Skip to main content

Privacy Policy

Last updated: 9 April 2026

1. Introduction

Touringuide (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Touringuide Australia website (“touringuide.com”) and related services (collectively, the “Service”).

We comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and, where applicable, the General Data Protection Regulation (GDPR) for users in the European Economic Area.

2. Information We Collect

2.1 Information You Provide

  • Account information: Email address, display name, password (stored as a secure hash, never in plain text), traveller type, home state, and travel interests
  • Profile information: Avatar image (if uploaded)
  • Trip data: Trip names, descriptions, dates, stops, routes, notes, booking references, vehicle and caravan selections, and weight calculations
  • Community content: Posts, comments, reviews, and photos you submit
  • Marketplace listings: Listing details for caravans, vehicles, or gear you list for sale
  • Payment information: Processed and stored securely by Stripe, our payment provider. We store only your Stripe customer ID, subscription status, and non-sensitive payment method details (card brand, last 4 digits, expiry month/year). We never store full card numbers, CVVs, or bank account details
  • Communications: Messages sent via in-app messaging, concierge requests, and support emails
  • Newsletter preferences: Whether you have opted in to receive marketing emails

2.2 Information Collected Automatically

  • Usage analytics: Pages visited, scroll depth, engagement time, and navigation patterns. We use our own analytics system — not Google Analytics or other third-party analytics trackers
  • Device information: Device type (mobile/desktop/tablet) and screen width
  • Session data: A randomly generated session identifier that does not personally identify you
  • IP address: We hash (SHA-256) your IP address for rate limiting and fraud prevention. We do not store your raw IP address
  • Referral data: Referrer URL, UTM parameters (source, medium, campaign), and referral codes
  • Error logs: Technical error data to help us diagnose and fix issues with the Service

2.3 Information from Third Parties

  • Google OAuth: If you sign in with Google, we receive your email address, name, and profile picture from Google. We do not access your Google contacts, calendar, or other Google services
  • Stripe: Payment confirmation, subscription status, and invoice details

2.4 Visa Enquiry Information

If you submit a visa enquiry through one of our visa pages, we collect the information you provide on the enquiry form, which may include:

  • Full name, email address, and (optionally) phone number
  • Country of citizenship and current visa status
  • A short free-text description of your situation
  • The visa subclass or category your enquiry relates to
  • Whether you ticked the disclosure / marketing consent boxes

We use this information solely to refer your enquiry to one practitioner from our panel of registered Australian immigration solicitors and MARA-registered Migration Agents. The full referral process and your rights are set out in our Visa Referral Disclosure.

3. How We Use Your Information

We use your personal information to:

  • Provide, maintain, and improve the Service
  • Process subscriptions, payments, and refunds
  • Personalise your experience (e.g., trip suggestions, nearby listings)
  • Power AI features (Trip Planner, Booking Agent, Trip Manager) using your trip context and preferences
  • Send transactional emails (subscription confirmations, payment receipts, password resets)
  • Send marketing emails if you have opted in (you can unsubscribe at any time)
  • Facilitate concierge services for Ultimate plan subscribers
  • Monitor and prevent fraud, abuse, and security threats
  • Analyse usage patterns to improve the Service (using aggregated, non-identifying data)
  • Comply with legal obligations

4. AI Features & Your Data

Our AI-powered features (Trip Planner, Booking Agent, Trip Manager) process your trip data, preferences, and conversation history to provide personalised assistance. This processing is performed using third-party AI services (Anthropic Claude).

  • AI conversations are logged for quality monitoring and service improvement
  • We record token usage (input/output) for each conversation for billing and performance monitoring
  • Your conversation data is not used to train third-party AI models
  • You can delete your chat history by contacting support

5. Cookies & Tracking Technologies

We use the following cookies and similar technologies:

  • Essential cookies: Session authentication tokens (NextAuth), CSRF protection. These are strictly necessary for the Service to function and cannot be disabled
  • Referral cookies: Referral code attribution (stored temporarily when you arrive via a referral link)
  • Advertising cookies (Free tier only): Google AdSense uses cookies to serve relevant advertisements to Free tier users. Paid subscribers do not receive ads and these cookies are not set for paid accounts. You can manage Google ad personalisation at adssettings.google.com

We do not use third-party analytics trackers such as Google Analytics, Facebook Pixel, or similar services. Our analytics are first-party and privacy-focused.

6. Third-Party Services

We share your information with the following third-party services, only as necessary to operate the Service:

  • Stripe (payments): Processes your payment information securely. Subject to Stripe's Privacy Policy
  • Resend (email): Delivers transactional and marketing emails on our behalf
  • Anthropic (AI): Processes AI chat conversations. Subject to Anthropic's Privacy Policy
  • Tigris / Fly.io (hosting & storage): Hosts the Service and stores uploaded media files
  • Google (maps, OAuth, AdSense): Provides map services, authentication, and advertising
  • Immigration practitioner panel (visa enquiries): If you submit a visa enquiry, we share the enquiry information described in section 2.4 with one practitioner from our panel of Australian Legal Practitioners and MARA-registered Migration Agents. We may receive a referral fee — see our Visa Referral Disclosure for details. We share each enquiry with one practitioner only.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

7. Data Storage & Security

Your data is stored on servers located in the Sydney, Australia region (Fly.io Sydney). We implement appropriate technical and organisational measures to protect your personal information, including:

  • Passwords are hashed using bcrypt (never stored in plain text)
  • IP addresses are hashed using SHA-256
  • HTTPS encryption for all data in transit
  • Rate limiting on authentication endpoints to prevent brute-force attacks
  • Role-based access controls for administrative functions
  • Payment data handled exclusively by PCI-compliant Stripe infrastructure

While we take reasonable steps to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

8. Data Retention

  • Account data: Retained while your account is active and for a reasonable period after deletion to comply with legal obligations
  • Trip and chat data: Retained while your account is active. Deleted upon account deletion request
  • Payment records: Retained for 7 years as required by Australian tax law
  • Analytics data: Session-level analytics are retained for up to 24 months, then aggregated or deleted
  • Error logs: Automatically cleaned up after 90 days
  • Email notification logs: Retained for 12 months for deliverability monitoring
  • Visa enquiry records: Retained for 24 months from the date of your last contact, then permanently deleted, unless the matter has been converted into an active engagement with a practitioner in our panel

9. Your Rights

Under Australian privacy law and applicable regulations, you have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete personal information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Data portability: Request your trip data and account information in a machine-readable format
  • Opt out of marketing: Unsubscribe from marketing emails at any time using the link in any marketing email, or by contacting us
  • Withdraw consent: Where processing is based on consent, you may withdraw consent at any time

To exercise any of these rights, contact us at support@touringuide.com. We will respond to your request within 30 days.

9.1 Additional Rights for EU/EEA Users (GDPR)

If you are located in the European Economic Area, you also have the right to:

  • Object to processing of your personal data
  • Request restriction of processing
  • Lodge a complaint with your local data protection authority

10. Children's Privacy

The Service is not directed at children under 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@touringuide.com and we will promptly delete such information.

11. International Data Transfers

Your data is primarily stored in Australia (Sydney region). However, some of our third-party service providers may process data in other countries (e.g., Stripe and Anthropic operate servers in the United States). Where data is transferred internationally, we ensure appropriate safeguards are in place, including contractual protections consistent with applicable privacy laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email and update the “Last updated” date at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

13. Complaints

If you believe we have breached the Australian Privacy Principles or your privacy rights, you may lodge a complaint with us at support@touringuide.com. We will investigate and respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

14. Contact Us

For any privacy-related questions or requests, please contact us at: