SPONTIGO

Last updated: 2026-04-30

Spontigo, Inc. (“Spontigo,” “we,” “us,” “our”) operates a pre-arrival experiences platform that helps guests of partner hotels, short-term rentals, and other lodging operators discover and book tours, activities, and other travel-related products before arrival. This Privacy Policy describes how we collect, use, share, and protect personal information when you visit www.spontigo.com (the “Site”), use our services (the “Services”), or otherwise interact with us.

The short version. We collect personal information to operate the Spontigo platform, fulfill experience bookings, communicate with guests, and improve the Services. We do not sell your personal information for money, and we do not share it for cross-context behavioral advertising. We share information with the providers of experiences you book (so they can deliver them to you), with the lodging operator whose property you are staying at when applicable, with our service providers, and as required by law. You have rights over your personal information, including the right to access, correct, delete, and opt out of certain processing. To exercise your rights, email privacy@spontigo.com or use the request methods described in Section 10.

1. Scope and Who We Are

This Privacy Policy applies to personal information collected through the Site, the Services, our pre-arrival emails and text messages, our personalized booking landing pages, and any other interaction with Spontigo unless a different notice is provided at the point of collection.

Spontigo operates as both a direct service to guests and as a behind-the-scenes platform embedded with lodging operators. When you receive a pre-arrival email or text from a lodging operator that uses Spontigo, that communication is sent by Spontigo on the lodging operator’s behalf using a whitelabeled address. Your information is processed under this Privacy Policy.

Spontigo is the “controller” (or “business” under California law) of the personal information described in this Privacy Policy, except where we act as a service provider or processor on behalf of a lodging operator (in which case the lodging operator’s privacy policy may also apply to its handling of your information).

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide when you book an experience, contact us, sign up for an account, or otherwise interact with the Services. This includes:

Identifiers: name, email address, phone number, postal address, and account credentials (if you create an account);
Booking information: the experiences you browse and book, the dates and number of guests, special requests, dietary restrictions, accessibility needs, and any disclosures you make about medical or fitness conditions relevant to a booked experience;
Payment information: credit or debit card number, expiration date, security code, billing zip code, and other payment details. Payment information is processed by our payment processor (Stripe) and is not stored on Spontigo’s servers in full;
Communications: messages you send to us, reviews and feedback you submit, and survey responses;
Other information you choose to provide.

2.2 Information from Lodging Partners

If you are staying at a property that participates in the Spontigo platform, the lodging operator may provide us with your reservation details so that we can send you pre-arrival communications about experiences. This information typically includes your name, email address, phone number, and arrival and departure dates. We use this information solely to operate the Services for that property, in accordance with our agreement with the lodging operator and this Privacy Policy.

2.3 Information from Suppliers

Tour operators and activity providers (“Suppliers”) may share information with us about your booking, including confirmation details, modifications, and information needed to deliver the experience.

2.4 Information Collected Automatically

When you visit the Site or interact with our communications, we and our service providers automatically collect certain information about your device and your interactions, including:

Device and connection information: IP address, device type, operating system, browser type and language, mobile network information, and approximate location derived from IP address;
Usage information: pages viewed, links clicked, time and duration of visits, referring and exit URLs, search terms entered on the Site, and similar interaction data;
Email and SMS engagement: whether you open our emails, click links in them, or otherwise engage with our communications, where permitted by law.

We collect this information using cookies, pixels, software development kits, and similar technologies. See Section 8 (Cookies and Tracking Technologies) for more detail.

2.5 Information from Third Parties

We may receive information about you from third parties, including analytics providers, fraud prevention services, and authentication providers. We may combine this information with other information we collect.

2.6 Sensitive Personal Information

We do not intentionally collect sensitive personal information (as defined under applicable law, such as government identification numbers, financial account credentials, precise geolocation, racial or ethnic origin, religious beliefs, or biometric data) unless you provide it voluntarily in connection with a booking (for example, a medical condition relevant to a specific experience). Where we do collect such information, we use it only for the purpose for which it was provided.

3. How We Use Information

We use personal information for the following purposes:

To provide and operate the Services, including processing bookings, communicating booking confirmations and changes, providing customer support, and facilitating payments;
To send pre-arrival and stay-related communications on behalf of lodging operators, including personalized landing pages, recommendations, and reminders;
To respond to your inquiries and requests;
To send transactional and, where permitted, marketing communications about experiences, promotions, and platform updates;
To personalize the experience and recommend relevant Products;
To detect, prevent, and address fraud, abuse, security incidents, and other harmful or illegal activity;
To comply with legal obligations, enforce our terms, and protect our rights, the rights of our users, and the rights of third parties;
To improve, test, and develop the Services, including through analytics and aggregated reporting;
For purposes you specifically consent to or that are otherwise permitted by law.

