1. INTRODUCTION

At Marbella Conciergerie, doing business as a Limited Liability Company registered in Wyoming, United States ("Marbella Conciergerie," "Company," "we," "us," or "our"), your privacy is important to us, and we are committed to being transparent about how we collect, use, and disclose information about you.

This Privacy Policy describes what personal information and sensitive personal information we collect, how we use it, how we disclose it, and how long we retain it when you use the following services (collectively, the "Services"):

• Our website at https://marbellaconciergerie.com/ and any related sites (the "Website");
• Our mobile application;
• Our AI-enabled personal assistant and concierge services;
• Our email communications and newsletters that you have subscribed to; and
• Anywhere we gather information from or about you and refer you to this Privacy Policy.

By using our Services, you agree to the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Services.

Marbella Conciergerie is a United States company subject to the laws of the United States. If you choose to use the Services, your personal information will be transferred to and processed in the United States and other jurisdictions where our service providers operate.

2. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

• Posting the updated Privacy Policy on our Website with a new "Last Updated" date;
• Sending notice to the email address associated with your account; or
• Providing notice through the Services.

Your continued use of the Services after we post or send notice of changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

You can see when this Privacy Policy was last updated by checking the date at the top of this page.

3. CHILDREN'S PRIVACY

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. By using our Services, you represent and warrant that you are at least 18 years old.

If we learn that we have collected personal information from a person under 18 without verification of parental consent, we will delete that information promptly. If you believe we have collected information from someone under 18, please contact us at [email protected].

4. INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT

We collect information from and about users of our Services in three ways:

1. Directly from you when you provide it to us
2. Automatically as you use the Services
3. From data we create or generate based on your use of the Services

4.1 INFORMATION YOU PROVIDE DIRECTLY

When you create an account, make a booking request, contact us, or otherwise interact with our Services, we may collect:

Identifiers:

• Name
• Email address
• Phone number
• Username
• Billing address
• Mailing address

Payment Information:

• Payment card details (processed and stored by Stripe; we do not directly store complete payment card information)
• Billing information
• Transaction history

Profile and Preference Data:

• Password (encrypted)
• Membership tier (e.g., Founding Member status)
• Dietary restrictions and preferences
• Favorite venues and preferences
• Travel preferences
• Communication preferences
• Language preferences

Identity Verification Data (Sensitive Personal Information):

• Government-issued ID or passport copies (collected only for Know Your Customer (KYC) compliance or when required by hotels/venues for reservations)
• Date of birth
• Nationality

Communications and Content Data:

• Messages you send to us through the Services
• Customer support inquiries and correspondence
• Feedback and survey responses
• Reviews and ratings you provide
• Any other content you submit through the Services

Commercial Information:

• Booking history
• Reservation details
• Venue preferences
• Service usage history
• Purchase history

4.2 INFORMATION WE COLLECT AUTOMATICALLY

When you use our Services, we automatically collect certain information about your device and usage:

Identifiers and Device Information:

• IP address
• Device identifiers (such as MAC address, advertising ID)
• Device type and model
• Operating system type and version
• Browser type and version
• Browser language and settings
• Mobile network information

Internet and Network Activity:

• Pages you view on our Website
• Features you use in our mobile app
• Links you click
• Search queries
• Time and date of visits
• Time spent on pages
• Referring website or app
• Access times and dates
• Usage patterns and interaction with the Services

Location Information:

• General geographic location based on IP address
• Precise location (only if you grant permission through your device settings)

Cookie and Tracking Data:

• Information collected through cookies, web beacons, pixels, and similar technologies (see Section 5 below)

4.3 INFORMATION WE CREATE OR GENERATE

We may infer or generate new information from the data we collect, including:

Inferences:

• Preferences and interests
• Characteristics and behavior patterns
• Predicted venue preferences
• Service recommendations
• Travel patterns

When you are asked to provide personal information, you may decline. However, if you choose not to provide information that is necessary for certain services or features, those services or features may not be available or fully functional.

5. COOKIES, WEB BEACONS, AND OTHER TECHNOLOGIES

We, our service providers, and third parties use cookies, web beacons, pixels, and other tracking technologies (collectively, "Technologies") to collect information and improve your experience with our Services.

5.1 WHAT TECHNOLOGIES DO WE USE?

Cookies (Browser Cookies): Small text files placed on your device by websites you visit. Cookies help us recognize your browser and remember information about your visits.

Types of Cookies We Use:

• Essential Cookies: Necessary for the Services to function properly (e.g., authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with our Services
• Advertising Cookies: We do not currently use advertising cookies, but we reserve the right to do so in the future with notice

Web Beacons (Tracking Pixels): Small electronic files embedded in web pages or emails that allow us to count users who have visited pages or opened emails, and to collect related statistics.

JavaScript Tracking Tools: Code that runs in your browser to collect usage data and enable certain features.

Local Storage: Technology that allows us to store data locally on your device.

5.2 SPECIFIC TECHNOLOGIES WE USE

We use the following third-party services that employ Technologies:

• Google Analytics: Web analytics service to understand user behavior and improve our Services
• Mixpanel: Product analytics platform to track user interactions
• Hotjar: Behavior analytics and user feedback service
• Resend & Flodesk: Email delivery and marketing platforms that may use web beacons in emails

5.3 HOW WE USE TECHNOLOGIES

We and our service providers use Technologies to:

• Authenticate users and prevent fraud
• Remember your preferences and settings
• Analyze how our Services perform and how users interact with them
• Understand user behavior and usage patterns
• Develop inferences about preferences and interests
• Improve our Services and develop new features
• Measure the effectiveness of our communications
• Provide customer support
• Comply with legal obligations

5.4 THIRD-PARTY USE OF TECHNOLOGIES

Third-party service providers may use Technologies on our Services for analytics and other purposes. These third parties may combine information collected across multiple websites and services.

Important: We do not currently use third-party advertising networks or engage in targeted advertising. However, analytics providers may collect data that could be used for other purposes as described in their own privacy policies.

5.5 YOUR CHOICES ABOUT TECHNOLOGIES

Browser Settings: Most web browsers allow you to control cookies through settings. You can typically:

• View what cookies are stored
• Delete existing cookies
• Block cookies from being set
• Set preferences for specific websites

Note that disabling cookies may affect the functionality of our Services.

Do Not Track: Some browsers have "Do Not Track" (DNT) features. Our Services do not currently respond to DNT signals, as there is no common industry standard for how to interpret them.

Email Web Beacons: You can prevent automatic downloading of images in emails through your email client settings, which will prevent us from collecting certain data via web beacons.

6. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

• Service Delivery
• • Purpose: To provide and deliver the Services, including facilitating reservations, managing your membership, and providing concierge assistance.
  • Data Used: Identifiers, Payment Information, Profile Data, Identity Verification Data, Communications Data, Commercial Information, Device Information, Internet Activity, Inferences.
  • Legal Basis: Contractual Necessity.
• Account Management
• • Purpose: To create and manage your account, authenticate you, and maintain your profile.
  • Data Used: Identifiers, Profile Data, Device Information.
  • Legal Basis: Contractual Necessity.
• Payment Processing
• • Purpose: To process transactions, handle billing, and prevent fraud.
  • Data Used: Identifiers, Payment Information, Commercial Information, Device Information.
  • Legal Basis: Contractual Necessity, Legal Obligation.
• Communications
• • Purpose: To send you transactional updates, confirmations, security alerts, booking confirmations, and administrative messages.
  • Data Used: Identifiers, Communications Data, Commercial Information.
  • Legal Basis: Contractual Necessity, Legal Obligation.
• Marketing (Opt-In Only)
• • Purpose: To send you promotional communications about our Services, special offers, and new features (only if you have provided explicit consent).
  • Data Used: Identifiers, Profile Data, Commercial Information, Inferences.
  • Legal Basis: Consent.
• Customer Support
• • Purpose: To respond to your requests, provide assistance, and resolve issues.
  • Data Used: Identifiers, Communications Data, Profile Data, Commercial Information, Device Information.
  • Legal Basis: Contractual Necessity, Legitimate Interest.
• Security and Fraud Prevention
• • Purpose: To protect the security of our Services, prevent fraud and abuse, verify identity, and detect suspicious activity.
  • Data Used: All categories of information we collect.
  • Legal Basis: Legal Obligation, Legitimate Interest.
• Legal Compliance
• • Purpose: To comply with applicable laws, regulations, legal processes, and governmental requests.
  • Data Used: All categories of information we collect.
  • Legal Basis: Legal Obligation.
• Business Operations
• • Purpose: To operate our business, including internal auditing, diagnostics, troubleshooting, data analysis, testing, research, and statistical purposes.
  • Data Used: Identifiers, Commercial Information, Device Information, Internet Activity, Inferences.
  • Legal Basis: Legitimate Interest.
• Service Improvement
• • Purpose: To improve, develop, and enhance our Services, develop new features, and conduct research.
  • Data Used: Identifiers, Profile Data, Communications Data, Commercial Information, Device Information, Internet Activity, Inferences.
  • Legal Basis: Legitimate Interest.
• Personalization
• • Purpose: To personalize your experience, provide recommendations, and tailor content to your preferences.
  • Data Used: Identifiers, Profile Data, Commercial Information, Internet Activity, Inferences.
  • Legal Basis: Legitimate Interest, Consent.
• Analytics and Research
• • Purpose: To understand how users interact with our Services and analyze usage patterns.
  • Data Used: Device Information, Internet Activity, Commercial Information, Inferences.
  • Legal Basis: Legitimate Interest.
• AI and Machine Learning
• • Purpose: To train and improve our AI assistant using Google Gemini (data is processed according to Google's AI usage policies).
  • Data Used: Communications Data, Profile Data, Commercial Information, Inferences.
  • Legal Basis: Legitimate Interest, Consent.

Note on Legal Bases: For users in the European Economic Area (EEA) or United Kingdom (UK), we rely on the legal bases listed above under GDPR and UK GDPR. For users in other jurisdictions, we process your information as described in this Privacy Policy and as permitted by applicable law.

7. DISCLOSURE OF YOUR INFORMATION

We disclose your personal information with your consent or as necessary to provide the Services you have requested. We also disclose information to the following categories of recipients for the business purposes described below:

7.1 VENUES AND PARTNERS

Who: Restaurants, clubs, hotels, lounges, transportation providers, and other venues or service providers What We Share: Name, contact information, reservation details, special requests, preferences, dietary restrictions, and (when required) identity verification documents Why: To facilitate your bookings and ensure venues can provide the requested services Legal Basis: Contractual Necessity

7.2 SERVICE PROVIDERS

We share information with vendors and service providers who perform services on our behalf:

Payment Processing:

• Stripe - Payment processing, fraud prevention, transaction management
• Information Shared: Payment information, identifiers, transaction details

Infrastructure and Hosting:

• Amazon Web Services (AWS S3) - Cloud storage and hosting
• Hetzner - Server hosting
• Information Shared: All categories of information as needed for hosting services

Email Services:

• Resend - Transactional email delivery
• Flodesk - Marketing email campaigns (opt-in only)
• Information Shared: Identifiers, communications preferences, email content

Analytics:

• Google Analytics - Website and app analytics
• Mixpanel - Product analytics
• Hotjar - User behavior analytics
• Information Shared: Device information, internet activity, identifiers (pseudonymized where possible)

Database and Storage:

• MongoDB - Customer data storage and management
• Information Shared: All categories of information as needed for database services

AI Processing:

• Google Gemini - AI-powered assistant features
• Information Shared: Communications data, profile data, booking information (processed according to Google's AI usage policies)

Security and Fraud Prevention:

• Various security service providers
• Information Shared: Device information, internet activity, identifiers

7.3 LEGAL AND COMPLIANCE

Government and Law Enforcement: We may disclose information when required by law or in response to:

• Valid legal processes (subpoenas, court orders, search warrants)
• Government or regulatory requests
• National security requirements
• Legal obligations under applicable law

Legal Proceedings: We may disclose information in connection with legal claims, compliance, regulatory matters, and audits.

