Privacy Policy

Last updated: May 6, 2026

This Privacy Policy describes how Xpo8 Limited ("we", "us", "our", or "the Company") collects, uses, shares, retains, and protects information when you use the VeniceXplorer website at https://venicexplorer.com and the VeniceXplorer mobile application for iOS and Android (collectively, the "Service"). It also tells you about your privacy rights and how the law protects you.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

1. Interpretation and Definitions

Interpretation

Words with capitalized initials have the meanings defined below. Definitions apply equally in singular and plural form.

Definitions

For the purposes of this Privacy Policy:

Account means the unique account created for you to access the Service or parts of it.
Application or App means the VeniceXplorer mobile application provided for iOS and Android.
Company (referred to as "the Company", "We", "Us", or "Our") refers to Xpo8 Limited, the operator of the VeniceXplorer Service.
Cookies are small files placed on your computer, mobile device, or any other device by a website.
Country refers to Italy, the principal country in which the Service operates and to whose users it is primarily directed.
Device means any device that can access the Service, including a computer, smartphone, or tablet.
Personal Data is any information that relates to an identified or identifiable individual.
Service refers collectively to the Website and the Application.
Service Provider (also referred to as a Processor) means any natural or legal person who processes data on behalf of the Company to facilitate the Service, perform Service-related functions, or assist us in analyzing how the Service is used. Service Providers process Personal Data only on our documented instructions.
Travel-Fulfillment Partner means a third party that you book travel products or services through using checkout flows embedded in the Service. These partners are independent controllers of the booking they fulfill on your behalf and are identified in Section 6 below.
Usage Data refers to data collected automatically, either generated by your use of the Service or from the Service infrastructure itself.
Website refers to VeniceXplorer, accessible from https://venicexplorer.com.
You means the individual accessing or using the Service, or the company or other legal entity on whose behalf such individual is accessing or using the Service.

2. Information We Collect

2.1 Information You Provide Directly

When you create an Account, contact us, or use certain features, we may ask you to provide:

Identity and contact information: first name, last name, email address, and (where you choose to provide it) phone number.
Account credentials: password (stored as a salted hash by our identity provider; we do not have access to your plaintext password).
Profile information: optional preferences, language, and any content you voluntarily add to your profile.
Saved items and favorites: places, tours, experiences, and itineraries you save in the App (see Section 9).
Support requests: the content of any message you send to us, including diagnostic details you choose to include.

2.2 Information Collected Automatically (Usage Data)

When you use the Service, we automatically collect certain technical information, including:

Device and connection data: IP address, device type and model, mobile device identifiers (such as the iOS IDFV or Android Advertising ID where you have allowed it), operating system and version, browser type and version, app version, and language settings.
Service interaction data: pages or screens viewed, features used, time and date of access, time spent on screens, referring URL, and similar diagnostic data.
Crash, performance, and error logs: stack traces, breadcrumbs (recent in-app actions leading up to an event), and performance metrics when the App encounters an error or slow operation. See Section 8.

2.3 Information Collected via Mobile App Permissions

The App requests certain device permissions only when needed for a specific feature. Permissions are described in Section 3.

2.4 Tracking Technologies and Cookies (Website)

We use Cookies and similar tracking technologies on the Website to track activity and store certain information.

Cookies or Browser Cookies. A cookie is a small file placed on your Device. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. If you do not accept Cookies, you may not be able to use some parts of the Website.
Web Beacons. Certain sections of the Website and our emails may contain small electronic files (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email.

We use both Session and Persistent Cookies for the following purposes:

Necessary / Essential Cookies (Session, administered by us) — required to authenticate users, maintain your session, and prevent fraudulent use of accounts.
Cookie Notice Acceptance Cookies (Persistent, administered by us) — record whether you have accepted our cookie notice.
Functionality Cookies (Persistent, administered by us) — remember choices you make, such as your language preference or login state.

The mobile App does not use browser Cookies. It uses local secure storage to retain your sign-in session and preferences on the device.

