Privacy Policy

Effective Date: May 1, 2026

1. Introduction

Unleesh, LLC (“Unleesh,” “we,” “us,” or “our”) operates a group travel and experience management platform (the “Platform”), including:

Mobile applications
Websites (including www.unleesh.com, app.unleesh.com, web.unleeshadmin.com, et al.)
Associated services, features, and content

This Privacy Policy explains how we collect, use, disclose, and protect Personal Information.

This Policy is designed to comply with:

GDPR (EU/UK)
CPRA/CCPA (California)
COPPA (U.S. children’s privacy law)

2. Roles: Controller vs. Processor

Unleesh operates in two roles:

2.1 When Unleesh is a Data Controller

We act as a controller when we:

Manage user accounts
Operate the Platform
Handle support, analytics, and marketing

2.2 When Unleesh is a Data Processor

We act as a processor when:

A Path Administrator (e.g., nonprofit, school, travel operator) controls the experience
We process data on their behalf

In these cases:

The Administrator is the Data Controller
Unleesh processes data under their instructions

3. Information We Collect

3.1 Information You Provide

Name, email, phone number
Username, password
Profile photo
Date of birth
Travel and registration details
Emergency contact information (if applicable)

3.2 User Content

Posts, photos, videos, audio
Messages and engagement in Paths
Metadata (timestamps, geolocation if enabled)

Content visibility depends on Path settings.

3.3 Payment Information (Stripe Integration)

We use Stripe, Inc. as our third-party payment processor.

When you make a payment:

Payment details (e.g., card number) are collected directly by Stripe
Unleesh does not store full payment card details

We may collect:

Transaction records
Billing name and email
Payment status
Partial payment identifiers (e.g., last 4 digits)

Stripe processes your data in accordance with:

PCI-DSS standards
Stripe’s Privacy Policy

3.4 Automatically Collected Information

Device type, OS, browser
IP address
Usage data and logs
Cookies and tracking data

3.5 Location Data

With consent, we may collect:

Precise geolocation
Location-linked content

4. How We Use Information

We use Personal Information to:

Provide and operate the Platform
Facilitate travel and group coordination
Process payments and transactions
Communicate with users and administrators
Improve services and user experience
Ensure safety and compliance

5. Legal Bases (GDPR)

For users in the EEA/UK:

Contract: Delivering Platform services
Legitimate Interests: Improving and securing services
Consent: Marketing, cookies, location tracking
Legal Obligation: Compliance with laws

6. Sharing of Information

We may share data with:

6.1 Path Administrators

Organizations managing a Path may access user data.

6.2 Other Users

Based on Path visibility settings (public/private).

6.3 Service Providers

Stripe (payments)
Cloud hosting providers
Analytics providers

6.4 Legal & Safety

Law enforcement or regulators
To protect rights, safety, or property

6.5 Business Transfers

Mergers, acquisitions, or asset sales

7. California Privacy Rights (CPRA/CCPA)

If you are a California resident, you have the right to:

7.1 Right to Know

Request:

Categories of personal information collected
Sources of data
Business purposes
Categories of third parties

7.2 Right to Delete

Request deletion of your personal information (subject to legal exceptions)

7.3 Right to Correct

Request correction of inaccurate data

7.4 Right to Opt-Out of Sale/Sharing

We do not sell personal information.
If this changes, we will provide a “Do Not Sell or Share” link.

7.5 Right to Non-Discrimination

You will not be penalized for exercising your rights.

7.6 Sensitive Personal Information

We only use sensitive data (e.g., location, health-related travel data if applicable) as necessary to provide services.

8. Data Processing Addendum (DPA) Overview

For enterprise clients and Path Administrators:

Unleesh commits to:

Processing data only on documented instructions
Ensuring confidentiality of personnel
Implementing appropriate technical and organizational security measures
Assisting controllers with:
- Data subject rights requests
- Breach notifications
- Compliance obligations
Entering into Standard Contractual Clauses (SCCs) where required

A formal DPA is available upon request for customers.

9. International Data Transfers

We may transfer data outside your country, including to the United States.

Safeguards include:

Standard Contractual Clauses (SCCs)
Contractual protections with vendors

10. Data Retention

We retain data only as long as necessary to:

Provide services
Fulfill contractual obligations
Comply with legal requirements

11. Your Rights (Global)

You may request to:

Access your data
Correct inaccurate data
Delete your data
Restrict or object to processing
Transfer your data
Withdraw consent

Contact: info@unleesh.com

12. Cookies and Tracking

We use cookies for:

Functionality
Analytics
Performance

You can control cookies via browser settings.

13. Security

We implement:

Encryption in transit
Access controls
Secure cloud infrastructure

However, no system is 100% secure.

14. Children’s Privacy (COPPA)

The Platform is not directed to children under 13
We do not knowingly collect data from children under 13 without parental consent

If discovered:

Data will be deleted or parental consent obtained

Parents may:

Access
Delete
Restrict use of their child’s data

Contact: info@unleesh.com

15. Third-Party Services

We are not responsible for third-party privacy practices (e.g., Stripe, external links).

16. Changes to This Policy

We may update this Policy periodically.
Continued use of the Platform indicates acceptance.

17. Contact Information

Unleesh, LLC
Attn: Privacy
110 16th Street, Suite 1300
Denver, CO 80202

Email: info@unleesh.com