Privacy Policy
Aterra Travel LLC – Privacy & Cookie Policy
Last revised: August 7, 2025
This policy explains how Aterra Travel LLC (“Aterra,” “we,” or “us”) collects, uses, shares, and protects your personal information when you use our website and services. We abide by U.S. laws (CAN-SPAM, CCPA/CPRA) and international frameworks (GDPR/UK-GDPR, Australia’s APPs, Canada’s PIPEDA).
Policy at a Glance
Data Collection: Forms, bookings, messaging apps, cookies
Use of Data: Trip planning, support, analytics, opt-in marketing
Shared With: Squarespace, Stripe, Sift, ConvertKit/MailerLite/Brevo, Google, Meta, Airtable, Tally/Typeform, etc.
Retention: Up to 7 years (legal/compliance needs)
Your Rights: Access, correct, delete, restrict, portability, object, unsubscribe
1. Interpretation & Definitions
Account: Unique sign-in to access our Service
Affiliate: Entity controlling/controlled by Aterra (≥50% ownership)
Business: Under CCPA/CPRA, Aterra as the data-collecting entity for California residents
CCPA/CPRA: California privacy laws (2018/2020)
Controller: Under GDPR/UK-GDPR, Aterra decides “why” and “how” personal data is processed
Cookies: Small files stored on your device to remember preferences and track usage
DNT (Do Not Track): Browser signal you prefer not to be tracked
Device: Any computer, phone, or tablet accessing our Service
GDPR/UK-GDPR: EU/UK General Data Protection Regulations
Personal Data: Any information relating to an identifiable individual
Service Providers: Third parties (e.g., Squarespace, Stripe, Google Workspace) processing data for us
Third-Party Social Media Service: Platforms for login/sharing (Google, Facebook, Instagram, Twitter, LinkedIn, Pinterest, TikTok, YouTube)
Usage Data: Automatically collected info (page visits, clicks, IP, device type)
2. Scope
Applies to all data collected via our website, messaging (WhatsApp, Instagram, Facebook), forms, phone, email, and third-party integrations. This policy is published in English. If you require assistance in another language, please contact us at info@aterratravel.com.
3. Information We Collect
You Provide: Name, email, phone, address, travel preferences, passport, DOB, payment details
Automatically: IP address, browser type/version, pages visited, time on site, device IDs, cookies
From Social Logins: Name, email, contacts, profile picture
4. Why & How We Use Your Data
Trip Planning & Bookings: Prepare itineraries, reserve flights/hotels
Payments: Secure transactions via Stripe; fraud checks via Sift
Support & Communication: Respond via email, phone, WhatsApp, Instagram
Marketing (Opt-In): Newsletters & promotions through ConvertKit/MailerLite/Brevo (CAN-SPAM compliant)
Analytics & Improvement: Google Analytics 4, Looker Studio, Squarespace metrics
We may aggregate or anonymize certain usage data for analytics or service improvement. Once anonymized, this data no longer identifies you and is not subject to this policy.
By submitting your information via our forms, you consent to our use of your data in line with this Privacy Policy, including for trip planning and optional marketing communications, if opted in.