3. Mobile App Permissions

The App requests device permissions only when they are needed to provide a feature you have asked for. You can revoke any permission at any time through your operating system settings.

3.1 Location (Foreground Only)

The App uses location only while it is open and on screen ("foreground" or "while in use"). It does not track your location in the background, when the App is closed, or when your device is locked.

What is collected

Approximate (coarse) location — used to position the map near you when you first open it and to surface results that are broadly relevant to where you are.
Precise (fine) location — used only when you have explicitly granted "Precise Location" and you actively use a feature that requires it.

How we use it

Foreground location is used solely for the following purposes:

Map positioning — centering the map on your current position so you can orient yourself in Venice.
Turn-by-turn navigation — guiding you between points of interest you have selected.
Rerouting — recalculating your route if you deviate from the suggested path.
Location-aware search — surfacing nearby tours, experiences, restaurants, and points of interest in response to a search you initiate.

Your control

Location access is optional. The App will work without it; only features that depend on your real-world position will be limited or unavailable.
The App will not request location until you tap a feature that needs it (for example, the "use my location" button on the map or the navigation control).
You can turn location off at any time in iOS Settings → VeniceXplorer → Location or Android Settings → Apps → VeniceXplorer → Permissions → Location.
We do not store a continuous history of your locations on our servers. Location is processed on-device for the active feature; only the minimum data needed to fulfill a search or routing request is sent to our service providers (for example, a single coordinate sent to a map tile or routing API to retrieve directions).

3.2 Other Permissions

The App may request the following permissions only when you use the relevant feature:

Camera and Photo Library — only if you choose to upload a profile photo or share an image with support. We do not access your photo library otherwise.
Notifications — only if you opt in. Used to deliver booking confirmations, itinerary reminders, and service updates. You can disable notifications at any time in your device settings.

We do not request access to your contacts, microphone, calendar, SMS, call logs, or files outside of the directly used feature.

4. How We Use Your Personal Data

We use your Personal Data for the following purposes, on the legal bases noted in Section 14:

To provide and maintain the Service, including monitoring its usage and ensuring it functions correctly on your device.
To manage your Account — to register and authenticate you and to give you access to features available to registered users.
To fulfill bookings and contracts — to facilitate purchases of tours, experiences, hotel stays, transportation, and other travel services through our Travel-Fulfillment Partners (see Section 6).
To contact you — by email, phone, SMS, or in-app push notifications regarding bookings, account matters, security updates, or service-related communications.
To provide news, special offers, and information about goods, services, and events similar to those you have purchased or enquired about, unless you have opted out.
To manage your requests — to attend to and resolve support enquiries.
For analytics and product improvement — to understand how the Service is used and to improve features, performance, and reliability (see Section 8).
For security, fraud prevention, and to protect rights — to detect and prevent abuse, unauthorized access, and other harmful activity.
For business transfers — in connection with a merger, acquisition, restructuring, or sale of assets, in which case we will provide notice as described in Section 12.
To comply with legal obligations — including tax, accounting, anti-money-laundering, and consumer-protection requirements applicable to bookings made through the Service.

5. Service Providers (Processors)

We rely on a small number of trusted Service Providers (also called Processors) to operate the Service. These providers process Personal Data only on our documented instructions and under contractual confidentiality and security obligations. They are not permitted to use your data for their own purposes.

5.1 AWS Amplify and Amazon Cognito (Identity, Hosting, and Backend)

Provider: Amazon Web Services, Inc.
Role: Service Provider / Processor
What is processed: account identifiers (user ID), email address, hashed credentials, sign-in tokens, and backend API request metadata.
Purpose: account registration and authentication, session management, password reset, and hosting of backend services that power the App.
Data location: AWS regions used to host the Service. Data may be processed in the European Union and other AWS regions where the Service is hosted.

