Privacy and Data Protection Policy
Effective Date: July 17th, 2025
1. Introduction
Welcome to First Mate Travels (“we,” “us,” or “our”). This Privacy and Data Protection Policy explains how we collect, use, share, and protect personal data of individuals and businesses ( “service providers” or “SP”) using our platform and services. We are committed to protecting your privacy and complying with Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados – LGPD).
This policy applies to both individual travelers (B2C) and businesses (B2B) who use our platform.
2. Legal Entity and Jurisdiction
First Mate Travels is operated by FIRSTMATE SERVIÇOS DIGITAIS LTDA, a company registered in Rio de Janeiro, Brazil, under CNPJ 60.453.809/0001-09, headquartered at Rua Visconde de Pirajá, 414, sala 718, Ipanema, Rio de Janeiro – RJ, CEP 22410-905.
3. What Are Personal Data?
“Personal data” means any information that identifies or can be used to identify you as an individual or your business entity.
4. Types of Data We Collect
We collect the following types of personal data, depending on your user type:
For Individual Travelers (B2C):
Identity Data: full name, date of birth, passport number (if provided).
Contact Data: email, phone number, mailing address.
Travel and Booking Data: travel itineraries, booking details, requested services.
Payment Data: credit/debit card or payment information processed securely via Stripe.
Technical Data: IP address, device information, browser type, login history.
Usage Data: platform activity, search history, service usage.
Voluntary Sensitive Data: dietary preferences, health information shared voluntarily.
For Service Providers (B2B):
Company Information: legal company name, registration number, tax ID.
Contact Persons: names, emails, phone numbers of authorized representatives.
Contract and Service Data: contracts, service listings, booking details.
Payment Data: payment details processed via Stripe or invoicing.
Technical and Usage Data: similar to B2C, including login and usage statistics.
5. How We Collect Data
We collect data through:
Direct input from users during registration, bookings, or communications.
Automated means such as cookies and device identifiers.
Third-party integrations including login with Google or Apple accounts.
6. Purpose of Processing Your Personal Data
We use your data for:
Individual Travelers:
Facilitating bookings and processing payments securely.
Providing customer support and managing your account.
Maintaining platform security and fraud prevention.
Personalizing your user experience (within limits; no behavioral profiling).
Complying with legal and regulatory requirements.
Service Providers:
Managing contracts, invoicing, and service delivery.
Facilitating bookings for your services.
Providing support to your authorized contacts.
Ensuring compliance with commercial and legal obligations.
Maintaining platform security and fraud prevention.
7. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance platform functionality, remember preferences, analyze usage, and improve security.
You can control or disable cookies in your browser settings, but some platform features may not function correctly without them.
Currently, we do not use cookies or trackers for advertising purposes. If this changes, for example by integrating Meta ads, we will update this policy accordingly.
8. Sharing Your Personal Data
We do not sell or lease your personal data. We may share your data with:
Service Providers: such as travel service suppliers to fulfill bookings (for travelers).
Payment Processors: Stripe handles payment processing securely.
Legal Authorities: when required by law or to protect our rights.
All third parties receiving data must adhere to confidentiality and data protection laws.
9. International Data Transfers
Your data may be stored or processed outside Brazil, including in the United States and Uruguay. We ensure all international transfers comply with applicable data protection laws and that appropriate safeguards are in place.
10. Data Retention
We retain personal data only as long as necessary for business and legal purposes:
For individual travelers, booking data may be kept up to five years for fiscal and accounting compliance.
For service providers, contractual and billing records are retained per applicable commercial law.
Upon account deletion, we remove your personal data within 30 business days unless legally required otherwise.
11. Your Rights
Under the LGPD, you have the right to:
Access and obtain a copy of your personal data.
Request correction of inaccurate or incomplete data.
Request deletion of your personal data where legally permissible.
Withdraw consent to data processing when consent is the legal basis.
Object to specific data processing activities.
Request portability of your personal data.
Please contact us at firstmate@firstmatetravels.com to exercise your rights. We will respond within the legally required timeframe.
12. Account Deletion Procedures
We offer clear and secure processes for users who wish to delete their accounts and associated personal data:
For Service Providers (B2B):
Authorized representatives of registered businesses may request permanent account deletion by sending an email to firstmate@firstmatetravels.com. The deletion request will be processed 30 calendar days after the date of the last completed booking associated with the business, to ensure contractual and fiscal obligations are fulfilled. Once processed, all stored personal and business data will be securely deleted unless retention is required by law.
For Individual Travelers (B2C):
Users may request account deletion directly through the profile settings within the First Mate Travels app. Upon confirmation by the user, the account and associated personal data will be permanently deleted within 30 calendar days, unless specific information must be retained to meet legal obligations.
13. Data Breach Notification
In the unlikely event of a data breach affecting your personal data, we will promptly notify you and the relevant authorities as required by law.
14. Children’s Privacy
Our platform is intended for users aged 18 and over. We do not knowingly collect personal data from minors. If we become aware of such data, we will delete it immediately.
15. Changes to This Policy
We may update this policy at any time. Updates will be posted on this page with a new effective date. Continued use of the platform after changes means you accept the updated policy.
16. Contact Information
For privacy questions or requests, please contact:
firstmate@firstmatetravels.com