5. Disclosure to Third Parties
We only share data when needed to deliver services:
Airlines, Hotels, Tour Operators (trip fulfillment)
Stripe & Sift (payments, fraud prevention)
Squarespace, Google Cloud (hosting, storage)
ConvertKit/MailerLite/Brevo, Meta, Google (analytics, marketing)
Airtable, Google Sheets, Tally/Typeform (CRM, intake forms)
6. Data Storage & Retention
Stored on secure servers (Squarespace, Google Cloud)
Retained up to 7 years for accounting, disputes, legal compliance
7. Your Privacy Rights
7.1 General
You have the right to:
Access your data
Rectify inaccuracies
Erase when no longer needed
Restrict processing
Port your data
Object to profiling or marketing
Withdraw consent
7.2 GDPR / UK-GDPR (EU/UK Residents)
Legal Basis for Processing Personal Data
We may process Personal Data under the following lawful bases, as defined by GDPR and UK-GDPR:
Consent – You have given clear consent for a specific purpose
Performance of a contract – Processing is necessary to fulfill your booking
Legal obligation – Compliance with legal requirements (e.g., accounting, fraud prevention)
Vital interests – To protect your health or safety in urgent situations
Public interest – For legal or official authority purposes
Legitimate interests – For business purposes that do not override your rights
Your Rights Under GDPR / UK-GDPR
As a resident of the EU or UK, you have the right to:
Access, update, or delete your personal data
Correct inaccurate or outdated information
Object to processing, especially for direct marketing
Restrict processing (e.g., if accuracy is contested or processing is unlawful)
Request erasure when data is no longer necessary
Request data transfer (portability)
Withdraw consent at any time
Lodge a complaint with your local data protection authority
We may request identity verification before fulfilling any data subject rights. We aim to respond to all valid requests within 30 days. If you are dissatisfied with our response, you may escalate the issue to your local supervisory authority. A full list of EU data authorities is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en
Special Category Data
We only process special category data (such as dietary restrictions or accessibility needs) when necessary to provide your travel services, and only with your explicit consent, in accordance with Article 9 of GDPR.
International Data Transfers
If we transfer your personal data outside the EU or UK (e.g., to the United States), we ensure appropriate safeguards are in place, such as:
Standard Contractual Clauses (SCCs)
Adequacy decisions by the European Commission or UK authorities
See Section 28 – International Transfers & Compliance for more details.
Cookie Consent
We aim to honor cookie preferences in accordance with GDPR/UK-GDPR. However, our current platform (Squarespace) does not automatically log anonymized cookie consent. We are evaluating enhanced solutions (e.g., CookieYes) to meet these requirements.
In the meantime, you can manage cookies via your browser settings or contact us for support.
Data Controller
For the purposes of GDPR and UK-GDPR, the data controller is:
Aterra Travel LLC
12 Woodcroft Place
Short Hills, NJ 07078, USA
info@aterratravel.com
To exercise your rights or submit a privacy request, please contact us at info@aterratravel.com.
Legal Basis for Processing Your Data (GDPR/UK-GDPR)
Under GDPR and UK-GDPR, we are required to explain the lawful basis for processing your personal data. Below is a summary of the types of data we collect, their purpose, and the legal basis under which we process them:
Name, email
– Purpose: Booking and communication
– Legal basis: Contract / ConsentTravel preferences
– Purpose: Trip design and personalization
– Legal basis: ConsentPayment information
– Purpose: Billing and fraud prevention
– Legal basis: Legal obligation / Legitimate interest
7.3 CCPA/CPRA (California Residents)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to:
Know what categories and specific pieces of personal information we collect, use, and disclose
Delete your personal information (subject to certain legal exceptions)
Correct inaccurate personal information
Limit the use of sensitive personal information (if applicable)
Opt out of the sale or sharing of your personal information (Note: Aterra Travel does not sell your personal information)
Receive equal service and pricing, even if you exercise your privacy rights
You may exercise these rights by contacting us at info@aterratravel.com with the subject line “California Privacy Request.” We will verify your identity before processing any request.
Aterra Travel LLC does not sell your personal information to third parties.
7.4 Minors & “Shine the Light” (California)
Under-18 users can request removal of posted content. Annual disclosure of third-party marketing shares. Contact: info@aterratravel.com.
7.5 Social Media Pages (Joint Controllers – GDPR)
We operate official social media pages for Aterra Travel on:
When you interact with our social media pages—by liking, commenting, messaging, or simply viewing content—personal data may be collected via cookies, pixels, or analytics tools.
Facebook & Instagram Insights (Joint Controllers)
As operators of a Facebook Page and Instagram Business Profile, we use Meta’s Insights tools to access aggregated data about our followers and page engagement. This includes reach, impressions, city-level location, gender, and age trends.
