Home Features About Privacy Terms Download App
Legal

Privacy Policy

Last updated: 24 June 2024  ·  Effective date: 24 June 2024

1. Introduction

Welcome to Wondermates ("we," "us," or "our"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

Please read this policy carefully. If you disagree with its terms, please discontinue use of our Service. By using Wondermates, you consent to the data practices described in this policy.

This policy complies with the General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and applicable Google Play and Apple App Store requirements.

2. Data Controller

Wondermates is the data controller responsible for your personal data. If you have any questions or concerns about our use of your personal information, please contact us at:

Email: ajarayaitservices@gmail.com
App Name: Wondermates
Developer: Ajaraya IT Services & Consultancy

3. Information We Collect

We collect information you provide directly to us, as well as information we collect automatically when you use our Service.

3.1 Information You Provide

  • Account registration: name, email address, date of birth, and password when you create an account.
  • Profile information: profile photo, bio, nationality, languages spoken, and travel preferences.
  • Selfie verification: a selfie photo submitted for identity verification. This is processed by our verification system and is not stored beyond the verification process.
  • Trip information: destinations, travel dates, trip descriptions, and group preferences you create or join.
  • Communications: messages you send through our in-app chat system.
  • Payment information: if you subscribe to Wondermates Pro, payment is processed by our third-party payment provider (e.g., Apple, Google, Stripe). We do not store your card details.
  • Support requests: information you provide when you contact us for help.

3.2 Information We Collect Automatically

  • Device information: device type, operating system, unique device identifiers, and mobile network information.
  • Usage data: pages viewed, features used, swipe actions, session duration, and crash reports.
  • Location data: approximate location (city/country level) to suggest relevant trips. We do not track your precise GPS location without explicit consent.
  • Log data: IP address, access times, referring URLs, and browser type (for web users).
  • Cookies and similar technologies: we use cookies and local storage to maintain sessions and remember preferences. See Section 10 for details.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To create and manage your account and provide the Service.
  • To match you with other travelers heading to the same destination.
  • To enable in-app group chat and trip planning features.
  • To verify your identity through our selfie badge system.
  • To process payments for Pro subscriptions.
  • To send you service notifications, match alerts, and chat messages.
  • To send marketing communications where you have opted in (you can opt out at any time).
  • To analyse usage trends and improve the Service.
  • To detect and prevent fraud, abuse, and violations of our Terms.
  • To comply with legal obligations.

Our legal bases for processing under GDPR are: contract performance (providing the Service), legitimate interests (improving and securing the Service), consent (marketing), and legal obligation (compliance).

5. How We Share Your Information

We do not sell your personal data. We may share information in the following circumstances:

  • With other users: your profile information, name, photo, and trip details are visible to other Wondermates users as part of the core Service.
  • With service providers: we use trusted third-party vendors to help operate our Service (e.g., cloud hosting, analytics, payment processing, push notifications). They are bound by data processing agreements.
  • For legal reasons: we may disclose information if required by law, court order, or to protect the rights, safety, or property of Wondermates or others.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you beforehand.

6. Third-Party Services

Our Service uses the following third-party services, each governed by their own privacy policies:

  • Firebase (Google): authentication, database, and push notifications — Firebase Privacy
  • Google Analytics / Firebase Analytics: usage analytics — Google Privacy Policy
  • Apple / Google Play: payment processing for in-app purchases.
  • Sentry: crash reporting and error monitoring.

We encourage you to review the privacy policies of any third-party services you interact with through Wondermates.

7. Data Storage & Retention

Your data is stored on secure servers hosted primarily within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g., to our US-based service providers), we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs).

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account:

  • Your profile and trip data will be permanently deleted within 30 days.
  • Chat messages may be retained for up to 90 days to allow other users to export their own chat history.
  • Certain financial records may be retained for up to 7 years as required by law.
  • Aggregated, anonymised analytics data may be retained indefinitely.

8. Data Security

We implement industry-standard security measures to protect your personal information, including:

  • End-to-end encryption for in-app messages.
  • TLS/SSL encryption for all data in transit.
  • AES-256 encryption for data at rest.
  • Regular security audits and penetration testing.
  • Strict access controls — only authorised personnel can access your data.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach, we will notify affected users and relevant authorities as required by law within 72 hours.

9. Your Rights Under GDPR

If you are located in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:

  • Right to access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): request deletion of your personal data, subject to legal obligations.
  • Right to restriction: request that we restrict processing of your data in certain circumstances.
  • Right to data portability: receive your personal data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.
  • Right to lodge a complaint: you have the right to complain to your national data protection authority.

To exercise any of these rights, please email us at ajarayaitservices@gmail.com. We will respond within 30 days.

10. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to:

  • Keep you logged in (essential cookies).
  • Remember your preferences.
  • Analyse website traffic and usage (analytics cookies).
  • Deliver relevant marketing (where consented).

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our website. The mobile app uses local storage and device identifiers for similar purposes.

11. Children's Privacy

Wondermates is not directed at or intended for use by children under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information. If you believe we have inadvertently collected such information, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date at the top. For significant changes, we will send an in-app notification or email. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

📧 Email: ajarayaitservices@gmail.com
🌐 Website: Contact Page

We are committed to resolving any complaints about our collection or use of your personal data. We will respond to your request within 30 days.