Privacy Policy
Last updated: 9 July 2026
This policy explains what personal data North Macedonia Tours ("NMT") collects, why, and how it is handled. We collect the minimum needed to run a trustworthy booking platform.
1. What we collect
- Account data — name, email, password (stored only as a strong one-way hash), and optional phone number.
- Partner data — business/display name, bio, languages, operating cities, vehicle details for drivers, and bank details (IBAN) used solely to send monthly payouts.
- Booking & payment data — what you booked, when, for how many people, and the payment amount. Card details are processed by the payment provider, not stored by NMT.
- Messages — conversations on the platform, so our staff can support you and resolve disputes.
- Technical data — anonymous, cookieless usage analytics (Vercel Analytics) and short-lived rate-limiting records that store only irreversible hashes, never raw emails or IP addresses.
2. The contact-sharing rule
Your contact details (email, phone) are never visible to other users. When you pay for a booking, your name and contact details are shared with that partner — and theirs with you — so you can coordinate the service. Until payment, partners see only your first name and last initial.
3. Cookies
We use only essential cookies: your login session and your theme preference. Our analytics are cookieless. There is no advertising or cross-site tracking.
4. Who processes data for us
- Vercel (hosting, EU-routed) and MongoDB Atlas (database, EU region)
- Resend (transactional email, EU region) — sends verification, booking, and payout emails
- Zoho Mail (EU) — powers our human support inbox (contact@)
- Cloudflare R2 (EU) — stores listing and profile photos
5. Retention & your rights
- Account data is kept while your account exists.
- Booking and payment records are kept as long as required for accounting and dispute resolution.
- Verification and reset tokens self-delete after they expire.
- You can request a copy of your data, correction, or deletion (subject to legal retention of financial records) at contact@northmacedoniatours.com.
6. Security
Passwords are hashed with bcrypt, transport is HTTPS-only with strict security headers, staff actions are audit-logged, and the database is backed up nightly in encrypted form.
7. Contact
Privacy questions and requests: contact@northmacedoniatours.com.