Privacy Policy | Kolea Travel Guide

KOLEA PRIVACY POLICY

Last updated: January 19, 2026

Kolea (“we,” “us,” or “our”) respects your privacy and is committed to transparency about how we collect, use, disclose, and protect your information. This Privacy Policy describes our practices when you use the Kolea mobile application (the “Application”) and the Kolea website located at https://koleaguide.com (the “Website”).

Please read this Privacy Policy carefully. By accessing or using the Application or Website, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms. If you do not agree with this Privacy Policy, please do not access or use the Application or Website.

This Privacy Policy should be read together with our Terms of Use, which govern your use of the Application and Website. Defined terms not otherwise defined in this Privacy Policy have the meanings set forth in the Terms of Use.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this Privacy Policy at any time. When we make changes, we will update the “Last updated” date at the top of this Privacy Policy. For material changes that significantly affect your rights or how we handle your information, we will provide notice by sending an email notification to the email address associated with the account of registered users at least 30 days before the changes take effect.

Your continued use of the Application or Website after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about our information practices.

INFORMATION WE COLLECT

We collect information that you provide directly to us, information that is automatically collected when you use our services, and in some cases, information from third-party sources. We strive to collect only the minimum information necessary to provide and improve our services.

Personal Information You Provide

We collect personal information that you voluntarily provide to us, including:

Account Information: Email address and password when you create an account
Contact Information: Name, email address, and any other information you provide when using contact forms or communicating with us
Feedback and Survey Responses: Information you provide when responding to surveys, providing feedback, or participating in user research
Support Requests: Information you provide when seeking customer support or technical assistance

Location Information

The Application requires access to location information from your mobile device to provide location-based features and functionality. We handle location information as follows:

Real-Time Location: The Application accesses your device’s GPS or other location services to provide features such as determining when you enter and exit locations of interest and providing information about those locations. Real-time GPS coordinates are processed locally on your device and are not transmitted to or stored on our servers.
Place-Based Identifiers: When you interact with specific locations or places through the Application, we may store place-based reference identifiers (such as unique location codes or place IDs) that can be associated with your account. These identifiers allow us to remember your activity at specific locations but do not contain raw GPS coordinates or personally identifiable location data in human-readable form.
Approximate Location: We may derive approximate location information (such as city or region) from your IP address when you access the Website or Application for analytics and service improvement purposes.

You can control the Application’s access to location services at any time through your device settings. Disabling location access may limit or prevent certain features of the Application from functioning properly.

Usage and Device Information

When you use the Application or Website, we automatically collect certain information about your device and how you interact with our services, including:

Device Information: Device type, model, manufacturer, operating system and version, mobile network information, platform-provided device identifiers, and screen resolution
Application Usage: Features used, screens viewed, interactions with content, session duration, frequency of use, and performance data
Website Usage: Pages visited, links clicked, referring website, browser type and version, and date and time of access
Log Data: IP address, access times, error logs, and diagnostic information

This information is collected in an aggregated or de-identified form and is used to understand usage patterns, improve performance, troubleshoot technical issues, and enhance the user experience.

Cookies and Tracking Technologies

The Website uses cookies and similar tracking technologies to support functionality, remember preferences, and analyze usage. A cookie is a small text file that is stored on your device. We may use the following types of cookies:

Essential Cookies: Required for the Website to function properly, such as authentication and security features.
Analytics Cookies: Used to collect information about how visitors use the Website, such as page views, time spent, and navigation patterns. This information is aggregated and used to improve the Website. We use Google Analytics for this purpose.
Functional Cookies: Remember your preferences and settings to provide a more personalized experience.

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. Please note that disabling cookies may affect the functionality of the Website.

Third-Party Analytics

We use third-party analytics services to help us understand how the Application and Website are used. These services may collect information sent by your device or browser, including pages visited, time spent, and other usage statistics. The information collected by these services is typically aggregated and anonymized. The services we use include Google Analytics and Firebase Analytics.