7.4 BUSINESS TRANSFERS

In connection with any merger, sale of company assets, financing, acquisition, bankruptcy, dissolution, or similar transaction or proceeding, we may transfer or disclose your information to the parties involved. You will be notified via email and/or prominent notice on our Services of any change in ownership or use of your personal information.

7.5 PROTECTION OF RIGHTS

We may disclose information when we believe it is necessary to:

• Protect the safety, rights, or property of Marbella Conciergerie, our users, or the public
• Detect, prevent, or address fraud, security, or technical issues
• Enforce our Terms of Use, policies, or other agreements
• Respond to claims of rights violations

7.6 WITH YOUR CONSENT

We may disclose your information for other purposes with your explicit consent or at your direction.

7.7 DE-IDENTIFIED AND AGGREGATED INFORMATION

We may disclose de-identified or aggregated information that cannot reasonably be used to identify you. We take commercially reasonable steps to maintain this information in de-identified form and require recipients to do the same.

Important Notes:

• We do NOT sell your personal information to third parties for monetary consideration
• We do NOT currently engage in targeted advertising or share data for cross-context behavioral advertising
• Service providers are contractually obligated to protect your information and use it only for the purposes we specify

8. INTERNATIONAL DATA TRANSFERS

Marbella Conciergerie is headquartered in Wyoming, United States. Your personal information may be transferred to, stored, and processed in:

• United States - Primary operations and AWS infrastructure
• Germany - Hetzner server hosting
• Finland - Hetzner server hosting
• Other jurisdictions - Where our service providers operate

8.1 FOR EUROPEAN ECONOMIC AREA (EEA) AND UK USERS

If you are located in the EEA or UK, please note that we transfer your personal information to countries outside the EEA/UK, including the United States, which may not provide the same level of data protection as your home country.

To ensure adequate protection of your personal information, we rely on the following safeguards:

• Standard Contractual Clauses (SCCs): We use Standard Contractual Clauses approved by the European Commission for transfers to service providers
• Adequacy Decisions: Where available, we rely on adequacy decisions by the European Commission
• Appropriate Safeguards: We implement appropriate technical and organizational measures to protect your data

You may request a copy of the safeguards we use for international transfers by contacting [email protected].

8.2 FOR ALL OTHER USERS

By using our Services, you consent to the transfer of your information to the United States and other jurisdictions as described in this Privacy Policy.

9. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

9.1 RETENTION PERIODS BY CATEGORY

Active Accounts:

• We retain information for active accounts for the duration of your relationship with us

Inactive Accounts:

• If you do not log in or use the Services for 2 years, your account will be considered inactive
• We will send notice before deletion
• Inactive account data will be deleted after 2 years of inactivity, except as required by law

Transactional and Financial Data:

• Retained for 7 years to comply with U.S. tax, accounting, and financial regulations (IRS requirements, Wyoming state law)
• Includes: Payment records, invoices, booking history, commission payments

Identity Verification Documents:

• Deleted immediately after verification is complete or booking is confirmed (typically within 24-48 hours)
• Never stored long-term unless legally required

Marketing Communications Data:

• Retained until you opt-out or request deletion
• Deleted within 30 days of opt-out request

Customer Support Communications:

• Retained for 3 years for quality assurance and legal compliance

Security and Fraud Prevention Logs:

• Retained for 1 year or as required for active investigations

Cookies and Analytics Data:

• Retained for 13-26 months depending on the specific analytics tool

9.2 DELETION UPON REQUEST

You may request deletion of your personal information at any time by contacting [email protected]. We will delete your information within 30 days unless:

• Retention is required by law
• The information is necessary for ongoing business operations (e.g., active bookings)
• We need it to defend legal claims
• You have outstanding debts or obligations to us

9.3 BACKUP AND ARCHIVAL

Please note that deleted information may remain in backup systems for a limited period (typically 90 days) before permanent deletion. We maintain secure backup procedures to ensure data recovery in case of system failure.

