Skip to content

Legal documents

Privacy Policy

Last updated: 29.04.2026.

This Privacy Policy describes how DestyFinder collects, uses, and protects your personal data when you use our platform available at www.destyfinder.com (hereinafter: the "Platform").

The Policy is aligned with the EU General Data Protection Regulation (GDPR) and the Law on Personal Data Protection of Montenegro.

For any questions regarding data processing, contact us at privacy@destyfinder.com.

1. What data we collect

Depending on how you use the Platform, we collect:

  • Account data: first name, last name, email address, and password (stored encrypted). Optional: contact phone number.
  • Agency data (if you register as a partner): agency name, description, contact details, logo, tour data.
  • Inquiry data: when you send an inquiry to an agency, we collect your name, email, phone, preferred date, number of people, and the message text. This data is forwarded to the agency organizing the tour.
  • Technical data: IP address, device type, browser, and operating system, which we use for security, abuse prevention, and analytics.
  • Usage data: pages you visit, tours you click, saved favorite tours, time spent on the site.

2. Purpose and legal basis of processing

  • Providing the service (processing inquiries, authentication, account access), legal basis: performance of a contract.
  • Security and abuse prevention (rate limiting, spam detection), legal basis: legitimate interest.
  • Analytics and product improvement, legal basis: your consent (cookie banner) or legitimate interest for basic technical statistics.
  • Communication (inquiry confirmations, transactional emails), legal basis: performance of a contract.
  • Legal obligations (accounting, court requests), legal basis: legal obligation.

3. Who we share data with

We do not sell your data. We share it only in the following cases:

  • The agency you contact: when you send an inquiry, the agency receives your name, email, phone, and message content.
  • Microsoft Clarity: user behavior analytics, anonymized, activated with your consent.
  • Meta Pixel (Facebook): conversion tracking and remarketing, activated only with your consent (SCC with Meta Platforms Ireland Ltd.).
  • Supabase: authentication and user database infrastructure (Supabase Inc., USA — SCC).
  • Cloudflare: CDN and network infrastructure; all traffic passes through the Cloudflare network (Cloudflare Inc., USA — SCC).
  • Sentry: backend error monitoring; stack traces may contain technical context (Functional Software Inc., USA — SCC). PII is not intentionally logged.

Data may be transferred to countries outside the EU only with appropriate safeguards (Standard Contractual Clauses).

4. Retention period

We retain your data according to the following schedules: account data — until account deletion + 6 months for backup purge; inquiry data (name, email, phone, message) — 5 years from submission, based on the statutory limitation period for contractual claims; server logs — 30 days; analytics data (Clarity, Meta Pixel) — per the terms of those services. Data is not kept longer than necessary for its processing purpose.

5. Your rights

In accordance with the GDPR, you have the right to:

  • access your personal data and obtain a copy of it,
  • correct inaccurate data,
  • delete data ("right to be forgotten"),
  • restrict processing,
  • object to processing,
  • data portability,
  • withdraw consent at any time,
  • lodge a complaint with the supervisory authority (the Personal Data Protection Agency of Montenegro).

Send requests to privacy@destyfinder.com. We respond within 30 days.

6. Cookies

The Platform uses the following categories of cookies:

  • Essential: authentication, session, security. Cannot be disabled.
  • Analytical: Microsoft Clarity. Activated only with your consent.
  • Marketing / remarketing: Meta Pixel (_fbp, _fbc): conversion tracking. Activated only with your consent.

You can change your cookie preferences at any time by clicking "Cookie settings" at the bottom of the page.

7. Security

Appropriate technical and organizational protection measures are applied: TLS encryption in transit, password encryption, rate limiting, limited access for employees and partners. Although we use industry standards, no system is absolutely secure.

8. Minors

The Platform is primarily intended for persons over 16 years of age. Minors under 16 may not create an account or send inquiries without the consent of a parent or guardian.

9. Changes to the Policy

The Policy may be updated from time to time. We will publish material changes on this page and, if you have an account, notify you by email.

See also: Terms of Service.