Wayloop Privacy Policy

Effective Date: June 2025

Welcome to Wayloop, a service operated by SafeTravels Pty Ltd (ABN 41 166 652 606, ACN 166 652 606) trading as "Wayloop" ("Wayloop", "we", "us", "our"). This Privacy Policy explains how we collect, use, disclose, and protect information when you use our websites, mobile applications, APIs, and related services (the "Services"). If you do not agree with this Policy, you should not use the Services.

1. Who This Policy Applies To

This Privacy Policy applies to:

  • Individual users who create Wayloop accounts
  • Tour Companies and their staff using Wayloop
  • Travellers and trip participants invited by a Tour Company
  • Visitors to our website and marketing pages

Roles (Data Controller vs Processor): For trip data and traveller information created or managed by a Tour Company, the Tour Company is the data controller and Wayloop is the data processor. For user registration/account, platform security, diagnostics, analytics, and our own marketing, Wayloop is the data controller.

2. Information We Collect

2.1 Information You Provide

  • Account information: name, email address, phone number, password or credentials.
  • Profile information: profile photo, language, preferences, role (e.g., traveller, staff).
  • Trip data: itineraries, destinations, activities, bookings, participant lists.
  • User-generated content (UGC): photos, chat messages, posts, comments, captions, attachments, polls, RSVPs.
  • Documents and profile: passports, visas, insurance details, emergency contacts, and other travel-related documents.
  • Sensitive / health information (optional): health or medical information that you add to an Emergency Profile or similar fields. We process this only with your explicit consent.

2.2 Information Collected Automatically

  • Device and technical data: device model, operating system, browser type, app version, language settings.
  • Usage and diagnostic data: logs of how you use the Services, interactions with features, crash reports, and performance diagnostics.
  • Identifiers: IP address, device identifiers, cookies, SDK identifiers, advertising identifiers (where permitted).
  • Location data (only if you opt in): precise GPS location for live sharing and safety features, background location (if enabled in your OS settings), check-ins and timestamps, and geofenced triggers if configured.

2.3 Information from Tour Companies

  • Participant and traveller lists, including contact details provided by the Tour Company.
  • Booking data and rooming lists.
  • Activity participation and RSVP information.
  • Group communications and trip configurations (e.g., itineraries, notes, reminders).
  • Emergency and safety-related information, where provided by the Tour Company.

Tour Companies are responsible for ensuring they have lawful grounds to provide this information to us.

3. How We Use Information (Legal Bases)

We use the information we collect for the following purposes and under the following legal bases:

  • Provide and operate the Services (contract): creating and managing accounts, enabling trip functionality, communications, notifications, and customer support.
  • Safety features and location sharing (consent; vital interests; legitimate interests): enabling optional live location sharing, safety check-ins, and emergency access.
  • Security, fraud prevention, abuse detection (legitimate interests; legal obligations): protecting accounts and our platform, monitoring for misuse, investigating incidents.
  • Analytics and product improvement (legitimate interests): understanding how the Services are used, improving performance, developing new features, and conducting A/B tests, using pseudonymization or aggregation where possible.
  • Marketing and upsell communications (consent where required; legitimate interests): sending product updates, feature announcements, and promotional communications. You can opt out at any time.
  • Comply with law and enforce our terms (legal obligations; legitimate interests): responding to legal requests, resolving disputes, and enforcing our agreements.

4. Sharing and Disclosure

  • Within trips: information is shared with trip participants and, where applicable, Tour Company staff according to trip settings and roles.
  • Service providers: we use third-party providers for hosting, data storage, analytics, notifications, customer support tools, and similar services. These providers are bound by contract, confidentiality, and (where applicable) a data processing agreement (DPA). Our subprocessors are listed and notified in accordance with our DPA.
  • Legal and safety: we may disclose information to comply with applicable laws, legal processes, or government requests, or to prevent harm, fraud, or security incidents.
  • Business transfers: if we are involved in a merger, acquisition, restructuring, or sale of assets, your information may be transferred as part of that transaction, subject to continued protection.
  • No sale of personal information: we do not sell personal information. We do not share your data with third parties for their own marketing purposes without your consent.

5. Location and Safety Features

  • Location sharing is opt-in. You can enable or disable it at any time in your device or in-app settings.
  • We retain location logs only for as long as needed to provide the Services, for safety and security purposes, or as required by law.
  • Wayloop's safety features are not a substitute for emergency services. In an emergency, you should contact local emergency services directly.

6. User-Generated Content and Photos

You retain ownership of the User-Generated Content (UGC) that you upload or create in Wayloop. You grant us a limited license to host, display, process, and distribute your UGC solely to provide, maintain, and secure the Services. Unless you choose otherwise, visibility of your UGC is limited to the relevant trip context and its participants.

7. Children

The Services are not directed to children under the age applicable in their country (typically 13, or 16 in the EEA/UK without parental consent). Tour Companies are responsible for ensuring they have appropriate consent and legal basis when managing trips that involve minors.

8. International Data Transfers

We may process and store information in countries other than where you live. When we transfer personal data internationally, we use appropriate safeguards, such as:

  • EU Standard Contractual Clauses (SCCs)
  • UK International Data Transfer Addendum
  • Compliance with Australian Privacy Principle (APP) 8 for cross-border disclosures
  • Data minimisation and encryption measures

9. Your Rights

Depending on your region, you may have some or all of the following rights:

  • Access your personal information
  • Request correction of inaccurate data
  • Request deletion of your data
  • Restrict or object to certain processing
  • Request data portability
  • Withdraw consent where processing is based on consent
  • Opt out of marketing communications

You can manage many settings directly in the app. For other requests, please contact us using the details in the Contact section below. We may need to verify your identity before fulfilling your request.

10. Retention

We keep personal information only as long as necessary for the purposes described in this Policy, or as required by law. Generally:

  • Trip content is retained for the active trip and a limited period thereafter (for example, around 12 months).
  • Documents (such as PDFs, passports, and visas) are typically retained for a shorter period (for example, around 3 months) after the trip, unless a different period is described in our Terms or required by law.
  • Backups and logs are retained for limited operational and security periods.

11. Security

We implement technical and organizational measures to protect your information, including encryption in transit and at rest, access controls, monitoring, and secure development practices. However, no system is completely secure, and we cannot guarantee absolute security of your information.

12. Cookies and SDKs

  • Web: we use cookies and similar technologies for essential functions (e.g., sign-in), analytics, and marketing. You can manage preferences via our cookie or consent banner where applicable.
  • Mobile: we use SDKs for analytics, crash reporting, and push notifications. You can manage many of these permissions in-app and via your device's OS settings. We honor applicable platform consent frameworks.

13. Contact

  • Privacy contact / DPO: privacy@wayloop.com / SafeTravels Pty Ltd (ABN 41 166 652 606, ACN 166 652 606), 388 Obi Obi Road, Mapleton, Queensland, 4560, Australia
  • EU representative (if required): [TBD]
  • UK representative (if required): [TBD]
  • Australia complaints: Office of the Australian Information Commissioner (OAIC)
  • EU/EEA: your local Data Protection Authority
  • UK: Information Commissioner's Office (ICO)

14. Changes

We may update this Privacy Policy from time to time. If we make material changes, we will notify you in-app, by email, or on our website. Where required by law, we will seek renewed consent. The "Effective Date" at the top of this Policy indicates when it was last updated.

We value your privacy

We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. By clicking 'Accept All', you consent to our use of cookies.

Learn more
Wayloop logo