Legal
Privacy
Last updated 2026-06-12
We collect as little personal data as possible. This page describes what we collect, what we use it for, how long we keep it, and your rights.
What we collect
We collect the email address you provide when subscribing to our newsletter or asking for the research summary. We do not collect names, phone numbers, payment details, or government IDs. When you click an approved affiliate link, we may record an anonymous click event server-side - the property or partner category, the partner, the language, and a one-way hash of your user agent. We do not store raw IPs or raw user agents.
Cookies
We use a session cookie to keep your locale and theme choice across pages, and a one-per-property cookie to avoid re-showing the newsletter modal during a session. We do not use third-party tracking cookies. Vercel Analytics is cookieless and helps us measure traffic for partner applications. Signing in sets Clerk authentication cookies (strictly necessary). Your language, currency and theme choices live in cookies or your device local storage, as do saved stays, trips and recently-viewed lists. On a first visit we may read your country from the request to pick a default language - it is not stored.
Third parties
We link out to approved third-party travel partners for flights and trip extras such as eSIM data, transfers, activities, and insurance. Hotel partner access is pending. Each partner has its own privacy policy. When you click any affiliate link, you leave Safar. We pass attribution parameters so the partner can credit the referral; we do not pass your email or personal information. Sign-in is handled by Clerk; the site runs on Vercel with a Neon database. We use Vercel Analytics for cookieless traffic measurement. Ask Safar and AI itineraries send your request text - with emails, links and long numbers stripped first - to Anthropic to interpret it. Exchange rates are fetched with no personal data attached.
Retention
Newsletter emails are kept until you unsubscribe. Research-summary emails are deleted within 90 days of the synthesis report being published. Affiliate click events are aggregated weekly; raw rows are deleted after 13 months.
Children’s privacy
Safar is not directed at children, and we do not knowingly collect personal information from anyone under 13 (or a higher age where local law requires). If you believe a child has provided us personal information, email hello@staysafar.com and we will delete it.
Your rights
You can ask us to delete your data at any time by emailing hello@staysafar.com. We will confirm deletion within 30 days. Under GDPR, you also have rights of access, rectification, restriction, and portability. If you are a California resident, the CCPA/CPRA may give you the right to know, delete, and correct your personal information and to opt out of its sale or sharing - we do not sell or share your personal information. The same email reaches us for all of these.