Meta places cookies and tracking pixels on users’ devices for this purpose. Under the GDPR, Meta Platforms Ireland Ltd. and Aterra Travel LLC are considered joint controllers of this data.
For more info, visit:
TikTok & Pinterest
TikTok and Pinterest may also collect data when you interact with our pages or are retargeted via ads. These platforms act as independent controllers under GDPR.
Learn more at:
7.6 Additional CCPA Disclosures
A. Identifiers – Name, alias, email, IP — Collected
B. Customer Records – Name, address, payment data — Collected
C. Protected Classification – Race, gender, disability — Not Collected
D. Commercial Info – Purchase history — Not Collected
E. Biometric Info – Fingerprints, face data — Not Collected
F. Internet Activity – IP, cookies, usage — Collected
G. Geolocation – GPS — Not Collected
H. Sensory – Audio/visual data — Not Collected
I. Employment Info – Job history — Not Collected
J. Education – Transcripts, grades — Not Collected
K. Inferences – Profile behavior — Not Collected
L. Sensitive Info – Login, ID numbers — Collected
7.7 Do Not Sell or Share My Personal Info
We do not “sell” your data for money, but analytics/advertising tools may count as sharing. Opt out via cookie banner, browser settings, or these platforms:
We do not sell the personal information of users we know are under 16. If you are between 13–16 years old, or a parent of someone under 13, you may request opt-in or opt-out rights under the CCPA/CPRA by contacting us.
7.8 Limit Use of Sensitive Personal Information (California)
If you are a California resident, you have the right to limit the use and disclosure of your sensitive personal information to what is necessary to perform the services or provide the goods reasonably expected by an average consumer requesting such services.
We collect, use, and disclose sensitive personal information only where essential to deliver your travel experience — such as identity verification, passport processing, dietary or accessibility needs, and secure payment.
For more information or to exercise your rights, please contact us at info@aterratravel.com.
7.9 Exercising CCPA Rights
To request access, correction, deletion, or limitation:
Email: info@aterratravel.com
Mail: Aterra Travel LLC, 12 Woodcroft Place, Short Hills, NJ 07078
Phone: +1 646-222-6365
We will verify identity and respond within 45 days. Upon receiving a verifiable request under the CCPA/CPRA, we will respond within 45 days. We may extend this deadline once by an additional 45 days with notice. Data will be provided in a machine-readable format for portability requests.
7.10 International Users Outside EU/US
Aterra aims to comply with applicable international frameworks, including Australia’s APPs and Canada’s PIPEDA. If you’re a resident of another jurisdiction, you may have additional privacy rights under your local laws. Contact info@aterratravel.com for assistance.
8. Website Visitor Data & Hosting
Squarespace collects browser, device, network info, page views, and IPs to run and improve its platform. Where legally required, we will provide your personal data in a portable, machine-readable format (such as .csv).
9. Cookies & Tracking Technologies
9.1 Our Cookie Banner
You can:
Accept All (all categories)
Decline All (block non-essential)
Manage Cookies (toggle Analytics/Marketing)
Change decisions any time via the Manage Cookies link in the footer.
We use Squarespace’s built-in cookie banner to inform users about cookies and allow basic acceptance or rejection.
The banner remembers your preference using a local cookie stored on your device. However, we do not currently maintain anonymized or auditable logs of user cookie consent.
If you're located in a jurisdiction requiring consent logging (such as the EU or UK), and would like to confirm your settings or submit a privacy request, please contact us at info@aterratravel.com.