4. Automated Processing and Artificial Intelligence

Spontigo uses artificial intelligence, including large language models and other automated systems, throughout the Services. AI is integral to how Spontigo operates, and the role of AI is expected to expand over time as the Services evolve. By using the Services, you acknowledge and consent to the processing of your personal information by AI systems for the purposes described in this Privacy Policy.

4.1 How AI May Be Used

AI may be used across the guest, lodging, and supplier workflows, including (without limitation) to:

Classify, route, prioritize, and analyze inbound communications;
Generate, draft, and send communications to guests, lodging partners, and suppliers, including pre-arrival outreach, recommendations, follow-ups, and responses to inquiries;
Generate, modify, and personalize itinerary and Product recommendations;
Take actions in connection with bookings on behalf of users, including creating, modifying, confirming, or cancelling bookings; processing related communications; and coordinating with suppliers and lodging partners, in each case where authorized;
Detect and respond to fraud, abuse, security risks, and unusual activity;
Operate, monitor, and improve the Services, including through analytics, summarization, and quality assurance;
Generate internal reporting, business insights, and operational tooling for Spontigo and its partners.

The specific AI systems and the scope of their tasks may change over time without further notice, provided that the categories of processing remain consistent with this Privacy Policy.

4.2 Human Review for Material Decisions

For decisions that materially affect your booking or charges, including refunds, cancellations of confirmed bookings on Spontigo’s initiative, declination of service, or changes that result in a financial impact to you, a human reviews or is available to review the decision before it becomes final. You may request human review of any AI-driven decision affecting you by contacting privacy@spontigo.com. We will respond within a reasonable period and, where applicable law requires, no later than the time required by that law.

4.3 Disclosure of AI Communications

Where required by applicable law, AI-generated communications will be identifiable as such. Independently of legal requirements, you can ask Spontigo whether a particular communication was generated or sent by AI by contacting privacy@spontigo.com.

4.4 Use of Personal Information by AI Providers

We use third-party AI providers as our service providers. We do not authorize them to use personal information processed through the Services to train their general-purpose models, and we contractually require them to limit their use of personal information to providing the Services to Spontigo. If we ever enable training, fine-tuning, or model improvement on personal information, we will update this Privacy Policy and, where required, obtain your consent before doing so.

5. How We Share Information

We share personal information in the following circumstances:

5.1 With Suppliers

When you book an experience, we share information with the Supplier of that experience as needed to fulfill your booking. This typically includes your name, contact information, booking details, and any disclosures you have made that are relevant to safe participation. Suppliers are independent businesses, and their use of your information is governed by their own privacy practices.

5.2 With Lodging Partners

If you are staying at a property that participates in the Spontigo platform, we may share information about your bookings and engagement with the lodging operator for the limited purposes of operating the platform and providing service to you during your stay. The lodging operator’s use of this information is governed by its own privacy practices.

5.3 With Service Providers

We share personal information with service providers that help us operate the Services, including:

Payment processors (such as Stripe) to process payments;
Email and SMS service providers to deliver communications;
Cloud hosting and infrastructure providers (such as Amazon Web Services);
Analytics providers to understand how the Services are used;
Customer support tools and AI providers to operate guest communication features;
Fraud prevention and security providers.

Service providers process personal information only at our direction and only as needed to provide their services to us, subject to confidentiality and security obligations.

5.4 For Legal and Safety Reasons

We may share personal information when we have a good-faith belief that doing so is necessary to: (a) comply with applicable law, legal process, or a regulatory request; (b) enforce our agreements; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of Spontigo, our users, or others.

5.5 In Business Transactions

If Spontigo is involved in a merger, acquisition, financing, reorganization, sale of assets, or similar transaction, personal information may be transferred to the counterparty as part of that transaction. We will require any acquirer or successor to honor this Privacy Policy with respect to information transferred or, if practices materially change, to provide affected individuals with notice and an opportunity to opt out before any new use takes effect, as required by applicable law.

5.6 With Your Consent

We may share personal information for other purposes with your consent or at your direction.

6. We Do Not Sell or Share for Behavioral Advertising

We do not sell personal information for money. We do not share personal information with third parties for cross-context behavioral advertising (as those terms are defined under the California Consumer Privacy Act). If our practices change, we will update this Privacy Policy and provide a method to opt out as required by law.