Push Notifications

The Application may send push notifications to your device to provide updates, alerts, and information related to Application functionality. Push notifications are delivered through platform-specific notification services provided by Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM). When you enable push notifications, your device token is shared with these services to facilitate delivery.

You can disable push notifications at any time through your device settings. Disabling notifications will not affect your ability to use other features of the Application.

Information from Third Parties

We may receive information about you from third parties in limited circumstances, such as:

App stores (Apple App Store, Google Play Store) may provide us with installation and usage statistics
Third-party authentication services, if we add such features in the future, e.g., “Sign in with Apple” or “Sign in with Google”

HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

To Provide and Maintain Our Services

Create, maintain, and authenticate user accounts
Enable location-based features and functionality
Deliver content and features personalized to your usage
Process and respond to your requests, inquiries, and support tickets

To Improve and Develop Our Services

Analyze usage patterns and trends to understand how users interact with the Application and Website
Identify and fix technical issues, bugs, and errors
Develop new features and enhance existing functionality
Conduct research, testing, and analysis to improve user experience

To Communicate with You

Send administrative messages, such as account confirmations, password resets, and updates to our policies
Notify you about updates, new features, or changes to the Application
Respond to your comments, questions, and feedback
Send newsletters or promotional communications

To Ensure Security and Prevent Fraud

Detect, investigate, and prevent fraudulent, unauthorized, or illegal activity
Protect the security and integrity of our systems and services
Enforce our Terms of Use and other agreements

To Comply with Legal Obligations

Comply with applicable laws, regulations, and legal processes
Respond to lawful requests from public authorities, including law enforcement
Establish, exercise, or defend legal claims
We do not use your personal information for targeted advertising or sell your personal information to third parties.

HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal information. We may share your information only in the limited circumstances described below:

Service Providers

We engage trusted third-party service providers to perform functions on our behalf, such as:

Cloud hosting and infrastructure: Google Cloud Platform, Firebase Realtime Database
Analytics services: Google Analytics and Firebase Analytics
Email and communication services: MailerLite, Firebase Cloud Messaging
Payment processing: Google Pay

These service providers are contractually obligated to use your information only for the purposes for which we engage them and in accordance with this Privacy Policy. They are prohibited from using your information for their own purposes.

Firebase Services

We use Google Firebase services to operate and improve the Application:

Firebase Authentication: Manages user account creation, authentication, and session management. Authentication data is stored on Google's servers in the United States.
Firebase Realtime Database: Stores application data and user-generated content. Data is stored on Google's servers in the United States.
Firebase Analytics: Collects usage data and app performance metrics to help us understand how users interact with the Application.
Firebase Cloud Messaging (FCM): Delivers push notifications to your device.

Firebase services are provided by Google LLC and are subject to Google's privacy practices. Data processed by Firebase is transferred to and stored in the United States. Google uses Standard Contractual Clauses approved by the European Commission to ensure adequate protection for international data transfers.

For more information about Firebase's data practices, visit: https://firebase.google.com/support/privacy

Email Communications:

We use MailerLite to manage email newsletters. When you subscribe to our mailing list, your email address and any other information you provide is stored and processed by MailerLite. MailerLite's servers are located in the European Union and comply with GDPR requirements. MailerLite uses Standard Contractual Clauses for international data transfers. For more information about MailerLite's privacy practices, visit: https://www.mailerlite.com/legal/privacy-policy

Legal Requirements and Protection of Rights

We may disclose your information if we believe in good faith that such disclosure is necessary to:

Comply with applicable laws, regulations, legal processes, or enforceable governmental requests
Enforce our Terms of Use or other agreements, including investigation of potential violations
Detect, prevent, or otherwise address fraud, security, or technical issues
Protect against harm to the rights, property, or safety of us, our users, or the public as required or permitted by law

Business Transfers

If Kolea is involved in a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will make reasonable efforts to notify you (via email and/or a prominent notice on the Application or Website) before your information is transferred and becomes subject to a different privacy policy. We will also use reasonable efforts to ensure that the acquiring party agrees to protect your information in a manner consistent with this Privacy Policy.

