Privacy Policy

Vourigo SARL ("we", "us", "our") operates the Vourigo Platform ("Platform"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services, consistent with:

(a) Cameroon Law No. 2024/017 relating to Personal Data Protection (effective 23 December 2024; full compliance deadline 23 June 2026);

(b) OHADA principles on commercial data handling;

(c) EU General Data Protection Regulation (GDPR) (Regulation 2016/679), which applies extraterritorially under Article 3(2) because we offer services to EU and EEA residents;

(d) UNWTO ethical guidelines on tourist data handling;

(e) Cameroon Cyber Security Law (2010/012) and Electronic Communications Law (2010/013).

Data Controller Identity:

• Legal Name: Vourigo SARL
• Registration: [Trade Registry Number], Cameroon
• Contact: privacy@vourigo.com
• DPO: dpo@vourigo.com (certified, independent)

We collect only data necessary for the stated purposes (data minimisation principle, Cameroon Law No. 2024/017 Section 17):

• Identity: Full name, date of birth, nationality, passport or ID number. Legal Basis: Contract necessity; Legal obligation.
• Contact: Email, WhatsApp number, emergency contact. Legal Basis: Contract necessity; Consent (marketing).
• Health and Fitness: Dietary restrictions, allergies, fitness level, mobility notes. Legal Basis: Explicit consent (sensitive data).
• Travel Details: Dates, group size, itinerary, activity selections, accommodation preferences. Legal Basis: Contract necessity.
• Payment: Card tokens (via Fincra), billing address, transaction history. Legal Basis: Contract necessity; Legal obligation (tax).
• Technical: IP address, device type, browser, cookies, session IDs. Legal Basis: Legitimate interest; Consent (non-essential cookies).
• Gamification: Passport stamps, badges, trip history. Legal Basis: Consent.

Health Data Tokenization and Anonymisation:

Raw health descriptions entered during booking are immediately converted into anonymised risk tiers and categorical flags (for example, "anaphylaxis_risk", "mobility_limited"). The original free-text input is stored in an encrypted ephemeral cache with a 90-day time-to-live (TTL), after which it is securely purged. Only the anonymised tokens are used for Vendor coordination.

We do not knowingly process data of minors under 18 without verifiable parental consent.

• Booking fulfilment: Identity, Contact, Travel Details, Health tokens. Retained for duration of trip plus 7 years (tax and accounting).
• Payment processing: Payment data (tokenised). Retained 7 years (financial records).
• OTP authentication: Email, WhatsApp. OTP expires in 10 minutes; logs retained 90 days.
• Vendor coordination: Identity, Travel Details, Health tokens (relevant subset). Shared only for trip duration.
• Marketing and newsletters: Email, Name. Retained until consent withdrawal.
• Platform improvement: Technical, anonymised analytics. Retained 2 years.

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects. No personal data is used for AI training without explicit consent.

We share data only with processors under binding contracts with data protection clauses:

• Fincra (Nigeria): Payment processing. Safeguard: CBN licensed; Standard Contractual Clauses (SCCs).
• SendGrid (Twilio) (USA): Transactional email. Safeguard: SCCs.
• Accommodation Providers (Cameroon): Check-in, service delivery. Safeguard: Limited data subset; contractual confidentiality.
• Activity Operators (Cameroon): Guide assignment, safety briefing. Safeguard: Limited data subset; contractual confidentiality.

All cross-border transfers comply with Cameroon Law No. 2024/017 Sections 26 to 30 and GDPR Chapter V. Health data and sensitive personal data are localised within Cameroon unless prior authorisation is obtained from the Personal Data Protection Authority.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

Technical Measures:

• Encryption: AES-256 for data at rest; TLS 1.3 for data in transit.
• Hashing: OTP codes hashed with SHA-256; password hashes use bcrypt.
• Access Controls: Role-based access control (RBAC); least privilege principle.
• API Security: Rate limiting, JWT token expiration, webhook signature verification.

Organisational Measures:

• Certified Data Protection Officer (DPO) with direct reporting to highest management.
• Annual staff training on data protection and cybersecurity.
• Data Protection Impact Assessments (DPIAs) for high-risk processing.
• Incident response plan with 72-hour breach notification.

Under Cameroon Law No. 2024/017 (Sections 20 to 25) and, where applicable, the GDPR, you have the right to:

• Access: Obtain confirmation of processing and a copy of your data. Email dpo@vourigo.com with ID verification.
• Rectification: Correct inaccurate or incomplete data via Platform profile or email to DPO.
• Erasure: Request deletion when data is no longer necessary. 30-day response.
• Objection: Object to processing for direct marketing or legitimate interests.
• Portability: Receive data in structured, machine-readable format.
• Restriction: Request limitation of processing during disputes.
• Withdraw Consent: Revoke consent at any time via Platform settings or by emailing dpo@vourigo.com.

EU residents additionally benefit from GDPR Articles 15, 17, 18, 20, 21, and the right to lodge a complaint with their local supervisory authority (Article 77).

We respond to all requests within 30 days (Cameroon law) or 30 days extendable to 60 (GDPR).

• Booking and payment records: 7 years (Cameroon tax law; OHADA accounting standards).
• Identity and contact: 7 years post-last booking.
• Health data (raw text): 90 days post-trip, then securely purged.
• Health tokens (anonymised): 1 year post-trip, then deleted.
• OTP logs: 90 days (security audit trail).
• Marketing preferences: Until consent withdrawal.
• Anonymised analytics: Indefinite (no personal data remains).

Upon expiry of retention periods, data is securely deleted using NIST 800-88 Rev 1 guidelines. Backups are overwritten within 30 days of deletion request.

See our separate Cookie and Tracking Consent Policy at /cookies for full details.

Summary of categories:

• Essential: Platform functionality, authentication, security. Duration: Session or 1 year. Consent Required: No.
• Functional: Language preferences, itinerary saving. Duration: 1 year. Consent Required: Yes.
• Analytics: Google Analytics 4, heatmaps (anonymised IP). Duration: 2 years. Consent Required: Yes.
• Marketing: Retargeting, social media pixels. Duration: 90 days. Consent Required: Yes.

You may manage preferences at any time via the "Cookie Settings" link in the footer.

In case of a confirmed personal data breach:

• Detection via automated monitoring within 24 hours.
• DPO assesses scope and severity.
• Containment via immediate technical measures.
• Notification: Cameroon Authority within 72 hours (Law No. 2024/017); EU Supervisory Authority within 72 hours (GDPR Article 33); Affected individuals without undue delay if high risk.

We may update this Privacy Policy to reflect legal, regulatory, or operational changes. Material changes are notified via:

• Email to registered users;
• Platform banner notification;
• 30-day advance notice for changes affecting rights or consent bases.

Data Protection Officer (DPO):

Email: dpo@vourigo.com

Response time: 30 days

General Privacy Enquiries:

Email: privacy@vourigo.com

You have the right to lodge a complaint with the data protection supervisory authority in your EU country of residence or place of work.

Version 1.0. Effective 19 May 2026. Next Review: 19 November 2026