9.2 Specific Cookies We Use
crumb – CSRF protection
Category: Essential | Duration: Session | Provider: Squarespace
ss_cookieAllowed – Banner choice remembered
Category: Essential | Duration: 30 days | Provider: Squarespacess_cid, ss_cvr, ss_cpvisit, ss_cvisit – Visitor metrics
Category: Analytics | Duration: 30 min–2 yrs | Provider: Squarespace_ga, _gid, gat* – Google Analytics 4 tracking
Category: Analytics | Duration: 1 min–2 yrs | Provider: Google__stripe_mid, __stripe_sid – Stripe payment session
Category: Essential | Duration: Session / 1 day | Provider: Stripe_fbp – Facebook Pixel tracking
Category: Marketing | Duration: 3 months | Provider: Metagcl_au – Google Ads conversion tracking
Category: Marketing | Duration: 3 months | Provider: Googleckns_privacy, ckns_policy – ConvertKit consent flags
Category: Functional | Duration: 30 days–1 year | Provider: ConvertKitaisession_* – Airtable session & CSRF protection
Category: Essential | Duration: Session | Provider: Airtable__cf_bm – Cloudflare bot management
Category: Security | Duration: 30 min | Provider: CloudflareTally.js_, tf_ – Tally.so/Typeform form sessions
Category: Functional | Duration: Session / 1 yr | Provider: Tally/Typeformss_performancecookiesAllowed – Performance cookie consent
Category: Essential | Duration: 30 days | Provider: Squarespacess_marketingcookiesAllowed – Marketing cookie consent
Category: Essential | Duration: 30 days | Provider: Squarespace_acloggedin – Acuity Scheduling login support
Category: Essential | Duration: Session | Provider: SquarespaceACUITY_CART – Stores cart state for Acuity Scheduling
Category: Essential | Duration: Persistent | Provider: Squarespace_dd_cookie_test, _dd_site_test – Tests cookie support
Category: Essential | Duration: Session | Provider: Squarespace_dd_s – Tracks browser errors
Category: Essential | Duration: 4 hours | Provider: Squarespace_grecaptcha – Reduces spam in Acuity Scheduling
Category: Essential | Duration: Persistent | Provider: Squarespace_ssid – Anti-fraud device identifier
Category: Essential | Duration: 4 years | Provider: SquarespaceCART, hasCart – Session cart data & indicator
Category: Essential | Duration: 2 weeks | Provider: SquarespaceCHECKOUT_WEBSITE – Checkout site identifier
Category: Essential | Duration: Session | Provider: Squarespaceclient_username – Remembers Acuity client username
Category: Essential | Duration: 1 year | Provider: SquarespaceclientUser – Stores Acuity OAuth tokens
Category: Essential | Duration: 30 days | Provider: SquarespaceCommerce-checkout-state – PayPal checkout state
Category: Essential | Duration: Session | Provider: SquarespaceLocked – Password-protected screen control
Category: Essential | Duration: Session | Provider: SquarespaceorderStatusSessionToken – Order status authentication
Category: Essential | Duration: 1 year | Provider: SquarespacePHPSESSID – Acuity Scheduling auth session
Category: Essential | Duration: 1 month | Provider: SquarespaceRecentRedirect – Redirect loop prevention
Category: Essential | Duration: 30 min | Provider: Squarespaceremember_client – Remembers Acuity client login
Category: Essential | Duration: 365 days | Provider: SquarespacesiteUserCrumb – CSRF protection for logged-in users
Category: Essential | Duration: 3 years | Provider: SquarespaceSiteUserInfo – Identifies logged-in customer account
Category: Essential | Duration: 3 years | Provider: SquarespaceSiteUserSecureAuthToken – Auth token for logged-in user
Category: Essential | Duration: 3 years | Provider: Squarespacesquarespace-announcement-bar – Announcement bar dismissal
Category: Functional | Duration: Persistent | Provider: Squarespacesquarespace-likes – Blog post likes memory
Category: Functional | Duration: Persistent | Provider: Squarespacesquarespace-popup-overlay – Popup overlay dismissal
Category: Functional | Duration: Persistent | Provider: Squarespacesquarespace-video-player-options – Video player preferences
Category: Functional | Duration: Persistent | Provider: Squarespacess_sd – Squarespace 5 session authentication
Category: Essential | Duration: Session | Provider: SquarespaceTest – Browser support testing
Category: Essential | Duration: Session | Provider: SquarespaceTZ – Time zone preference for Acuity Scheduling
Category: Functional | Duration: Persistent | Provider: Squarespaceelfsight_viewed_recently – Tracks recently viewed widgets for UX
Category: Functional | Duration: 1 year | Provider: Elfsightelfsight_device_id – Device identifier for widget performance
Category: Functional | Duration: 1 year | Provider: Elfsight
(Note: Not used for behavioral tracking or marketing)
For a truly exhaustive list of every platform- and third-party cookie, see Squarespace’s Cookie Policy.