With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

Aggregated and De-Identified Information

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. For example, we may share statistics about Application usage trends or demographic information with partners or the public.

DATA SECURITY

We take the security of your information seriously and implement reasonable administrative, technical, and physical safeguards designed to protect your information from unauthorized access, use, disclosure, alteration, and destruction.

Security Measures

Our security measures include:

Encryption: Data transmitted between your device and our servers is encrypted using industry-standard TLS (Transport Layer Security).

Access Controls: Access to personal information is restricted to employees, contractors, and service providers who need access to perform their job functions. All such personnel are bound by confidentiality obligations.

Secure Infrastructure: We use reputable cloud service providers that maintain SOC 2 Type II, ISO 27001, or equivalent certifications and implement industry-standard security practices.

Regular Security Assessments: We conduct periodic security reviews and assessments to identify and address potential vulnerabilities.

Limitations

While we strive to protect your information, please be aware that no security measures are perfect or impenetrable. No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You also play a role in protecting your information by maintaining the confidentiality of your account password and notifying us immediately if you become aware of any unauthorized access to your account.

Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you as required by applicable law. Notification will be provided via email to the address associated with registered accounts and/or through a prominent notice in the Application or on the Website.

DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. When determining retention periods, we consider factors such as:

The length of time we have an ongoing relationship with you and provide services to you
Whether you have requested deletion of your information
Whether we have a legal obligation to retain information (e.g., tax, accounting, or legal requirements)
Whether retention is necessary to resolve disputes, enforce our agreements, or protect our legal rights

The following table provides general guidelines for our retention practices:

Data Type	Examples	Purpose	Retention Period
Account Data	Email address, password, place-based identifiers	Service provision, authentication	Active account plus 90 days after deletion request
Real-Time Location Data	GPS coordinates	Provide location-based features	Not stored on servers; processed locally on device only
Usage and Analytics Data	Aggregated usage patterns, device information	Analytics, service improvement	Target of 36 months, may be indefinitely
Communications	Support requests, feedback, survey responses	Customer support, service improvement	Target of 36 months or as needed for legal compliance, may be indefinitely.
Log Data	IP addresses, error logs, access logs	Security, troubleshooting, legal compliance	Target of 36 months, may be indefinitely

When you request deletion of your account, we will delete or anonymize your personal information within the timeframes specified above, except where we are required to retain information for legal, regulatory, or operational purposes.

YOUR RIGHTS AND CHOICES

You have certain rights regarding your personal information, subject to applicable law. This section describes your rights and how to exercise them.

Access and Portability

You have the right to request access to the personal information we hold about you. Upon verification of your identity, we will provide you with a copy of your personal information in a commonly used electronic format. You may also request that we transfer your information directly to another service provider where technically feasible. Please contact us at privacy@koleaguide.com to request your information.

Correction

You have the right to request correction of any inaccurate or incomplete personal information we hold about you. You can update some of your account information directly through the Application settings. For other corrections, please contact us at privacy@koleaguide.com.

Deletion

You have the right to request deletion of your personal information. You may delete your account at any time through the Application settings or by contacting us at privacy@koleaguide.com. Upon receiving a verified deletion request, we will delete your personal information from our active systems within 90 days, subject to the retention periods described in the "DATA RETENTION" section and except where we are required to retain information for legal or operational purposes.

Please note that deletion of your account will result in the loss of access to your account, your data, and may affect certain features or functionality.

Restriction and Objection

In certain circumstances, you may have the right to restrict or object to our processing of your personal information. For example, you may object to processing based on legitimate interests or for direct marketing purposes. If you wish to exercise these rights, please contact us at privacy@koleaguide.com, and we will consider your request in accordance with applicable law.

