • Essential cookies: required for the Platform to function (authentication, session management). These cannot be disabled.
  • Analytics cookies: help us understand how the Platform is used. We use privacy-friendly analytics that do not track you across other sites.

You can control non-essential cookies through your browser settings. Disabling cookies may affect Platform functionality.

9. Your Rights Under GDPR

As an EU resident (and as a matter of our policy for all users), you have the following rights regarding your personal data:

  • Access (Article 15): request a copy of the personal data we hold about you
  • Correction (Article 16): request correction of inaccurate or incomplete data
  • Deletion (Article 17): request deletion of your personal data ("right to be forgotten") where we have no legitimate reason to continue processing it
  • Portability (Article 20): request your data in a structured, machine-readable format
  • Objection (Article 21): object to processing based on legitimate interests
  • Restriction (Article 18): request we restrict processing in certain circumstances
  • Withdraw consent: where processing is based on consent, withdraw it at any time via your account settings or by contacting us

To exercise any of these rights, contact us at privacy@wannago.world. We will respond within 30 days as required by GDPR. We may need to verify your identity before processing your request.

If you are unsatisfied with our response, you have the right to lodge a complaint with the Autoriteit Persoonsgegevens (AP), the Dutch data protection authority:

Autoriteit Persoonsgegevens
Website: autoriteitpersoonsgegevens.nl
Phone: +31 (0)70 888 85 00

10. Children's Privacy

Wannago is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided us with personal data, please contact us at privacy@wannago.world and we will delete it promptly.

11. International Data Transfers

Wannago uses infrastructure providers whose servers may be located outside the EEA. Specifically:

  • Supabase — database hosted in EU region (eu-central-1, Frankfurt). Data remains within the EEA.
  • Vercel — hosting provider. Vercel operates under Standard Contractual Clauses (SCCs) for any data processed outside the EEA.

Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V, including Standard Contractual Clauses where required.

12. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss or disclosure. These include encrypted connections (HTTPS), secure authentication via Supabase, and access controls limiting who can access your data.

No system is completely secure. If you suspect a security issue, please contact us immediately at security@wannago.world

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or by a notice on the Platform. Your continued use of the Platform after changes are posted constitutes your acceptance of the updated Policy.

14. Contact and Data Controller

Wannago is the data controller for personal data processed through the Platform.

Data controller: Privilege Mendes, trading as Wannago
Address: Anton Philipslaan, Eindhoven, Netherlands 5616 TW
Email: privacy@wannago.world

Under GDPR, as a sole trader operating without a designated Data Protection Officer (DPO) — which is not required at our current scale — all data protection queries are handled directly by the data controller.

Your supervisory authority is the Autoriteit Persoonsgegevens (AP): autoriteitpersoonsgegevens.nl