10. Integrated Third-Party Services
10.1 We use—and share data with—the following under their own privacy policies:
Squarespace: Hosting, forms, Acuity Scheduling
Stripe: Invoiced payments
Sift: Fraud detection
ConvertKit / MailerLite / Brevo: Email marketing
Google Search Console, Analytics 4, Looker Studio: Site analytics
Meta Business Suite & Pixel, Instagram Insights, Pinterest Tag: Social ads/tracking
Facebook Messenger, TikTok Pixel: Chat & marketing
YouTube, Vimeo: Embedded video
Airtable, Google Sheets: Referral CRM
Tally.so, Typeform: Intake forms
Linktree (or custom): Landing pages
Google Maps, Google/Adobe Fonts: Embeds & typography
10.2 We work with the following advertising partners to deliver interest-based ads and remarketing across the web. You can opt-out at any time using the links below or your browser or device settings.
10.2.1 Google Ads (AdWords)
Google Ads remarketing service is provided by Google Inc.
Opt-out of Google Analytics for Display Advertising and customize your Google Display Network ads via the Google Ads Settings page: http://www.google.com/settings/ads
Browser add-on: install the Google Analytics Opt-out Browser Add-on to prevent your data from being collected and used by Google Analytics: https://tools.google.com/dlpage/gaoptout
For full details on Google’s privacy practices, see: https://policies.google.com/privacy
10.2.2 Facebook
Facebook remarketing service is provided by Facebook Inc.
Learn more about interest-based advertising and your choices: https://www.facebook.com/help/516147308587266
Opt-out of Facebook’s interest-based ads: https://www.facebook.com/help/568137493302217
Facebook adheres to the Digital Advertising Alliance’s Self-Regulatory Principles. You can also opt-out of Facebook and other participating companies via:
USA: http://www.aboutads.info/choices/
Canada: http://youradchoices.ca/
Europe: http://www.youronlinechoices.eu/
For Facebook’s full Data Policy, see: https://www.facebook.com/privacy/explanation
11. Telephone Tracking & SMS Terms
Call Tracking: Dynamic numbers link calls to campaigns; recordings/transcripts used for training and analytics.
SMS: Opt-in by providing your number; frequency varies; standard carrier rates apply.
Opt-Out: Reply “STOP” → confirmation → no more messages
Help: Reply “HELP” or email info@aterratravel.com
12. Behavioral Remarketing
We re-engage past visitors via platforms like Google Ads, Meta Custom Audiences, AdRoll, etc. These partners use cookies and device-level signals (fingerprinting, SDKs) to understand your site behavior and serve tailored ads—even if you block cookies. To opt out of interest-based ads, visit:
DAA (US): http://optout.aboutads.info/?c=2&lang=EN
13. Behavioral Email Marketing
We may rotate among ConvertKit, MailerLite, or Brevo for newsletters and promos. All marketing emails include an unsubscribe link and our postal address (12 Woodcroft Place, Short Hills, NJ 07078) per CAN-SPAM.
14. Mobile Device Privacy Choices
Android: Settings → Google → Ads → Opt out of Ads Personalization
iOS: Settings → Privacy → Tracking → Disable “Allow Apps to Request to Track” or Settings → Privacy → Apple Advertising → Limit Ad Tracking
Location: Turn off location permissions for browsers or map apps in device Settings.
15. Limit Use of Sensitive Personal Information (California)
California residents may request that we limit our use and disclosure of sensitive personal information to what’s strictly necessary for core travel services (e.g., identity verification, dietary/accessibility needs).
To submit a request, email info@aterratravel.com. See Section 7.8 for full details.
