Legal
Privacy policy
Last updated: July 9, 2026
Highland Adventures Inc. (“Highland Adventures,” “we,” “us,” or “our”) operates highlandadventures.com (the “Site”), including the traveler dashboard where booked trips are managed. This policy explains how we collect, use, disclose, and safeguard your information. By using the Site, you agree to the collection and use of information in accordance with this policy.
Information we collect
Information you provide
- Trip inquiries: name, email address, phone number (optional), destination interests, travel dates or windows, party size, budget range, and any messages you submit through our inquiry form.
- Proposal and agreement records: when you accept a written proposal, we record the signer’s name, email address, IP address, the exact version of the terms and waiver you signed, and the time of signature. These records are the evidence of your agreement.
- Traveler details for booked trips: to arrange permits, entry tickets, and reservations, we collect each traveler’s name as printed in their passport, date of birth, passport number, issuing country, expiry date, and nationality, plus an emergency contact and any dietary or medical notes you choose to share for guides. This information is collected only after you book, never at inquiry.
- Payment records: card payments are processed by Stripe; we never see or store your full card number. For bank transfers we record the amount, date, and bank reference. Every payment is receipted in your trip space.
- Account and dashboard activity: your login email, password (stored as a one-way hash), and the actions you take in your trip space, such as submitting traveler details or signing a waiver.
- Correspondence: the contents of emails and messages you exchange with our team.
Information collected automatically
- Technical logs: IP address, browser type, request logs, and diagnostic data needed to operate, secure, and rate-limit the Site.
Passport and health information
Passport numbers, dates of birth, emergency contacts, and dietary or medical notes are the most sensitive information we hold, and we treat them accordingly:
- They are encrypted at rest with keys we control, in addition to our infrastructure provider’s disk encryption.
- Your trip space never displays them back; it shows only that a value was provided. Changing one means re-entering it.
- Every access to the decrypted values by our staff is logged with the person, time, and booking.
- Requests we send to suppliers name the travelers and list which fields a permit or ticket requires; the sensitive values themselves are conveyed to the supplier only as needed for that supplier’s part of the trip, never stored in the request record.
- Dietary and medical notes are optional, used only to run your trip safely, and shared only with the guides and operators who need them.
How we use your information
- Respond to your inquiries and plan trips you ask us to plan
- Arrange the reservations, permits, and entry tickets your booked trip needs
- Send transactional messages about your inquiry or trip: proposals, receipts, status updates, and your final documents
- Send marketing communications only if you explicitly opted in; opting out never stops transactional messages you still need
- Operate, secure, and improve the Site, and prevent fraud and abuse
- Comply with legal obligations
We do not sell your personal information, and we do not use the information you submit to train AI or machine-learning models.
Information sharing and service providers
- Licensed local trip operators and suppliers: when you book, we share the details each operator or supplier needs for its part of your trip: traveler names, dates, party details, and the passport data a permit or entry ticket legally requires. We share only what that supplier needs.
- Service providers: Railway (hosting and database, United States), Stripe (card payments), Resend (transactional email delivery), and our business email provider. Each is contractually required to protect your data and use it only to provide services to us.
- Legal requirements: we may disclose information when required by law, court order, or valid government request, or to protect our rights or the safety of our users or the public.
- Business transfers: in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction; we will notify you of any change in control.
- With your consent: for any other purpose you explicitly agree to.
Cookies
The Site uses only the session cookie required to keep you logged in to your trip space. It is an essential, first-party cookie. There are no advertising, analytics, or cross-site tracking cookies, and no third-party ad tech. If we add analytics or marketing cookies in the future, we will update this policy and ask for your consent first where the law requires it.
Data retention
- Inquiries and planning records: retained while we are actively helping you and afterwards as business records, unless you request earlier deletion.
- Passport and health details: retained only for as long as running your trip requires, then deleted after a defined post-trip window. Signed agreements and payment records are kept longer because the law requires it; the sensitive traveler fields are not.
- Booking, agreement, and financial records: retained for 7 years where required by tax, accounting, and dispute-resolution obligations.
- Technical logs: retained for up to 12 months for security and operational purposes.
You may request deletion of your data at any time, subject to legal retention requirements.
Data security
We protect your information with encryption in transit (TLS), encryption at rest, application-level encryption for passport and health fields, audit logging of sensitive access, and production access restricted to authorized personnel. Dashboard access is by invitation only, and every read is scoped to your own bookings. No method of transmission or storage is 100% secure; while we work to protect your information, we cannot guarantee absolute security.
Your rights and choices
Depending on your jurisdiction, you may have the right to access, correct, delete, or receive a copy of the personal data we hold about you, to restrict or object to certain processing, and to opt out of marketing at any time. To exercise any of these rights, email info@highlandadventures.com. We respond within the timeframe required by applicable law (typically 30 days or less).
California residents (CCPA/CPRA): you additionally have the right to know what personal information we collect and disclose, to request deletion or correction, and to non-discrimination for exercising your rights. We do not sell or share personal information for cross-context behavioral advertising.
EEA, UK, and Swiss residents (GDPR): Highland Adventures Inc. is the data controller for personal information processed through the Site. We process your data to respond to your requests and perform our contract with you, to secure and improve the Site (legitimate interests), and to meet legal obligations. You may withdraw consent at any time and may lodge a complaint with your local data protection authority.
International transfers
We are based in the United States, and your information is processed in the United States and in the countries where our service providers and local trip operators (for example, in Ecuador, Chile, Argentina, and Peru) operate. Where required by law, we rely on appropriate safeguards such as Standard Contractual Clauses for these transfers.
Children's privacy
The Site is not directed to children under 18, and we do not knowingly collect personal information directly from children. Trip details for minors traveling with your party are provided by you as the responsible adult, and a parent or legal guardian signs any required waiver on a minor’s behalf. If you believe we have collected information directly from a child, contact us and we will delete it.
Changes to this policy
We may update this policy from time to time. Material changes will be posted on this page with a new “Last updated” date, and where we have your email for an active inquiry or booking, we will notify you of significant changes.
Contact us
Highland Adventures Inc.
Privacy: info@highlandadventures.com
Website: highlandadventures.com