Opt-Out of Communications

You may opt out of receiving promotional emails from us by:

Clicking the “Unsubscribe” link in any promotional email we send
Contacting us at privacy@koleaguide.com

Please note that even if you opt out of promotional communications, we may still send you non-promotional messages related to your account, such as administrative notifications, security alerts, or updates to our policies.

Location Permissions

You can control the Application’s access to your device’s location services through your device settings. Disabling location access may limit or prevent the use of location-based features.

Cookies and Tracking

You can manage cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling cookies may affect the functionality of the Website.

How to Exercise Your Rights

To exercise any of the rights described in this section, please contact us at privacy@koleaguide.com. We may need to verify your identity before processing your request to protect your privacy and security. We will respond to your request within 30 days (or as otherwise required by applicable law).

If you are not satisfied with our response, you may have the right to lodge a complaint with a data protection authority in your jurisdiction.

CHILDREN’S PRIVACY

The Application and Website are not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are under 13 years of age, please do not use the Application or Website or provide any information to us.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information as soon as possible. If you believe we may have collected information from a child under 13, please contact us immediately at privacy@koleaguide.com.

If you are between 13 and 18 years of age (or the age of majority in your jurisdiction), you must have permission from your parent or legal guardian before using the Application or providing any personal information.

INTERNATIONAL DATA TRANSFERS

The Application and Website are operated from the United States. If you access our services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

The United States or these other countries may have data protection laws that differ from those in your country of residence. By using the Application or Website, you consent to the transfer of your information to the United States and other countries for processing and storage as described in this Privacy Policy. We ensure that such transfers are made in compliance with applicable data protection laws, including through the use of Standard Contractual Clauses approved by the European Commission or other appropriate safeguards.

THIRD-PARTY LINKS AND SERVICES

The Application or Website may contain links to third-party websites, applications, or services that are not owned or controlled by us. This Privacy Policy applies only to information collected by us. We are not responsible for the privacy practices of third parties.

When you click on links to third-party websites or services, you will leave our Application or Website and be directed to the third party’s site. We encourage you to review the privacy policies of any third-party sites or services before providing any information or using their services.

The Application may also be downloaded from third-party app stores (such as the Apple App Store or Google Play Store). Those third parties may collect information about you in connection with your download or use of the Application. We do not control and are not responsible for the data collection or privacy practices of those third parties. Please review the privacy policies of Apple, Google, or other app store providers for more information about their practices.

DO NOT TRACK SIGNALS

Some web browsers have a “Do Not Track” (“DNT”) feature that signals to websites that you visit that you do not want your online activity tracked. Because there is no uniform technology standard for recognizing and implementing DNT signals, we do not currently respond to DNT signals from web browsers.

However, we honor Global Privacy Control (GPC) signals in accordance with applicable law. If your browser sends a GPC signal, we will treat it as a request to opt out of the sale or sharing of personal information as required by applicable privacy laws.

CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). This section describes those rights and how to exercise them.

Categories of Information We Collect

We collect the following categories of personal information as defined by the CCPA:

Identifiers: Email address, device identifiers, IP address
Internet or network activity: Browsing history, usage data, interaction with Application features
Geolocation data: Precise geolocation data processed on-device to provide Application functionality (when you enable location services), approximate location derived from IP address
Inferences: Preferences and characteristics derived from your usage patterns

Sources of Information

We collect personal information from the following sources:

Directly from you (when you create an account, use the Application, or contact us)
Automatically when you use the Application or Website (usage data, device data, location data)
From third parties (app stores, analytics providers)

Business and Commercial Purposes

We use and disclose personal information for the business and commercial purposes described in the "HOW WE USE YOUR INFORMATION" and "HOW WE SHARE YOUR INFORMATION" sections of this Privacy Policy.

