Effective date: this document is effective as of the date of your visit.
Palmabook Holdings, Inc. (a Delaware C-Corporation)
Delaware registered office / principal business address: 300 Delaware Ave, Suite 210, Wilmington, DE 19801, USA.
Contact: partners@palmabook.com · +1 (855) 448-2665 (AI agent line)

Privacy Policy

Palmabook Holdings Inc. (“Palmabook,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal data in accordance with applicable law, including the EU General Data Protection Regulation 2016/679 (“GDPR”), the UK GDPR, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), Brazil’s Lei Geral de Proteção de Dados (“LGPD”), Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”), and Mexico’s Ley Federal de Protección de Datos Personales en Posesión de los Particulares (“LFPDPPP”).

This Privacy Policy explains how Palmabook collects, uses, discloses, stores, and otherwise processes personal data when you use palmabook.com, our mobile or web-based services, customer support channels, booking flows, host onboarding tools, and related services (collectively, the “Services”).

Palmabook operates a marketplace for vacation rentals and related travel services. Guests may browse and book accommodations through our platform, and hosts or property partners may list, synchronize, and manage inventory through our systems and payment infrastructure.

1. Introduction and Scope

1.1 Scope of this Privacy Policy

This Privacy Policy applies to personal data processed by Palmabook in connection with:

  1. Use of palmabook.com and any localized or translated versions of the site;
  2. Creation and administration of user accounts;
  3. Booking inquiries, reservations, payments, cancellations, refunds, and dispute handling;
  4. Host onboarding, property listing, KYC/KYB, and payout processing;
  5. Communications with us by email, contact form, chat, WhatsApp verification, SMS, phone, or social channels;
  6. Marketing, analytics, advertising, and measurement technologies where permitted by law and consent preferences;
  7. Security, fraud prevention, trust and safety, and legal compliance activities.

1.2 Persons Covered

This Privacy Policy applies to:

  • Guests and prospective guests;
  • Hosts, property owners, managers, and their authorized representatives;
  • Website visitors;
  • Customer support contacts;
  • Individuals who communicate with us or are involved in a booking;
  • Business partners where personal data is processed in a consumer-facing context.

1.3 What this Policy Does Not Cover

This Privacy Policy does not directly govern:

  1. Personal data processed by third parties acting as independent controllers, such as Stripe, Google, Twilio, Airbnb, Booking.com, Vrbo, Expedia, or other online travel agencies (“OTAs”), when they collect data under their own privacy notices;
  2. Offline or employment-related processing not connected to the Services;
  3. Anonymous, aggregated, or de-identified information that cannot reasonably identify an individual.

1.4 Role of Palmabook in the Marketplace

Palmabook generally acts as the data controller for personal data processed through our marketplace, account services, booking management, customer communications, fraud prevention, and marketing activities. In limited situations, Palmabook may act as a processor/service provider for host-facing services or operational processing performed on behalf of another party. Where that is the case, our obligations will be governed by applicable law and our contractual arrangements.

2. Data Controller Identity

2.1 Primary Controller

The primary controller for personal data covered by this Privacy Policy is:

Palmabook Holdings Inc

A Delaware corporation

Delaware, United States

Email: partners@palmabook.com

2.2

Where operational, customer support, fulfillment, or local compliance activities are carried out in Mexico, such processing may also involve:

Palmabook Holdings, Inc.

Mexico

(

Where legally required, Palmabook Holdings Inc and Palmabook Holdings, Inc. may act as joint or affiliated controllers for certain regional processing activities.

2.3 EU / UK Representative

If Palmabook is required to appoint a representative under Article 27 GDPR or the UK GDPR, the name and contact details of such representative will be published here and made available to data subjects before or at the time such appointment becomes legally required.

2.4 Data Protection Officer

Palmabook will appoint a Data Protection Officer (“DPO”) where legally required or operationally appropriate. If appointed, the DPO’s contact details will be published here.

DPO Contact:

General privacy inquiries may always be sent to: partners@palmabook.com

3. Personal Data We Collect

We collect personal data directly from you, automatically from your device or browser, from payment and verification providers, from travel and distribution partners, and from public or lawful third-party sources where permitted by law.