7. Communications and Choices

7.1 Email Communications

By providing your email address, you consent to receive transactional emails related to your bookings (such as confirmations, itinerary details, and reminders). You may opt out of marketing emails at any time by clicking the “unsubscribe” link in any marketing email or by emailing privacy@spontigo.com. Opting out of marketing does not stop transactional emails related to active bookings.

7.2 SMS Communications

By providing your phone number, you consent to receive transactional text messages related to your bookings, and (where applicable) marketing text messages where you have provided express written consent. Standard message and data rates may apply. To stop receiving marketing text messages, reply STOP to any marketing message. Opting out of marketing SMS does not stop transactional SMS related to active bookings. For help, reply HELP or email privacy@spontigo.com.

7.3 Account Settings

If you have a Spontigo account, you can review and update certain information in your account settings. If you have made a booking without an account, you can request changes by contacting us at the email address in Section 13.

8. Cookies and Tracking Technologies

We and our service providers use cookies and similar technologies to operate and improve the Services. These technologies fall into the following categories:

Strictly necessary: required for the Site to function (for example, to maintain your session, process bookings, and remember your cart). These cannot be disabled through Site controls.
Functional: remember your preferences and personalize your experience.
Analytics: help us understand how the Services are used so we can improve them.
Marketing: support our own marketing communications. We do not use these to share information with third parties for cross-context behavioral advertising.

8.1 Your Choices

Most browsers allow you to control cookies through their settings, including blocking or deleting them. You can also opt out of certain analytics by visiting the relevant provider’s opt-out page (for example, Google Analytics opt-out).

8.2 Do Not Track and Global Privacy Control

Some browsers transmit “Do Not Track” signals. There is no industry-standard interpretation of these signals, and we do not currently respond to them. We do honor Global Privacy Control (GPC) signals as opt-out preference signals where required by applicable law.

9. Data Retention

We retain personal information for as long as needed to provide the Services and for the purposes described in this Privacy Policy. Specific retention periods depend on the type of information and the legal and operational reasons for keeping it:

Account information	For as long as your account is active, plus a reasonable period after closure to handle questions, disputes, and legal obligations (typically up to seven years).
Booking and payment records	Retained for the period required by tax, accounting, and consumer protection laws (typically seven years).
Marketing preferences and consents	Retained for as long as you remain a contact, and for a reasonable period after to honor your opt-out preferences.
Communications and support records	Retained for a reasonable period to support service quality, audit, and legal compliance (typically up to three years).
Cookie and analytics data	Retained for the period set by the cookie or analytics tool, typically not exceeding two years.
Information from lodging partners	Retained only for as long as needed to operate the Services for that property and as required by law.

After a retention period ends, we delete or anonymize personal information unless we are required to retain it longer to comply with law, defend legal claims, or for other legitimate business purposes.

10. Your Privacy Rights

Depending on where you reside, you may have certain rights regarding your personal information.

10.1 Rights Available in Most U.S. States

Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Iowa, Tennessee, Indiana, and other states with comprehensive privacy laws have the following rights, subject to applicable conditions and exceptions:

Right to know or access. You may request confirmation that we process your personal information and a copy of the personal information we hold about you.
Right to correct. You may request that we correct inaccurate personal information.
Right to delete. You may request that we delete personal information we have collected from you.
Right to data portability. You may request a portable copy of your personal information.
Right to opt out of sale or sharing. As stated in Section 6, we do not sell or share personal information for cross-context behavioral advertising. If you are a California resident, you may exercise this right at any time at privacy@spontigo.com or as described below.
Right to opt out of targeted advertising. As stated in Section 6, we do not engage in targeted advertising based on cross-context behavioral data.
Right to opt out of certain profiling. We do not engage in profiling that produces legal or similarly significant effects.
Right to limit use of sensitive personal information. Where applicable, you may request that we limit the use of sensitive personal information to specified purposes.
Right to non-discrimination. We will not discriminate against you for exercising your privacy rights.

10.2 California-Specific Disclosures (CCPA / CPRA)

In addition to the rights above, California residents are entitled to the following specific disclosures.

Categories of personal information collected in the past 12 months: identifiers; commercial information (booking history, products purchased); internet or network activity (browsing data, interactions with the Site and our communications); approximate geolocation; payment information; audio and visual information (where you submit photos or other content); inferences drawn from the foregoing (such as preferences and recommendations).