16. “Do Not Track” Signals
Our Service does not respond to “Do Not Track” browser signals, as there is no consistent industry standard for interpreting them.
Under CalOPPA (California Online Privacy Protection Act), we disclose that our Service does not currently respond to browser-initiated “Do Not Track” signals, as there is no universal standard for doing so.
You may still limit tracking by adjusting your browser settings or using privacy extensions. For more information about your privacy options, visit www.allaboutdnt.com.
However, some third-party websites you visit from our site may track your browsing behavior. You can typically manage your DNT preferences in your browser settings:
Chrome: Settings → Privacy and Security → Cookies and other site data
Safari: Preferences → Privacy
Firefox: Settings → Privacy & Security
We encourage users concerned with tracking to also install privacy-focused browser extensions.
17. California “Shine the Light” Law
Under Cal. Civ. Code § 1798, California residents can request once per year a list of third parties with whom we shared data for their direct marketing. Submit requests to:
Email: info@aterratravel.com
Mail: Aterra Travel LLC, 12 Woodcroft Place, Short Hills, NJ, USA 07078
18. California Minor Privacy Rights
Under Cal. Bus. & Prof. Code § 22581, Californians under 18 can ask us to remove their publicly posted content. To request deletion, email info@aterratravel.com and include the email tied to your account.
19. China (PIPL) Compliance & Chinese Residents
If you are a resident of the People’s Republic of China (PRC) and access our services from within mainland China, this section explains your rights under the Personal Information Protection Law (PIPL) and how Aterra Travel LLC (“Aterra”) complies with it.
19.1 Personal Information We Collect
We may collect the following categories of personal information from users in China:
Name, email, phone number
Passport or ID number
Travel preferences, booking details
Messaging history via WeChat or other platforms
Device data (IP address, browser type, cookies)
19.2 Purpose of Collection
We collect and process this data to:
Provide travel consultation and booking services
Communicate via WeChat, email, or other channels
Secure payment and prevent fraud
Comply with legal obligations
Offer marketing communications (only with your consent)
19.3 Legal Basis & Consent
We rely on your informed, voluntary, and separate consent as the legal basis for processing your personal information in China. You will be notified of the scope and purpose of collection before your data is processed, and your explicit consent is required, especially for:
Marketing communications
Use of sensitive personal information (e.g., passport data)
Cross-border data transfers
19.4 Cross-Border Data Transfers
We may transfer your personal information to the United States or other countries where our servers and service providers (e.g., Stripe, Squarespace) are located.
These transfers are performed for the sole purpose of providing our services to you. Before such transfer, we will:
Inform you of the recipient’s identity, contact information, processing purpose, and security measures
Obtain your separate and express consent
Take reasonable steps to ensure the overseas recipient provides the same level of data protection
19.5 Your Rights Under PIPL
As a data subject in China, you have the right to:
Access your personal data
Correct or delete personal data
Withdraw consent at any time
Request an explanation of data processing rules
Restrict or object to certain processing
Request data portability (where applicable)
To exercise these rights, please email info@aterratravel.com with the subject line “PIPL Data Request – China” and include sufficient details for verification.
19.6 Use of WeChat
We may interact with you via WeChat to provide trip planning support or share updates. When you follow our WeChat Official Account or scan our QR code, we may collect your WeChat ID and contact preferences. We will only use this information for direct communication or service fulfillment, in line with your consent.
20. WhatsApp Button (Elfsight Widget)
We use a third-party widget provided by Elfsight to display a WhatsApp contact button on our website. This tool allows you to easily initiate a chat with our team via WhatsApp.
By interacting with this widget, certain data such as your IP address, device type, and usage activity may be shared with Elfsight and WhatsApp. Elfsight may also place functional cookies (e.g. elfsight_viewed_recently, elfsight_device_id) to support widget performance. These cookies are not used for advertising or profiling purposes.
We consider this feature a necessary communication tool for client support and do not use it for marketing tracking. For more information, please refer to Elfsight’s Privacy Policy.