3.1 Account and Identity Information

When you create an account, log in, or manage your profile, we may collect:

  1. Full name;
  2. Email address;
  3. Telephone number;
  4. Password credentials (stored in hashed form, not plaintext);
  5. Authentication data for login and account recovery;
  6. Language and locale preferences;
  7. Country of residence;
  8. Profile settings and account preferences.

3.2 Authentication and Access Credentials

To secure accounts and authenticate users, we may process:

  1. Email verification data;
  2. WhatsApp OTP or SMS verification metadata through Twilio Verify;
  3. Device or session indicators associated with successful or failed login attempts;
  4. Passkey registration and authentication events.

Important: Palmabook supports FIDO2/WebAuthn passkeys. The private cryptographic key for a passkey remains on your device, browser secure enclave, password manager, or operating system keychain. Palmabook does not receive or store your private passkey material. We may store only the public key, key identifier, attestation or registration metadata, and authentication logs necessary to enable secure passwordless login.

3.3 Booking and Transaction Data

When you search, request, confirm, modify, or cancel a reservation, we may collect:

  1. Check-in and check-out dates;
  2. Number of guests;
  3. Destination and property preferences;
  4. Booking ID and reservation status;
  5. Property selected, host identity, and listing details;
  6. Special requests, arrival information, accessibility requests, and communications relevant to the stay;
  7. Cancellation, refund, chargeback, or dispute information;
  8. Invoices, receipts, and tax-related records;
  9. Travel history on our platform.

3.4 Payment Information

Palmabook uses Stripe Elements and Stripe Connect to process payments and partner onboarding.

We do not store full primary payment card numbers on our own systems. Payment information is generally collected and tokenized by Stripe. We may receive and store limited payment-related information such as:

  1. Payment token or payment method identifier;
  2. Card brand and last four digits;
  3. Billing name and billing address;
  4. Payment status, authorization, capture, refund, and dispute data;
  5. Fraud screening results and risk indicators;
  6. Host KYC/KYB status and payout eligibility information via Stripe Connect Express.

For hosts, payout onboarding may involve collection or receipt of:

  • Legal name;
  • Date of birth where required;
  • Tax ID or government identification details where legally required;
  • Bank account or payout destination details;
  • Business registration information;
  • Beneficial ownership or controlling person information.

Much of this information is collected directly by Stripe and processed under Stripe’s own legal obligations as a regulated payments provider.

3.5 Communications and Support Data

If you contact us or communicate through the platform, we may collect:

  1. Emails, support tickets, and contact form submissions;
  2. Chat, messaging, or customer service transcripts;
  3. Call records or voicemail where supported and legally permitted;
  4. WhatsApp communication metadata and verification events;
  5. Feedback, reviews, complaints, and survey responses.

3.6 Device, Technical, and Usage Data

When you use the Services, we may automatically collect:

  1. IP address;
  2. Browser type and version;
  3. Device identifiers and device type;
  4. Operating system;
  5. Referral URLs;
  6. Pages viewed, clicks, session duration, and navigation paths;
  7. Time zone settings;
  8. Error logs, crash logs, and diagnostic information;
  9. Security logs and suspicious activity indicators.

3.7 Location Data

We may infer approximate geographic location from:

  1. Your IP address;
  2. Browser locale;
  3. Country or region selected by you.

We do not generally collect precise GPS location unless specifically enabled in a future product feature and with any required notice or consent.

3.8 Marketing and Advertising Data

With your consent where required, we may collect:

  1. Cookie identifiers;
  2. Advertising and campaign interaction data;
  3. Google Ads conversion data;
  4. Attribution and remarketing signals;
  5. Newsletter preferences and engagement metrics.

3.9 Data from Third Parties and Partners

We may receive personal data from:

  1. Payment processors such as Stripe;
  2. Verification providers such as Twilio;
  3. Analytics and advertising providers such as Google Analytics 4 and Google Ads;
  4. Mapping or geolocation services such as Google Maps;
  5. Affiliate and partner networks such as AWIN;
  6. Property distribution and synchronization partners, including Airbnb, Booking.com, Vrbo, and Expedia;
  7. Hosts, co-hosts, property managers, or booking participants who provide guest details.

3.10 Sensitive Personal Data

Palmabook does not intentionally seek to collect sensitive personal data except where strictly necessary and lawful, such as:

  • Accessibility or health-related requests voluntarily provided in connection with a stay;
  • Identity verification data required by payment, anti-fraud, anti-money laundering, tax, or legal compliance obligations.