Categories of Third Parties

We share personal information with the following categories of third parties:

Service providers (hosting, analytics, email, customer support)
Government entities and law enforcement (when required by law)
Business transaction parties (in connection with a merger, acquisition, or sale of assets)

Sale and Sharing of Personal Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

Sensitive Personal Information

We utilize but do not store precise geolocation data, which is considered sensitive personal information under California law. We use this information solely to provide location-based features of the Application as described in the "INFORMATION WE COLLECT" section of this Privacy Policy. We do store some place-based identifiers, which are not treated as sensitive personal information under CPRA. We do not use or disclose sensitive personal information for purposes other than that permitted by the CCPA.

Your California Privacy Rights

Subject to certain limitations, California residents have the following rights:

Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purpose for collecting or selling personal information, and the categories of third parties with whom we share personal information.
Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out: You have the right to opt out of the sale or sharing of your personal information. As noted above, we do not sell or share personal information.
Right to Limit Use of Sensitive Personal Information: You may request that we limit our use of sensitive personal information. However, we only use precise geolocation data for purposes permitted by the CCPA (providing location-based features you allow).
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights under the CCPA.

How to Exercise Your Rights

To exercise your California privacy rights, please contact us at: privacy@koleaguide.com.

We will verify your identity before processing your request. You may designate an authorized agent to make a request on your behalf by providing written authorization or a power of attorney. We will require the agent to provide proof of authorization.

We will respond to verifiable requests within 45 days of receipt. If we require additional time (up to 90 days total), we will notify you of the reason and extension period.

Shine the Light Law

California Civil Code Section 1798.83 permits California residents to request information about our disclosure of personal information to third parties for their direct marketing purposes. We do not share personal information with third parties for their own direct marketing purposes.

Minors Under 18

If you are a California resident under 18 years of age and have registered for an account, you may request removal of content or information you have posted publicly. To request removal, contact us at privacy@koleaguide.com with the email address associated with your account and a statement that you reside in California. We will make reasonable efforts to remove content from public view, but please note that removal may not be complete or comprehensive (for example, if the content has been reposted by another user).

OTHER U.S. STATE PRIVACY RIGHTS

Residents of certain U.S. states, including Virginia, Colorado, Connecticut, and Utah, have privacy rights under their respective state laws. If you are a resident of one of these states, you may have rights similar to those described in the "CALIFORNIA PRIVACY RIGHTS" section, including:

The right to confirm whether we process your personal data and to access such data
The right to correct inaccuracies in your personal data
The right to delete personal data you have provided
The right to obtain a copy of your personal data in a portable format
The right to opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling

To exercise these rights, please contact us at privacy@koleaguide.com. We will respond to your request in accordance with applicable state law, typically within 45 days.

If we deny your request, you may have the right to appeal our decision. We will provide information about how to appeal at the time we deny a request.

EUROPEAN ECONOMIC AREA, UNITED KINGDOM, AND SWITZERLAND

If you are located in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR) or equivalent data protection laws.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent: When you have given explicit consent for specific processing activities (e.g., marketing communications, location services)
Contract Performance: To provide the Application and Website services as agreed in our Terms of Use
Legitimate Interests: To improve our services, ensure security, prevent fraud, and conduct analytics, where our interests are not overridden by your privacy rights
Legal Obligation: To comply with applicable laws and regulations

Your Rights Under GDPR

You have the following rights:

Right of Access: Request access to your personal data
Right to Rectification: Request correction of inaccurate data
Right to Erasure: Request deletion of your data (“right to be forgotten”)
Right to Restriction: Request restriction of processing in certain circumstances
Right to Data Portability: Receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
Right to Lodge a Complaint: Lodge a complaint with your local data protection authority

To exercise these rights, contact us at privacy@koleaguide.com

International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA, UK, or Switzerland, including the United States, which may not offer the same level of data protection. We ensure such transfers comply with GDPR requirements through Standard Contractual Clauses or other appropriate safeguards.

Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Our use of analytics and usage data is solely for improving the Application and does not result in automated decisions about individual users.

CONTACT US

If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, please contact us at: privacy@koleaguide.com. We will respond to your inquiries within a reasonable timeframe.