We use Elfsight to display a WhatsApp contact widget, enabling real-time communication with our team. This is categorized as a Functional cookie necessary for user-initiated communication necessary for the service to operate. These cookies do not collect personally identifiable tracking data.
21. Disclosure of Your Personal Data
We may disclose data to:
Business Transactions: Merger, acquisition, asset sale (with notice)
Law Enforcement: Comply with legal requests or public authorities
Legal Obligations:
Comply with laws/regulations
Protect Aterra’s rights/property
Prevent/investigate fraud or abuse
Ensure safety of users/public
Defend against claims
22. Data Breach Notification
We maintain industry‑standard security measures to protect your personal data. In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
Notify affected individuals without undue delay and, where required by law, within 72 hours of discovering the breach.
Notify the appropriate supervisory authority (e.g., EU Data Protection Authority, state attorney general) in accordance with applicable legal timelines.
23. Data Protection Officer (DPO)
To help ensure compliance with GDPR, UK‑GDPR, and other privacy laws, we have appointed a Data Protection Officer (DPO). For any inquiries about this policy or to exercise your data‑protection rights, contact:
Name: Amanda Kam, Data Protection Officer
Email: info@aterratravel.com
24. Children’s Privacy (COPPA)
We do not knowingly collect or maintain personal information from children under 13 years of age. If you believe we have inadvertently collected data from a child under 13, please contact us at info@aterratravel.com so we can delete their information immediately. Parental requests for access, correction, or deletion of a minor’s data will be honored.
25. Automated Decision‑Making & Profiling
We do not use fully automated decision‑making processes (including profiling) that have a legal or similarly significant effect on you. If we introduce such technologies in the future, we will notify you and explain the underlying logic, intended impact, and your rights to contest the decision.
While we may use analytics or automation to improve our services, we do not rely on fully automated decision-making that produces legal or similarly significant effects on you.
26. Third‑Party Privacy Policy Links
When we share your data with service providers, they each operate under their own privacy policies. You can review them here:
Squarespace: https://www.squarespace.com/privacy
Stripe: https://stripe.com/privacy
ConvertKit: https://convertkit.com/privacy
MailerLite: https://www.mailerlite.com/privacy-policy
Meta (Facebook & Instagram): https://www.facebook.com/privacy/explanation
Airtable: https://airtable.com/privacy
Tally: https://tally.so/privacy
Elfsight: https://elfsight.com/privacy-policy/
27. Security of Your Personal Data
While no system is 100% secure, we use industry-standard safeguards (encryption, access controls) to protect your data. We use HTTPS to secure all data in transit and rely on our third-party providers’ built-in encryption and security practices to protect data at rest.
28. International Transfers & Compliance
Our vendors (Squarespace, Stripe, etc.) adhere to the EU-US & Swiss-US Data Privacy Frameworks and UK-EU adequacy decisions.
The EU‑US Privacy Shield and Swiss‑US Privacy Shield frameworks were invalidated in 2020. We now rely on the EU‑US Data Privacy Framework and Swiss‑US Data Privacy Framework, as endorsed by the U.S. Department of Commerce, to govern transfers of personal data from the EU and Switzerland to our U.S.‑based processors.
Where we transfer Personal Data outside the European Economic Area (EEA) or United Kingdom, and no adequacy decision applies, we rely on the European Commission’s Standard Contractual Clauses (Module II) as approved by Commission Implementing Decision (EU) 2021/914, which have been incorporated into our agreements with processors such as Stripe, Squarespace, and Google Cloud. Copies of these SCCs are available upon request by contacting info@aterratravel.com.
29. SMS Privacy Policy
Aterra Travel LLC may disclose Personal Data and other information as follows: Third Parties that Help Provide the Messaging Service: We will not share your opt-in to an SMS short code campaign with a third party for purposes unrelated to supporting you in connection with that campaign. We may share your Personal Data with third parties that help us provide the messaging service, including, but not limited to, platform providers, phone companies, and other vendors who assist us in the delivery of text messages.