10. DATA SECURITY

We take the security of your personal information seriously and have implemented commercially reasonable technical and organizational measures to protect it.

10.1 SECURITY MEASURES

Encryption:

• All data in transit is encrypted using industry-standard SSL/TLS protocols
• Sensitive data at rest (including passwords and payment information) is encrypted
• Identity verification documents are transmitted via encrypted channels only

Access Controls:

• Role-based access controls limit employee and contractor access to personal information
• Multi-factor authentication for internal systems
• Regular access reviews and audits

Infrastructure Security:

• Secure hosting with AWS and Hetzner
• Regular security patches and updates
• Firewalls and intrusion detection systems
• Distributed Denial of Service (DDoS) protection

Payment Security:

• We do NOT store complete payment card information
• All payment processing is handled by Stripe, a PCI-DSS compliant payment processor
• We only store tokenized payment references

Data Minimization:

• We collect and retain only the information necessary for our purposes
• Identity documents are deleted immediately after use

Vendor Security:

• We require service providers to implement appropriate security measures
• Regular security assessments of critical vendors

10.2 LIMITATIONS

While we implement strong security measures, please understand that:

• No system is 100% secure or free from vulnerabilities
• Internet transmission is never completely secure
• You use the Services at your own risk

You are responsible for:

• Maintaining the confidentiality of your password
• Restricting access to your devices
• Signing out after using shared devices
• Notifying us immediately of any unauthorized access

10.3 SECURITY INCIDENTS

In the event of a data breach that affects your personal information, we will:

• Notify you without undue delay (typically within 72 hours)
• Notify relevant regulatory authorities as required by law
• Provide information about the breach and steps you can take to protect yourself
• Take appropriate measures to mitigate harm

If you believe your account has been compromised, contact us immediately at [email protected].

11. YOUR PRIVACY RIGHTS AND CHOICES

Depending on your location, you may have certain rights regarding your personal information. We respect these rights and provide you with ways to exercise them.

11.1 RIGHTS AVAILABLE TO ALL USERS

Access and Portability:

• You have the right to request a copy of the personal information we hold about you
• We will provide this in a structured, commonly used, machine-readable format where feasible
• How to exercise: Email [email protected]

Correction:

• You have the right to request correction of inaccurate or incomplete personal information
• You can update most information directly through your account settings
• How to exercise: Update your account settings or email [email protected]

Deletion ("Right to be Forgotten"):

• You have the right to request deletion of your personal information
• We will honor deletion requests unless we have a legal obligation or legitimate reason to retain the data
• How to exercise: Email [email protected]
• Response time: 30 days

Opt-Out of Marketing:

• You have the right to opt-out of marketing communications at any time
• How to exercise:
• • Click "Unsubscribe" at the bottom of any marketing email
  • Update preferences in your account settings
  • Email [email protected]
• Note: You will still receive transactional and service-related communications

Account Deletion:

• You may delete your account at any time
• How to exercise: Contact [email protected]
• Note: Some information may be retained as described in Section 9

11.2 VERIFICATION OF REQUESTS

To protect your privacy and security, we will verify your identity before responding to access, correction, or deletion requests. We may:

• Ask you to log into your account
• Request information that only you would know
• Send a verification email to your registered email address
• Ask for additional documentation in certain cases

11.3 AUTHORIZED AGENTS

You may designate an authorized agent to make requests on your behalf where permitted by law. We require:

• Written authorization from you
• Proof that the agent is authorized to act on your behalf
• Verification of your identity directly with us

11.4 APPEALS

If we decline your request (in whole or in part), you may appeal our decision by:

1. Replying to our response email
2. Emailing [email protected] with "Appeal" in the subject line
3. Providing additional information supporting your request

We will respond to appeals within 30 days.