5.2 Sentry (Crash, Performance, and Diagnostic Monitoring)

Provider: Functional Software, Inc. d/b/a Sentry
Role: Service Provider / Processor
What is processed: crash reports, error stack traces, breadcrumbs, performance traces, app version, OS version, device model, and a pseudonymous user identifier where the App is signed in.
Purpose: to detect, diagnose, and fix crashes, errors, and performance regressions in the App and Website.
Retention: Sentry retains event data according to its own retention schedule (typically 30 to 90 days for events on standard plans). We configure retention to the shortest period that allows us to investigate recurring issues. Aggregated, non-identifying metrics may be retained longer.
See Section 8 for more on diagnostics.

5.3 PostHog (Product Analytics)

Provider: PostHog Inc.
Role: Service Provider / Processor
What is processed: pseudonymous user identifier, app version, OS version, device type, screen views, feature interactions (button taps, search submissions, booking-flow stages), and similar product-usage events. We do not send PostHog the contents of your messages, payment details, or precise location.
Purpose: to understand which features are used, where users encounter friction, and how to improve the Service.
See Section 8 for more on analytics.

5.4 Map, Routing, and Communications Providers

The Service uses standard map, routing, and transactional email/SMS providers (for example, to render map tiles, compute directions, and send booking confirmations). These providers receive only the data necessary to fulfill the requested function (for example, a single coordinate for a routing query, or your email address to send a confirmation).

6. Travel-Fulfillment Partners

When you book a tour, ticket, hotel, transfer, or other travel product through the App or Website, that booking is fulfilled by a third-party travel partner. These are Travel-Fulfillment Partners, not generic third-party data recipients: their role is to fulfill the specific booking you have requested, on your behalf.

We do not sell your data to these partners, and we do not share your data with them for their own marketing.

6.1 Viator and TripAdvisor Media Group ("TAMG") — Tours, Activities, and Experiences

Role: independent controller for the booking it fulfills.
What is shared at checkout: information necessary to complete the booking, which typically includes:
- First and last name
- Email address
- Phone number
- Billing address, country, and postal code
- Payment information (card details or equivalent)
- The selected tour, date, time, traveler count, and any traveler-specific information required by the supplier (for example, hotel pickup location or dietary preference where requested)
How it is shared: the checkout experience is presented within the App via Viator/TAMG's hosted booking flow. Payment information is collected and processed by Viator/TAMG and their payment processors; we do not store full card numbers on our servers.
Purpose: to fulfill the booking, issue tickets/vouchers, communicate with you about the booking, and meet the supplier's operational requirements.
Their privacy practices: Viator/TAMG processes the data it receives under its own privacy policy, which we encourage you to review.

6.2 Xeni — Hotel and Car Search and Booking

Role: travel-fulfillment platform that returns inventory and processes bookings for hotels and rental cars.
What is shared at the search stage: search parameters only — for example, destination, check-in / check-out dates, number of guests, room or vehicle type. No personal identifiers are sent at the search stage beyond what is necessary for a stateless query.
What is shared at the booking stage: information necessary to complete the booking, which typically includes:
- First and last name (and additional traveler names where applicable)
- Email address
- Phone number
- Billing address, country, and postal code
- Payment information
- Booking-specific details such as room preferences, driver's license details for car rentals (where required by the supplier), and arrival information
Purpose: to confirm availability, place the reservation with the underlying supplier (hotel chain, car rental company, etc.), issue confirmations, and facilitate any modifications or cancellations.
Their privacy practices: Xeni and its underlying suppliers process the data they receive under their own privacy policies and the supplier's terms.

6.3 What this means for your data

We share with Travel-Fulfillment Partners only what is needed to fulfill your booking.
The booking confirmation, cancellation, and any post-booking customer service for hotel and tour bookings are handled by the partner or its supplier; you may receive communications directly from them.
A record of your booking (such as confirmation number, date, supplier, and amount) is retained by us so we can support you and meet our legal obligations (see Section 11).