Categories of sources from which information is collected: directly from you; from lodging operators with whom you have a reservation; from Suppliers when you book an experience; automatically through cookies and similar technologies; and from third parties that help us operate the Services (such as analytics and fraud prevention providers).

Categories of third parties with whom we share information for a business purpose: Suppliers (to fulfill bookings); lodging operators (where applicable); service providers (payment processing, hosting, email and SMS delivery, analytics, customer support, fraud prevention, AI); and others as described in Section 5.

Sale or sharing for cross-context behavioral advertising: we do not sell or share personal information for these purposes (Section 6).

Use and disclosure of sensitive personal information: limited to the purposes for which it was collected, as further described in Section 2.6.

Authorized agents: California residents may use an authorized agent to submit a request. We will require verification of the agent’s authority and the consumer’s identity.

“Shine the Light”: California Civil Code Section 1798.83 entitles California residents to request a list of personal information we have shared with third parties for those parties’ direct marketing purposes in the prior calendar year. We do not share personal information with third parties for their direct marketing purposes.

10.3 How to Exercise Your Rights

To submit a privacy request, you may:

Email privacy@spontigo.com with the subject line “Privacy Request” and a description of your request and the state in which you reside; or
Submit a request through any privacy request form we make available on the Site.

We will verify your identity before fulfilling a request. Verification typically requires confirming information we already hold, such as your email address, phone number, or recent booking details. We respond to requests within the time required by applicable law (typically 45 days, with extensions where allowed).

10.4 Appeals

If we decline a privacy request, you may appeal by replying to our response or by emailing privacy@spontigo.com with the subject line “Privacy Request Appeal.” We will respond to appeals within the time required by applicable law. If we decline an appeal, you may have the right to contact your state attorney general or another regulator.

11. EU and UK Guests

If you are in the European Economic Area (EEA), the United Kingdom, or Switzerland and you book through Spontigo or otherwise interact with the Services, the following additional terms apply.

11.1 Lawful Bases for Processing

We process your personal information on the following lawful bases under the GDPR (or its UK equivalent):

Performance of a contract: to process your bookings and provide the Services.
Legitimate interests: to operate, secure, and improve the Services, prevent fraud, communicate with you about the Services, and conduct our business, where these interests are not overridden by your rights.
Consent: for marketing communications and for cookies that are not strictly necessary, where required by law. You may withdraw consent at any time.
Legal obligation: to comply with laws applicable to us, including tax, accounting, and consumer protection laws.

11.2 Your GDPR Rights

EU/UK residents have the following rights with respect to their personal information, subject to applicable conditions: access, rectification, erasure, restriction of processing, data portability, objection to processing, withdrawal of consent, and the right to lodge a complaint with a supervisory authority.

To exercise these rights, contact privacy@spontigo.com.

11.3 International Transfers

Spontigo is based in the United States. When we transfer personal information from the EEA, UK, or Switzerland to the United States or other countries, we rely on appropriate safeguards permitted by applicable law, such as the Standard Contractual Clauses adopted by the European Commission or the UK’s International Data Transfer Agreement, where applicable.

11.4 Supervisory Authority

If you are in the EU/UK and believe we have processed your personal information in violation of applicable law, you may lodge a complaint with the supervisory authority in your country of residence. We encourage you to contact us first so we can address your concern.

12. Security

We maintain administrative, physical, and technical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction. These safeguards include encryption in transit and at rest where appropriate, access controls, network protections, and regular review of our practices. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

You play an important role in protecting your information. Keep your account credentials and itinerary links confidential, and notify us promptly if you suspect unauthorized access. See Section 7 of the Guest Booking Terms for additional information about magic links and account security.

13. Children’s Privacy

The Site and the Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact privacy@spontigo.com.

Separately, bookings through the Spontigo platform require the booker to be at least 18 years old, as described in our Guest Booking Terms. Adults may book on behalf of minors as part of a family or group booking, subject to the terms in the Guest Booking Terms.

14. Third-Party Sites and Services

The Services may contain links to third-party websites and services, including Suppliers’ own sites, lodging operators’ sites, and payment processors. This Privacy Policy does not apply to those third-party sites and services. We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account or recent booking) or by posting a prominent notice on the Site, and we will update the “Last updated” date at the top of this page. Material changes will take effect no earlier than 30 days after notice. Non-material changes (such as clarifications or formatting updates) take effect immediately on posting.

16. Contact Us

If you have questions about this Privacy Policy or our privacy practices, or if you would like to exercise a privacy right, contact us at:

Spontigo, Inc.

Email: privacy@spontigo.com

General support: support@spontigo.com