11.5 NO DISCRIMINATION

You have the right to not be discriminated against for exercising any of your privacy rights. We will not:

• Deny you access to the Services
• Charge you different prices or rates
• Provide you with a different level or quality of service
• Suggest that you will receive different treatment

11.6 LIMITATIONS ON RIGHTS

In some cases, we may decline requests where:

• We cannot verify your identity
• The request is manifestly unfounded or excessive
• The information is subject to legal privilege or protected by law
• Disclosure would adversely affect the rights of others
• We are legally required to retain the information
• The request interferes with our legitimate business interests or legal obligations

12. EUROPEAN ECONOMIC AREA AND UK RESIDENTS

If you are located in the European Economic Area (EEA) or United Kingdom (UK), you have additional rights under the General Data Protection Regulation (GDPR) and UK GDPR.

12.1 DATA CONTROLLER

For the purposes of GDPR/UK GDPR, Marbella Conciergerie (Wyoming LLC) is the data controller responsible for your personal information.

Contact Information:

• Email: [email protected]
• Address: 30 N Gould St, STE R, Sheridan, WY 82801, USA

12.2 LEGAL BASES FOR PROCESSING

We process your personal information based on the following legal bases:

Contractual Necessity: Processing necessary to perform our contract with you (e.g., providing the Services, managing your account)

Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications, optional features)

Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving our Services, security, analytics), provided your rights do not override these interests

Legal Obligation: Processing necessary to comply with legal requirements (e.g., tax laws, anti-money laundering regulations)

12.3 ADDITIONAL GDPR RIGHTS

In addition to the rights listed in Section 11, EEA/UK residents have:

Right to Object:

• You have the right to object to processing based on legitimate interests or for direct marketing purposes
• How to exercise: Email [email protected]

Right to Restrict Processing:

• You can request that we limit how we use your personal information in certain circumstances
• How to exercise: Email [email protected]

Right to Withdraw Consent:

• Where processing is based on consent, you can withdraw it at any time
• This will not affect the lawfulness of processing before withdrawal
• How to exercise: Email [email protected] or update your preferences

Right to Lodge a Complaint:

• You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights

Data Protection Authorities:

• EEA: Contact your national data protection authority (list available at https://edpb.europa.eu/about-edpb/board/members_en)
• UK: Information Commissioner's Office (ICO) - https://ico.org.uk/

12.4 IMPORTANT NOTICE FOR EEA/UK RESIDENTS

Our Services are not specifically targeted at EEA/UK residents. However, if you choose to use our Services from the EEA/UK:

• Your data will be transferred outside the EEA/UK (see Section 8)
• We will protect your data using appropriate safeguards
• You have the rights described in this section

12.5 DATA PROTECTION OFFICER

As we do not systematically process sensitive data on a large scale and are not a public authority, we are not required to appoint a Data Protection Officer under GDPR. For privacy inquiries, contact [email protected].

13. CALIFORNIA RESIDENTS

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

13.1 CALIFORNIA PRIVACY RIGHTS

Right to Know: You have the right to request disclosure of:

• Categories of personal information we collect
• Categories of sources from which information is collected
• Our business or commercial purposes for collecting information
• Categories of third parties with whom we share information
• Specific pieces of personal information we have collected about you

Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.

Right to Correct: You have the right to request correction of inaccurate personal information.

Right to Opt-Out of Sale or Sharing: You have the right to opt-out of the "sale" or "sharing" of your personal information.

• Important: We do NOT sell your personal information for monetary consideration
• We do NOT share your personal information for cross-context behavioral advertising
• If this changes, we will provide a clear opt-out mechanism and update this policy

Right to Limit Use of Sensitive Personal Information: You have the right to limit our use of sensitive personal information.

• Note: We do not use sensitive personal information (identity documents) for purposes that trigger this right under California law

Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CCPA rights.