Where required by law, we will obtain explicit consent or rely on another valid legal basis.

4. Legal Basis Under GDPR Article 6

For individuals in the European Economic Area (“EEA”), Switzerland, and the United Kingdom, Palmabook processes personal data only where a valid legal basis exists.

4.1 Performance of a Contract - Article 6(1)(b)

We process personal data where necessary to enter into or perform a contract with you, including to:

  1. Create and administer your account;
  2. Process booking requests and reservations;
  3. Provide customer support;
  4. Process payments, refunds, and cancellations;
  5. Enable host onboarding and payouts;
  6. Authenticate users and secure access to accounts.

4.2 Consent - Article 6(1)(a)

We rely on consent where required, including for:

  1. Non-essential cookies and similar technologies;
  2. Analytics tools such as Google Analytics 4 where consent is required;
  3. Personalized advertising or remarketing through Google Ads;
  4. Certain categories of direct marketing communications;
  5. Processing of certain special categories of personal data, where applicable.

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

4.3 Legitimate Interests - Article 6(1)(f)

We may process personal data based on legitimate interests, provided such interests are not overridden by your rights and freedoms. These interests include:

  1. Preventing fraud, abuse, and unauthorized access;
  2. Ensuring platform security and trust and safety;
  3. Improving our products, booking flow, customer support, and user experience;
  4. Performing business analytics and internal reporting using proportionate safeguards;
  5. Enforcing our terms, policies, and legal rights;
  6. Sending non-promotional service-related communications;
  7. Limited direct marketing where permitted by law.

4.4 Legal Obligation - Article 6(1)(c)

We process personal data where necessary to comply with legal obligations, including:

  1. Tax and accounting rules;
  2. Anti-fraud, sanctions, anti-money laundering, and KYC/KYB requirements;
  3. Consumer protection obligations;
  4. Law enforcement or court orders where valid and applicable;
  5. Data protection compliance and recordkeeping obligations.

4.5 Vital Interests / Public Interest

In exceptional cases, we may process personal data where necessary to protect vital interests or where another lawful basis under applicable law applies.

4.6 LGPD Legal Bases

For individuals in Brazil, Palmabook may also rely on legal bases recognized under the LGPD, including:

  • performance of contract,
  • compliance with legal or regulatory obligation,
  • exercise of rights in legal proceedings,
  • legitimate interest,
  • and consent where required.

5. How We Use Your Data

Palmabook uses personal data to operate a trusted vacation rental marketplace and related support systems.

5.1 To Provide the Services

We use personal data to:

  1. Create and manage user accounts;
  2. Enable browsing, inquiry, and booking functionality;
  3. Confirm reservations and send itineraries or booking communications;
  4. Connect guests with hosts, property managers, or distribution partners;
  5. Facilitate stay-related communications and support.

5.2 To Process Payments and Host Payouts

We use personal data to:

  1. Process guest payments via Stripe;
  2. Tokenize and authenticate payment methods;
  3. Manage refunds, chargebacks, and transaction disputes;
  4. Conduct host onboarding through Stripe Connect Express;
  5. Assess payout eligibility and maintain financial records.

5.3 To Prevent Fraud and Enhance Security

We use personal data to:

  1. Detect suspicious logins, fake accounts, and payment fraud;
  2. Verify identities where necessary;
  3. Prevent spam, abuse, scraping, and account takeover;
  4. Secure accounts through email verification, OTP verification, and passkey authentication;
  5. Maintain logs, monitor system integrity, and investigate incidents.

5.4 To Provide Customer Support

We use personal data to respond to:

  1. Booking inquiries;
  2. Change or cancellation requests;
  3. Payment questions;
  4. Technical support matters;
  5. Complaints, disputes, and trust and safety issues.

5.5 To Improve Our Services

We use data to analyze site usage, troubleshoot errors, improve search and booking flows, optimize multilingual experiences, and assess performance of content and features.

5.6 To Send Marketing Communications

With consent where required, we may use your data to:

  1. Send promotional emails;
  2. Share travel deals, destination ideas, and product updates;
  3. Measure campaign effectiveness;
  4. Build audience segments and advertising attribution.

You can unsubscribe from marketing emails at any time using the unsubscribe link or by contacting us.