Additional Disclosures: Affiliates: We may disclose the Personal Data to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your Personal Data will be subject to this Policy. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
30. Other jurisdictions’ privacy laws
If you are a resident of a U.S. state with applicable privacy laws (e.g., Colorado, Virginia, Connecticut, Utah, Oregon), you may have rights similar to those described above under the CCPA/CPRA. Please contact info@aterratravel.com to exercise your rights.
For residents of Brazil, Aterra Travel LLC complies with the Lei Geral de Proteção de Dados (LGPD). You may have rights to access, correct, delete, or object to the processing of your personal data. Please contact info@aterratravel.com to exercise your rights.
If you are a resident of Japan, your rights under the Act on the Protection of Personal Information (APPI) include the right to access, correct, or delete your personal data. Contact info@aterratravel.com for any privacy-related requests.
For users in South Korea, Aterra complies with PIPA requirements and will obtain your consent before transferring data cross-border. Please contact us to request our security protocols for international transfers.
31. Complaints
Supervisory Authorities
If you are an EU or UK resident, you may lodge a complaint with your local data protection authority. The primary authorities are:
European Union
European Data Protection Supervisor (EDPS)
https://www.edps.europa.eu/data-protection/our-role-supervisor/complaints_en
United Kingdom
Information Commissioner’s Office (ICO)
Canadian and Australian Privacy Commissioners
If you are resident in Canada or Australia, you may also lodge a complaint with your national privacy regulator:
Canada
Office of the Privacy Commissioner of Canada (OPC)
https://www.priv.gc.ca/en/report-a-concern/
Australia
Office of the Australian Information Commissioner (OAIC)
https://www.oaic.gov.au/privacy/privacy-complaints/
United States
If you are a resident of the United States and believe your privacy rights have been violated, you may:
Contact your State Attorney General’s office (especially for California, Virginia, Colorado, Connecticut, Utah, Oregon, and other states with active privacy laws)
Lodge a complaint with the Federal Trade Commission (FTC) regarding unfair or deceptive data practices
Your State Attorney General
Privacy laws, consumer rights
usa.gov/state-attorney-general
Federal Trade Commission (FTC)
Federal privacy and advertising practices
reportfraud.ftc.gov
You may also contact Aterra Travel LLC directly at info@aterratravel.com and we will respond within the timelines required by U.S. law.
Other International Jurisdictions
If you reside in a country with a dedicated data protection authority not listed above—such as:
China (PIPL): Cyberspace Administration of China (CAC)
Brazil (LGPD): Autoridade Nacional de Proteção de Dados (ANPD)
Japan (APPI): Personal Information Protection Commission (PPC)
South Korea (PIPA): Personal Information Protection Commissio
—please refer to your local regulator’s complaint procedures, or contact us directly at info@aterratravel.com for assistance in escalating your concern.
32. Changes to This Policy
We may update this policy as our services evolve. Changes take effect upon posting here; we’ll update the “Last revised” date accordingly.
33. Accessibility Statement
Aterra Travel LLC is committed to ensuring digital accessibility for all users, including those with disabilities. We strive to continually improve the user experience for everyone and apply relevant accessibility standards, including the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA where feasible.
If you experience any difficulty accessing any part of our website or services, please contact us at info@aterratravel.com or call us at +1 646-222-6365 and we will do our best to accommodate your needs or provide the information in an alternative format.
Our Data Protection Officer, Amanda Kam, oversees accessibility efforts. Contact: info@aterratravel.com.
While we aim to make all aspects of our site accessible, third-party platforms (e.g. embedded maps, forms, or booking tools) may not fully meet the same standards.
This statement was last reviewed on August 7, 2025.
34. Contact Us
Aterra Travel LLC
12 Woodcroft Place, Short Hills, NJ 07078
Email: info@aterratravel.com
Phone: +1 646-222-6365
35. This Privacy Policy was last updated on August 7, 2025. Aterra Travel LLC may update this policy from time to time. Please check this page periodically for updates.