Skip to main content
We are in open beta — bookings are test-only until launch. Want to help test? Get in touch

Privacy Policy

Last updated: 9 July 2026

This policy explains what personal data North Macedonia Tours ("NMT") collects, why, and how it is handled. We collect the minimum needed to run a trustworthy booking platform.

1. What we collect

  • Account data — name, email, password (stored only as a strong one-way hash), and optional phone number.
  • Partner data — business/display name, bio, languages, operating cities, vehicle details for drivers, and bank details (IBAN) used solely to send monthly payouts.
  • Booking & payment data — what you booked, when, for how many people, and the payment amount. Card details are processed by the payment provider, not stored by NMT.
  • Messages — conversations on the platform, so our staff can support you and resolve disputes.
  • Technical data — anonymous, cookieless usage analytics (Vercel Analytics) and short-lived rate-limiting records that store only irreversible hashes, never raw emails or IP addresses.

2. The contact-sharing rule

Your contact details (email, phone) are never visible to other users. When you pay for a booking, your name and contact details are shared with that partner — and theirs with you — so you can coordinate the service. Until payment, partners see only your first name and last initial.

3. Cookies

We use only essential cookies: your login session and your theme preference. Our analytics are cookieless. There is no advertising or cross-site tracking.

4. Who processes data for us

  • Vercel (hosting, EU-routed) and MongoDB Atlas (database, EU region)
  • Resend (transactional email, EU region) — sends verification, booking, and payout emails
  • Zoho Mail (EU) — powers our human support inbox (contact@)
  • Cloudflare R2 (EU) — stores listing and profile photos

5. Retention & your rights

  • Account data is kept while your account exists.
  • Booking and payment records are kept as long as required for accounting and dispute resolution.
  • Verification and reset tokens self-delete after they expire.
  • You can request a copy of your data, correction, or deletion (subject to legal retention of financial records) at contact@northmacedoniatours.com.

6. Security

Passwords are hashed with bcrypt, transport is HTTPS-only with strict security headers, staff actions are audit-logged, and the database is backed up nightly in encrypted form.

7. Contact

Privacy questions and requests: contact@northmacedoniatours.com.