13.2 HOW TO EXERCISE YOUR CALIFORNIA RIGHTS

To exercise your rights, contact us at:

• Email: [email protected]
• Subject Line: "California Privacy Request"
• Include: Your full name, email address, and specific request

Verification: We will verify your identity before processing requests as described in Section 11.2.

Response Time: We will respond to verified requests within 45 days. If we need more time, we will notify you of the extension and the reason.

Authorized Agents: You may use an authorized agent as described in Section 11.3.

13.3 CATEGORIES OF INFORMATION COLLECTED (LAST 12 MONTHS)

• Identifiers (e.g., name, email, phone, address, IP address)
• • Source: Collected directly from you and automatically through your use of the Services.
  • Business Purpose: Used for all purposes listed in Section 6.
  • Third-Party Disclosure: Disclosed to service providers and partner venues.
• Payment Information
• • Source: Collected directly from you and via third-party payment processors.
  • Business Purpose: Used for payment processing and fraud prevention.
  • Third-Party Disclosure: Disclosed to Stripe (our payment processor).
• Commercial Information (e.g., booking history, purchase records)
• • Source: Collected directly from you and generated by us based on your activity.
  • Business Purpose: Used for service delivery, analytics, and personalization.
  • Third-Party Disclosure: Disclosed to service providers and partner venues.
• Internet/Network Activity (e.g., browsing history, usage patterns)
• • Source: Collected automatically via your device and our systems.
  • Business Purpose: Used for analytics, personalization, and security.
  • Third-Party Disclosure: Disclosed to analytics providers.
• Geolocation Data
• • Source: Collected automatically through your device permissions.
  • Business Purpose: Used for service delivery and personalization.
  • Third-Party Disclosure: Disclosed to service providers.
• Inferences (e.g., predicted preferences or characteristics)
• • Source: Generated by us based on your interactions with the Services.
  • Business Purpose: Used for personalization and service improvement.
  • Third-Party Disclosure: Disclosed to service providers.
• Sensitive Personal Information (e.g., ID documents)
• • Source: Collected directly from you.
  • Business Purpose: Used for identity verification and legal compliance.
  • Third-Party Disclosure: Disclosed to identity verification services and partner venues (when required for entry or booking).

13.4 RETENTION PERIODS

See Section 9 for detailed retention periods by category.

13.5 DO NOT SELL OR SHARE MY PERSONAL INFORMATION

We do NOT sell your personal information as defined by the CCPA. We do not disclose personal information to third parties for monetary or other valuable consideration in exchange for personal information.

We do NOT share your personal information for cross-context behavioral advertising.

If our practices change, we will:

• Update this Privacy Policy
• Provide a clear and conspicuous "Do Not Sell or Share My Personal Information" link
• Honor opt-out requests

13.6 CALIFORNIA SHINE THE LIGHT LAW

Under California's "Shine the Light" law (Civil Code Section 1798.83), California residents who have an established business relationship with us may request information about whether we have disclosed personal information to third parties for their direct marketing purposes.

We do not disclose personal information to third parties for their direct marketing purposes as defined by this law.

13.7 FINANCIAL INCENTIVES

We do not offer financial incentives or price or service differences in exchange for the retention, sale, or sharing of your personal information.

Our Founding Member promotion (waiver of $1,000 initiation fee) is not contingent upon the collection of additional personal information beyond what is necessary to provide the Services.

14. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Marbella Conciergerie
30 N Gould St, STE R
Sheridan, WY 82801
United States

Email: [email protected]
Subject Line Suggestions:

• "Privacy Question" - General inquiries
• "Data Request" - Access, deletion, or correction requests
• "California Privacy Request" - CCPA-specific requests
• "GDPR Request" - EEA/UK-specific requests
• "Appeal" - Appeal of a denied request

Response Time: We typically respond to inquiries within 5 business days and will complete data subject requests within 30 days (or 45 days for California residents when additional time is needed).

For general customer service inquiries unrelated to privacy, please contact: [email protected]

BY USING OUR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND AGREE TO ITS TERMS.