Privacy Policy

Last updated: April 16, 2026

Who we are

Attune ("we," "us," or "our") is a travel design company specializing in bespoke experiences in Portugal. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website or engage our services.

For any privacy-related questions, you can reach us at:

Attune

[Your email address]

www.attunejourney.com

What information we collect

We collect information in two ways: directly from you, and automatically through your use of our website.

Information you provide directly, through our contact or inquiry form:

  • Full name

  • Email address

  • Travel dates and destination interests

  • Number of travelers and any relevant personal preferences (e.g. dietary needs, accessibility requirements)

  • Budget range

  • Any other information you choose to include in your message

Information collected automatically (current and future tools):

  • Basic technical data such as your IP address, browser type, device type, and pages visited — collected via website analytics tools (such as Google Analytics, which we may activate in the future).

  • Cookies and similar tracking technologies.

How we use your information

We use the information we collect to:

  • Respond to your inquiry and deliver the travel design services you requested.

  • Communicate with you about your project, including sending your itinerary and any follow-up messages.

  • Process payments and maintain records required for our business operations.

  • Request feedback from you.

  • Improve our website and services based on aggregated, anonymized usage data.

  • Comply with our legal obligations.

We do not use your personal information for automated decision-making or profiling.

Legal basis for processing (GDPR)

If you are located in the European Union or European Economic Area, we process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

  • Contract performance — processing necessary to deliver the service you have requested or purchased.

  • Legitimate interests — for example, to respond to inquiries and improve our service, where these interests are not overridden by your rights.

  • Legal obligation — where we are required by law to retain certain records.

  • Consent — for optional uses such as marketing communications or analytics cookies, where we will ask for your explicit consent.

How we share your information

We do not sell, rent, or trade your personal information. We may share it only in the following limited circumstances:

  • Service providers: We may share data with trusted third-party tools that help us operate (e.g. email providers, payment processors, document sharing platforms). These providers are contractually required to handle your data securely and only for the purposes we specify.

  • Analytics providers: If and when we activate website analytics tools (such as Google Analytics), aggregated and anonymized data may be shared with those providers. You will be informed and given the option to opt out.

  • Legal requirements: We may disclose your information if required to do so by law or in response to a valid legal request.

Cookies

Our website may use cookies — small text files stored on your device — to ensure basic functionality and, in the future, to help us understand how visitors use the site.

Types of cookies we may use:

  • Essential cookies: Required for the website to function (e.g. form submissions). These cannot be disabled.

  • Analytics cookies: Used to collect anonymized data about site usage (e.g. pages visited, time on site). We will request your consent before activating these.

You can control or delete cookies through your browser settings at any time. Note that disabling cookies may affect the functionality of certain parts of our website.

Data retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy:

  • Inquiry and project data is retained for up to 3 years after the completion of a project or last contact, to allow for follow-up and record-keeping.

  • Financial and transactional records may be retained for up to 10 years to comply with Portuguese tax and accounting regulations.

  • You may request deletion of your data at any time (see Your rights), subject to any legal retention obligations.

Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.

  • Correction: Ask us to correct inaccurate or incomplete data.

  • Deletion: Request that we delete your personal data ("right to be forgotten"), subject to legal retention requirements.

  • Restriction: Ask us to restrict how we process your data in certain circumstances.

  • Portability: Request your data in a structured, machine-readable format.

  • Objection: Object to processing based on legitimate interests.

  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [Your email address]. We will respond within 30 days. If you are located in the EU and believe your rights have not been respected, you have the right to lodge a complaint with the Portuguese data protection authority, the CNPD (Comissão Nacional de Proteção de Dados), at www.cnpd.pt.

International data transfers

As our clients are primarily based in the United States and our business operates in Portugal (EU), your personal data may be transferred between these jurisdictions. When transferring data from the EU to non-EU countries, we ensure appropriate safeguards are in place, such as using service providers that comply with EU standard contractual clauses or equivalent frameworks.

Data security

We take reasonable technical and organizational measures to protect your personal information from unauthorized access, loss, or misuse. These include using secure email, encrypted file sharing, and limiting access to your data to only those who need it to provide the service.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Children's privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will update the "last updated" date at the top of this page. For significant changes, we will notify you via email if we have your contact details.

Contact us

For any questions, requests, or concerns about this Privacy Policy or how we handle your data, please contact:

Attune

[Your email address]

www.attunejourney.com