7. Payments and Billing

No Google Play Billing or Apple In-App Purchase. The App does not sell digital goods through Google Play Billing or Apple's In-App Purchase. Items purchased in the App are real-world travel services (tours, tickets, hotel stays, transfers, experiences, concierge services) supplied by Travel-Fulfillment Partners and their underlying suppliers.
Payment processing. Payments for these real-world travel services are processed by the Travel-Fulfillment Partner and its payment processors at checkout. We do not store full payment card numbers on our own systems.
Concierge and direct services. For services billed directly by VeniceXplorer (such as concierge bookings handled by us), payment is processed by a PCI-compliant payment processor. We retain only the limited transaction metadata (such as last four digits of the card, transaction ID, amount, and date) needed to identify the transaction and meet our legal obligations.

8. Analytics and Diagnostics

We use product analytics and diagnostic tools to keep the App reliable and to make it better. These tools are provided by the Service Providers identified in Section 5.

8.1 PostHog — Product Analytics

When it is active: PostHog is configured for the App. If product analytics are disabled in your build or by configuration, no events are sent.
What events are collected: screen views, feature interactions (such as taps on map controls, search submissions, and booking-flow stages), session start/stop, and a pseudonymous user identifier.
What is not collected: the contents of your support messages, payment details, the precise text of free-form fields containing personal data, or precise location.
Identifier reset on sign-out and account deletion: when you sign out of the App or delete your Account, the App resets its analytics identifier so that subsequent activity from the device is not associated with your former Account.

8.2 Sentry — Crash, Performance, and Error Diagnostics

When it is active: Sentry is enabled by default in production builds to detect crashes, exceptions, and performance regressions. Diagnostic collection happens automatically when an error or performance event occurs.
What is collected: crash and error events, stack traces, breadcrumbs (a short trail of recent in-app actions), performance traces, app version, OS version, device model, and — when you are signed in — a pseudonymous user identifier so we can confirm an issue is fixed for affected users.
What is not collected: payment details and precise location are not sent to Sentry.
Vendor retention: Sentry retains event data on its platform according to its retention configuration. We configure event retention to the shortest period that lets us investigate recurring issues — typically up to 90 days for individual error events, after which only aggregated metrics may remain.
Your control: you can disable diagnostic reporting from the App's Settings screen on supported builds.

9. Saved Items, Favorites, and Account Identifiers

9.1 Saved items and favorites

When you are signed in, the places, tours, experiences, and itineraries you save are synced to your Account on our backend so you can access them across devices.
When you are not signed in, saved items are stored locally on your device only and are not transmitted to our servers. They will be lost if you uninstall the App or clear its data.
On account deletion, server-synced saved items are removed as part of Account deletion (see Section 11). Locally stored saved items remain on your device until you uninstall the App or clear its storage.

9.2 Account identifiers and user IDs

We assign each Account a pseudonymous internal identifier (a "user ID") which we use to:

authenticate you and link your sessions on the backend,
associate your bookings, saved items, and preferences with your Account,
correlate diagnostic and analytics events with your Account so we can investigate issues you report.

This identifier is not derived from your name or email and is not shared with Travel-Fulfillment Partners.

10. Support Requests

If you contact us for support — typically by tapping a "Contact Support" link in the App that opens your device's email client — your message is delivered to our support mailbox.

What we receive: whatever you choose to include in the email — typically your name, email address, a description of the issue, screenshots you choose to attach, and any diagnostic information you include.
How it is handled: support correspondence is stored in our support mailbox and any associated ticketing system, where access is restricted to the staff who handle support and the standard mailbox retention policy applies.
Retention: support correspondence is retained for the period needed to resolve the issue and to evidence resolution if the matter recurs, and otherwise as required by law.

In-App Concierge Messaging

The Venicexplorer mobile app includes an in-app concierge chat that lets you exchange text messages with VeniceXplorer concierge staff about your trip, bookings, and on-the-ground requests.

What we collect

The text content of messages you send.
Metadata about each message (timestamp, the request thread the message belongs to, your account identifier).

How we use it

To provide concierge support, fulfill your requests, and maintain a record of the conversation for quality and dispute-resolution purposes.

