Skip to content
Wandering Yaks

Privacy

Your data, briefly.

What we collect, why, and what we won’t do with it. Written in plain language.

Version 1.0 · Effective 15 July 2026.

Who we are

Wandering Yaks is the operating entity behind wanderingyaks.com. Full legal address on your booking invoice.

What we collect

  • Account data: name, email, phone, password hash. Provided by you at sign-up.
  • Booking data: traveler details required to run the trip — full name (per passport), date of birth, dietary needs, medical notes, emergency contact.
  • Passport data: passport number, nationality, expiry. Required for permit applications. Encrypted at rest with pgcrypto; only accessible to staff with permit-handling roles.
  • Payment data: handled by Stripe. We never see card numbers — only a token and a receipt reference.
  • Usage data: pages viewed, referrer, approximate location (country-level via IP), for analytics only.

Why we collect it

  • To operate your booking (contracts, permits, insurance verification).
  • To communicate with you before, during and after the trip.
  • To improve the site (aggregate analytics only, via PostHog).
  • To meet legal obligations (tax, permit reporting).

What we never do

  • Sell your data to any third party.
  • Share your passport or medical information with anyone outside the booking-fulfillment chain.
  • Track you across other sites.
  • Use dark patterns to keep you subscribed.

Your rights

You can, at any time, and by emailing privacy@wanderingyaks.com:

  • Get a copy of everything we hold about you (data export).
  • Correct anything that’s wrong.
  • Have it all deleted, subject to statutory retention (tax records for 7 years).
  • Opt out of marketing emails (we send at most 4 per year anyway).

We respond within 30 days, usually much less.

Cookies

Essential cookies for login and cart only. No third-party ad cookies. Analytics via PostHog is aggregated and self-hosted where practical.

Where the data lives

Primary database in the Supabase region closest to our headquarters (Singapore or Frankfurt, confirmed on booking). Encrypted at rest by the provider. Backups nightly with 30-day retention.