5.7 To Conduct Analytics and Advertising

With consent where required, we use technologies such as:

  • Google Analytics 4 property ID G-6Z719PJGL3
  • Google Ads account/conversion identifier AW-7996167009

These tools help us understand traffic sources, user behavior, conversions, and advertising performance. Consent Mode v2 settings may be used to adjust tag behavior based on your consent choices.

5.8 To Comply with Law and Protect Rights

We may use personal data to:

  1. Comply with tax, accounting, payment, KYC, sanctions, and legal obligations;
  2. Respond to lawful requests from regulators, courts, or authorities;
  3. Enforce our Terms of Service and other agreements;
  4. Defend against claims and manage legal proceedings.

6. Cookies and Similar Technologies

6.1 What We Use

Palmabook uses cookies, pixels, local storage, SDKs, tags, and similar technologies to operate and improve the Services.

6.2 Categories of Cookies

A. Strictly Necessary Cookies

These are required for the website to function and cannot be switched off in our systems. They may be used for:

  1. Session management;
  2. Login authentication;
  3. Security and fraud prevention;
  4. Load balancing;
  5. Consent preference storage.

These cookies are generally placed on the basis of contractual necessity or legitimate interest and do not require consent where local law exempts them.

B. Analytics Cookies

With consent where required, we use analytics technologies, including Google Analytics 4 (G-6Z719PJGL3), to understand usage patterns, measure engagement, and improve the Services.

C. Advertising Cookies

With consent where required, we use advertising technologies such as Google Ads (AW-7996167009) to measure ad performance, attribute conversions, and support remarketing or audience segmentation.

6.3 Consent Mode v2

Palmabook uses Google Consent Mode v2 to communicate your cookie and advertising consent preferences to Google tags. Depending on your selection, Google tags may operate in denied, basic, or consented modes, affecting the collection and use of analytics and advertising data.

6.4 How to Manage Cookies

You may manage cookies by:

  1. Using our cookie consent banner or privacy settings tool;
  2. Adjusting your browser settings;
  3. Clearing local storage or cookies on your device;
  4. Using opt-out tools made available by certain advertising providers.

Disabling certain cookies may affect website functionality.

7. Third-Party Services

Palmabook works with specialized service providers and partners. Depending on context, these third parties may act as processors, service providers, independent controllers, or joint controllers.

7.1 Payment Processing - Stripe

We use Stripe Elements and Stripe Connect for:

  • payment processing,
  • tokenization,
  • fraud detection,
  • KYC/KYB,
  • host onboarding,
  • and payouts.

Stripe may independently process certain personal data to meet financial regulatory obligations.

7.2 Verification and Messaging - Twilio

We use Twilio Verify for one-time password delivery and identity verification by WhatsApp or SMS. Twilio may process phone numbers, verification metadata, timestamps, and delivery information.

7.3 Analytics and Advertising - Google

We use Google services including:

  • Google Analytics 4
  • Google Ads
  • potentially Google Maps

These services may process device, usage, IP-derived, cookie, and event data in accordance with your settings and applicable law.

7.4 Hosting and Infrastructure - Infomaniak

We may use Infomaniak or affiliated providers in Switzerland for hosting, storage, email, and related infrastructure services.

7.5 Affiliate / Partner Tracking - AWIN

Where applicable, we may use AWIN or similar affiliate marketing networks to attribute referrals, conversions, and partner commissions.

7.6 OTA and Channel Synchronization

To synchronize availability, reservations, listing data, or operational details, Palmabook may exchange relevant booking or property information with:

  • Airbnb
  • Booking.com
  • Vrbo
  • Expedia
  • and other channel managers or OTA partners

7.7 Professional Advisors and Authorities

We may disclose personal data to:

  1. Lawyers, accountants, auditors, insurers, and compliance advisors;
  2. Law enforcement or regulators where legally required;
  3. Acquirers or investors in connection with a merger, financing, restructuring, or sale, subject to confidentiality and lawful safeguards.

Palmabook does not sell personal data for money. We also do not share personal data for cross-context behavioral advertising except to the limited extent that certain cookie-based advertising technologies may be deemed “sharing” under California law, in which case you may exercise opt-out rights as described below.

8. International Data Transfers

Palmabook operates internationally. Your personal data may be transferred to and processed in the United States, Mexico, Switzerland, the EEA, the UK, Canada, and other jurisdictions where we or our service providers operate.