Where it is stored

Messages are transmitted over HTTPS to concierge.venicexplorer.com and stored on VeniceXplorer's backend systems.
They are not shared with third parties except where necessary to fulfill a booking — for example, forwarding the relevant text to a partner such as Viator or Xeni when a booking depends on it (see §6 for partner data flows).

What the chat is not

The chat is staff-mediated only. There is no peer-to-peer messaging between users, no public posting, and no discoverable user-generated content.
In the current version of the app you cannot upload photos or videos in chat. Concierge staff may send you file attachments such as invoices or calendar items; those are downloads from us to you, not uploads from you to us.

Retention

While your account is active, your concierge chat threads are retained indefinitely so that you and our staff can refer back to past conversations about your trip.
When you delete your account (in-app via Profile > Delete Account, or by emailing privacy@venicexplorer.com), all account-linked chat threads are deleted from our backend within 30 calendar days.
Records linked to a confirmed booking, payment, or legal request may be retained for the applicable retention periods listed in §11.3.

11. Account Deletion

You can delete your Account at any time and through more than one path.

11.1 In-app deletion (recommended)

In the App:

Open Profile.
Tap Delete Account.
Confirm the deletion.

The App will issue a cleanup request to our backend. On receipt, the backend:

removes your profile, server-synced saved items, preferences, and analytics identifier mapping;
disables your sign-in credentials so the Account can no longer be accessed;
queues your booking and transactional records for the limited retention described in Section 11.3.

11.2 Email deletion

If you cannot use the in-app path, you can email privacy@venicexplorer.com from the email address associated with your Account and request deletion. We undertake to perform the deletion within one calendar month (30 days) and will send you a confirmation when it is complete. Where possible, we aim to complete the request earlier.

11.3 Records that may be retained after deletion

Some records are retained, even after Account deletion, to the extent we are required or permitted by law. These include:

Booking records — confirmation number, supplier, date, traveler name(s), and amount, retained to evidence the contract, support post-trip enquiries (such as refund or chargeback disputes), and meet consumer-protection obligations.
Payment and accounting records — the limited transaction metadata required by tax, accounting, anti-money-laundering, and similar laws in the jurisdictions in which we operate (typically up to 10 years under Italian and EU tax law).
Support correspondence — retained as described in Section 10 for the period needed to evidence resolution and meet legal obligations.
Backups — your data may persist in routine encrypted backups for a short rotational period before backups are overwritten in the ordinary course; such data is not used for any active processing.
Records required by law or legal process — any data we are required to preserve in response to a valid legal request.

Apart from these limited categories, deleted Account data is removed from our active systems and cannot be recovered.

12. How We Share Your Personal Data

We share Personal Data only as described in this Policy. Specifically:

With Service Providers (Processors) — see Section 5. They process data only on our instructions.
With Travel-Fulfillment Partners — see Section 6. They receive only what is needed to fulfill your booking.
With affiliates — including our parent company and any subsidiaries, who are required to honor this Privacy Policy.
With other users — when you choose to interact in public areas of the Service, the content you post may be visible to others.
For business transfers — your information may be transferred in connection with a merger, acquisition, financing, restructuring, or sale of assets, in which case we will give notice and the new owner will be bound by terms at least as protective as this Policy.
For legal reasons — to comply with a legal obligation, respond to valid requests by public authorities, protect our rights or property, prevent or investigate possible wrongdoing, protect the personal safety of users or the public, or protect against legal liability.
With your consent — for any other purpose disclosed to you at the time we ask for your consent.

12.1 We do not sell your Personal Data

We do not sell your Personal Data. We do not rent it, and we do not share it with third parties for their own independent advertising or marketing purposes.

13. Security of Your Personal Data

The security of your Personal Data is important to us.

