Last updated: March 2026
destinationlab (operated by destinationlab GmbH, Berlin, Germany) processes personal data to provide and improve our SaaS platform for travel operations. This privacy policy explains what data we collect, how we use it, and your rights under applicable data protection laws including the EU General Data Protection Regulation (GDPR). By using our platform, you consent to the practices described in this policy.
We collect the following categories of data: Account Data: β’ Name, email address, company name, and phone number Billing Data: β’ Payment method details and invoicing information Usage Data: β’ Feature usage, login timestamps, and interaction patterns Traveler Data: β’ Processed on behalf of our customers as a data processor Technical Data: β’ IP address, browser type, device information, and operating system Communication Data: β’ Support tickets, chat messages, and feedback
We use your data to: β’ Provide and maintain the destinationlab platform β’ Process payments and manage subscriptions β’ Send transactional communications (invoices, system alerts) β’ Improve product features and user experience β’ Provide customer support β’ Comply with legal obligations β’ With your consent, send marketing communications and product updates
When our customers upload traveler data, booking records, and business information to the platform, we act as a data processor under GDPR. We process this data solely according to our customers' instructions and our data processing agreement (DPA). We do not access, use, or share customer business data for our own purposes.
We do not sell personal data. We share data only with: β’ Payment Processors (Stripe, PayPal): For secure transaction processing β’ Infrastructure Providers: For hosting and service delivery β’ Analytics Providers: Anonymized usage data only, with your consent β’ Law Enforcement: Only when legally required All third-party providers are bound by data processing agreements.
We implement comprehensive security measures: β’ TLS 1.3 encryption for all data in transit β’ AES-256 encryption for data at rest β’ Row-level security (RLS) for multi-tenant data isolation β’ Role-based access controls β’ Regular security audits and penetration testing β’ Automated daily backups with point-in-time recovery β’ Two-factor authentication for admin accounts
All data is stored in EU-based data centers (Frankfurt, Germany). Retention periods: β’ Active account data: Duration of subscription plus 30 days β’ Billing records: 10 years (legal requirement) β’ Usage analytics: Anonymized after 90 days β’ Support tickets: Retained for 2 years β’ Deleted account data: Permanently removed within 30 days of the retention period
We use the following types of cookies: β’ Essential Cookies: Required for platform functionality (session management, security tokens). Always active. β’ Analytics Cookies: Only activated with your explicit consent. β’ No advertising or tracking cookies. You can manage your cookie preferences at any time through the cookie banner or your account settings.
Under GDPR and applicable laws, you have the right to: β’ Access your personal data (Art. 15 GDPR) β’ Rectify inaccurate data (Art. 16) β’ Erase your data (Art. 17, right to be forgotten) β’ Restrict processing (Art. 18) β’ Data portability (Art. 20) β’ Object to processing (Art. 21) β’ Withdraw consent at any time (Art. 7) β’ Lodge a complaint with a supervisory authority To exercise these rights, contact our Data Protection Officer at privacy@destinationlab.io. We respond within 30 days.
When data is transferred outside the EEA, we ensure appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission. We only transfer data to countries with an adequate level of protection or with appropriate contractual safeguards in place.
Our service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
For privacy-related questions, contact our Data Protection Officer: Email: privacy@destinationlab.io Address: destinationlab GmbH, Attn: Data Protection Officer, Berlin, Germany We respond to all privacy requests within 30 days.
Start your 14-day free trial today. No credit card required. Full access to all features.