8.1 Transfer Mechanisms

Where required by law, we use appropriate safeguards for cross-border transfers, including:

  1. Adequacy decisions recognized by applicable authorities;
  2. The EU-U.S. Data Privacy Framework, where applicable and available to a recipient;
  3. The UK Extension to the EU-U.S. Data Privacy Framework, where applicable;
  4. Standard Contractual Clauses (“SCCs”) approved by the European Commission;
  5. The UK International Data Transfer Addendum or equivalent mechanisms;
  6. Contractual and technical safeguards for onward transfers.

8.2 Transfers to the United States

Palmabook Holdings Inc. is based in the United States. Where personal data subject to GDPR or UK GDPR is transferred to the United States, Palmabook and its providers will rely on an available lawful transfer mechanism, such as SCCs or Data Privacy Framework participation where applicable.

8.3 Transfers Involving Mexico and Switzerland

Mexico and Switzerland may be involved in service delivery and infrastructure arrangements. Palmabook will implement legally appropriate safeguards for such transfers under GDPR, UK GDPR, LFPDPPP, and other applicable laws.

8.4 Requests for More Information

You may contact partners@palmabook.com to request more information about the safeguards applicable to cross-border transfers.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer period is required or permitted by law.

9.1 Retention Schedule

Palmabook generally applies the following retention periods:

  1. IP address logs: up to 30 days, except where longer retention is necessary for security incident investigation or legal obligations;
  2. Session data: up to 30 days;
  3. Account data: retained while your account remains active, and generally deleted or anonymized within 30 days after a valid deletion request, subject to legal retention obligations;
  4. Booking records, invoices, and tax/accounting documentation: typically 7 years or longer if required by law;
  5. Messages and customer support communications: up to 2 years after stay completion or dispute closure, unless a longer retention period is required;
  6. Marketing consent records: retained for as long as needed to demonstrate compliance and manage your preferences;
  7. Fraud, trust and safety, and security logs: retained for as long as reasonably necessary to prevent abuse, resolve disputes, or comply with law;
  8. Host payout and KYC/KYB records: retained in accordance with payment, tax, anti-fraud, and financial regulations.

9.2 Criteria Used

Retention depends on:

  • contractual necessity,
  • applicable legal obligations,
  • limitation periods,
  • ongoing disputes,
  • fraud prevention needs,
  • and the sensitivity and volume of the data.

10. Your Rights

Depending on your location, you may have rights regarding your personal data.

10.1 GDPR / UK GDPR Rights

If you are in the EEA, Switzerland, or the UK, you may have the right to:

  1. Access the personal data we hold about you;
  2. Rectify inaccurate or incomplete data;
  3. Erase your data in certain circumstances;
  4. Restrict processing in certain circumstances;
  5. Object to processing based on legitimate interests;
  6. Withdraw consent where processing is based on consent;
  7. Data portability for data processed by automated means on the basis of consent or contract;
  8. Lodge a complaint with a supervisory authority.

10.2 California Privacy Rights

If you are a California resident, subject to exceptions, you may have the right to:

  1. Know what categories of personal information we collect, use, disclose, sell, or share;
  2. Access specific pieces of personal information;
  3. Delete personal information;
  4. Correct inaccurate personal information;
  5. Opt out of “sale” or “sharing” of personal information as defined by California law;
  6. Limit use and disclosure of sensitive personal information, where applicable;
  7. Non-discrimination for exercising privacy rights.

Palmabook does not sell personal information for monetary consideration. If any use of advertising cookies or similar technologies constitutes “sharing” under California law, you may opt out through our cookie settings or by contacting us.

10.3 Brazil LGPD Rights

If you are in Brazil, you may have rights including:

  • confirmation of processing,
  • access,
  • correction,
  • anonymization, blocking, or deletion where applicable,
  • portability,
  • information about sharing,
  • and revocation of consent.

10.4 Mexico ARCO Rights

Under the LFPDPPP, individuals in Mexico may exercise ARCO rights:

  1. Access
  2. Rectification
  3. Cancellation
  4. Objection

You may also revoke consent where legally applicable, subject to exceptions.

10.5 Canada Rights

Individuals in Canada may request access to and correction of personal information, and may withdraw consent to certain uses, subject to legal or contractual restrictions.

10.6 How to Exercise Your Rights

To submit a privacy request, contact:

partners@palmabook.com

Please specify:

  • your name,
  • the email associated with your account,
  • your country/state of residence,
  • and the nature of your request.