Encryption in transit. All communication between the App, the Website, our backend, our Service Providers, and our Travel-Fulfillment Partners is encrypted in transit using HTTPS / TLS. The App enforces HTTPS-only connections and does not permit cleartext (HTTP) traffic to our endpoints, in line with modern Android Network Security Configuration and Apple App Transport Security requirements.
Encryption at rest. Account data and backups are stored on infrastructure that encrypts data at rest.
Access controls. Access to Personal Data within the Company is restricted to staff who need it to perform their role and is logged.
Credentials. Passwords are stored as salted hashes by our identity provider; we do not have access to plaintext passwords.
Limits. No method of transmission over the Internet or method of electronic storage is 100% secure. While we use commercially reasonable measures to protect your Personal Data, we cannot guarantee absolute security.

14. Legal Bases for Processing (EEA / UK Users)

If you are in the European Economic Area or the United Kingdom, we process your Personal Data on the following legal bases:

Performance of a contract — to provide the Service, manage your Account, and fulfill bookings you have requested.
Consent — for optional features such as location access, notifications, and any marketing communications you opt in to. You can withdraw consent at any time.
Legal obligation — to meet tax, accounting, consumer-protection, and other applicable legal obligations.
Legitimate interests — to keep the Service secure, prevent fraud, improve the Service through analytics and diagnostics, and communicate with you about your use of the Service, where these interests are not overridden by your rights.

15. Your Rights

Depending on where you live, you may have the right to:

access the Personal Data we hold about you,
request correction of inaccurate data,
request deletion of your data (see Section 11),
request restriction of, or object to, certain processing,
request a portable copy of certain data,
withdraw consent for processing based on consent,
lodge a complaint with your local data protection authority — for users in Italy, the Garante per la protezione dei dati personali (garanteprivacy.it).

To exercise these rights, contact us at privacy@venicexplorer.com. We may need to verify your identity before fulfilling certain requests.

16. Retention of Your Personal Data

We retain Personal Data only for as long as necessary to provide the Service and meet the purposes described in this Policy.

Account data — for as long as your Account is active, and as needed to comply with legal obligations or resolve disputes after closure.
Booking and transaction records — for the periods described in Section 11.3, including up to 10 years for tax and accounting records under Italian and EU law where applicable.
Support correspondence — as described in Section 10.
Diagnostic data (Sentry) — for the configured retention period on the Sentry platform, typically up to 90 days for individual events.
Product analytics data (PostHog) — for the configured retention period for raw events; aggregated non-identifying metrics may be retained longer.
Backups — for the rotational backup period and then overwritten.

17. Transfer of Your Personal Data

The Service is operated by Xpo8 Limited and is hosted on infrastructure that may be located in the European Union and other regions where our Service Providers operate. Travel-Fulfillment Partners may process booking data in the jurisdictions in which they operate.

When data is transferred outside your country of residence, we take steps to ensure it is treated securely and in accordance with this Privacy Policy, including, where required, using appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

By using the Service, you understand that your information may be transferred to and processed in countries other than your own.

18. Disclosure of Your Personal Data

18.1 Business transactions

If the Company is involved in a merger, acquisition, financing, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

18.2 Law enforcement

The Company may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (such as a court or government agency).

18.3 Other legal requirements

The Company may disclose your Personal Data in good faith where necessary to:

comply with a legal obligation,
protect and defend the rights or property of the Company,
prevent or investigate possible wrongdoing in connection with the Service,
protect the personal safety of users of the Service or the public,
protect against legal liability.

19. Children's Privacy

The Service is not directed to children under the age of 18, and we do not knowingly collect Personal Data from children under 18. If you are a parent or guardian and you believe your child has provided us with Personal Data, please contact us at privacy@venicexplorer.com and we will take steps to delete it.

If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent's consent before we collect and use that information.

20. Links to Other Websites

The Service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

21. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and, where appropriate, by email and/or a prominent notice within the Service before the change becomes effective. We will also update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes are effective when they are posted on this page.

22. Contact Us

If you have any questions about this Privacy Policy, or to exercise your privacy rights:

By email: privacy@venicexplorer.com
In the App: tap Profile → Help & Support → Contact Privacy Team.

This Privacy Policy is provided in English. Where translations exist, the English version prevails in the event of any conflict.