We may need to verify your identity before fulfilling certain requests. Authorized agents may submit requests where permitted by law, subject to verification.

10.7 Response Timing

We will respond within the timeframes required by applicable law. If we cannot fulfill a request, we will explain the reasons, subject to legal limitations.

11. Children

Palmabook’s Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a person under 18 without appropriate legal basis, we will take reasonable steps to delete such data.

If you believe a minor has provided us personal data, please contact partners@palmabook.com.

12. Security

Palmabook implements administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

Our security measures include, as appropriate:

  1. TLS 1.3 encryption for data in transit;
  2. Encryption of databases or storage volumes at rest where appropriate;
  3. Password hashing using strong one-way algorithms such as bcrypt or equivalent;
  4. Tokenized payment collection through Stripe rather than storage of full card numbers on our servers;
  5. Access controls based on least privilege;
  6. Logging, monitoring, and anomaly detection;
  7. Secure software development and change management practices;
  8. Backup and recovery controls;
  9. Vendor security diligence;
  10. Alignment with recognized control frameworks, including practices consistent with SOC 2-oriented security principles.

No method of transmission or storage is 100% secure. You are responsible for maintaining the confidentiality of your credentials and using secure devices and networks.

13. Data Breach Notification

Palmabook maintains incident response procedures designed to identify, contain, investigate, and remediate personal data incidents.

Where required by applicable law, we will:

  1. Notify the competent supervisory authority without undue delay and, where applicable under GDPR Article 33, within 72 hours after becoming aware of a notifiable personal data breach;
  2. Notify affected individuals where the breach is likely to result in a high risk to their rights and freedoms, unless an exception applies;
  3. Document relevant facts, effects, and remedial action.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, technology, legal obligations, or data practices.

14.1 Notice of Changes

If we make material changes, we will provide notice by appropriate means, which may include:

  1. Posting the updated Privacy Policy on palmabook.com;
  2. Displaying an in-product or website banner;
  3. Sending notice by email where required or appropriate.

For material changes, Palmabook intends to provide notice at least 30 days in advance where reasonably practicable and legally appropriate.

14.2 Effective Date

The “Effective Date” at the top of this Privacy Policy indicates when the current version takes effect.

15. Contact

For questions, requests, or complaints regarding this Privacy Policy or our privacy practices, contact:

Palmabook Privacy Team

Palmabook Holdings Inc

Email: partners@palmabook.com

Website: https://palmabook.com

If appointed, Palmabook’s DPO and any EU/UK representative details will be listed in this section.

Supplemental California Notice

To assist California residents, the table below summarizes categories of personal information that may be collected under the CCPA/CPRA.

Categories Collected

  1. Identifiers - name, email, phone number, IP address, account identifiers
  2. Customer Records - billing details, reservation information
  3. Commercial Information - bookings, stay history, payment status
  4. Internet or Network Activity - browsing activity, interaction with our Services
  5. Geolocation Data - approximate location inferred from IP
  6. Audio/Electronic Information - support messages, communication records
  7. Professional or Employment Information - for hosts or business contacts where relevant
  8. Sensitive Personal Information - limited identity verification or financial information as necessary for payment/KYC compliance

Business Purposes

We collect and use these categories for:

  • operating the Services,
  • processing reservations and payments,
  • customer support,
  • fraud prevention,
  • analytics,
  • marketing with consent where required,
  • legal compliance,
  • and enforcing our rights.

Disclosure

We may disclose relevant categories to:

  • payment processors,
  • cloud and infrastructure providers,
  • verification providers,
  • analytics and advertising partners,
  • OTAs and channel managers,
  • advisors and authorities,
  • and affiliated entities as reasonably necessary.

Supplemental Mexico Privacy Notice Elements

For purposes of the LFPDPPP, Palmabook informs data subjects that personal data may be processed for the primary purposes of account management, reservation administration, payment handling, fraud prevention, customer support, legal compliance, and service improvement. Secondary purposes may include marketing and analytics, subject to consent where required.

To exercise ARCO rights or revoke consent, contact partners@palmabook.com. If you consider your right to personal data protection has been harmed, you may have the right to seek recourse before the competent Mexican authority.

By using the Services, you acknowledge that you have read and understood this Privacy Policy.