Privacy Policy

Last updated: 17/06/2026

This Privacy Policy explains how Daniel e Brenda Ponce LDA, operating under the brand Yes, You Deserve (“Company”, “we”, “us”, or “our”), collects, uses, stores, shares, and protects personal information when you visit our website, contact us, book a tour, communicate with us, or use any of our services.

Yes, You Deserve provides private tours, curated travel experiences, transportation-related services, cultural experiences, restaurant and winery arrangements, monument visits, and related customer support services in Portugal.

By using our website, contacting us, or booking our services, you acknowledge that your personal information may be processed as described in this Privacy Policy.

If you have any questions, you can contact us at:

Email: info@yesyoudeserve.tours
Company: Daniel e Brenda Ponce LDA
Brand: Yes, You Deserve
Website: https://www.yesyoudeserve.tours/

1. Information We Collect

We collect personal information that you voluntarily provide to us when you visit our website, contact us, request information, communicate with us, book a service, participate in a tour, or interact with our automated or human support channels.

1.1 Personal information you may provide

Depending on how you interact with us, we may collect:

• Full name
• Email address
• Phone number
• Country or region of residence
• Preferred contact method
• Booking details
• Tour date and time
• Pick-up and drop-off information
• Group size
• Guest names or group information when necessary to organize the service
• Tour preferences
• Itinerary preferences
• Restaurant, winery, monument, or activity preferences
• Communication history with us
• Messages sent through WhatsApp, Messenger, Instagram, email, forms, or other communication channels
• Social media username and profile information when you contact us through social media platforms
• Customer support messages and conversation history
• Feedback, reviews, and survey responses
• Information required to issue invoices, receipts, or comply with accounting and legal obligations

1.2 Payment information

We do not directly store full credit card numbers, debit card numbers, card security codes, or complete payment credentials.

Yes, You Deserve does not store full customer payment card details. Stripe stores and processes payment card data according to Stripe’s own privacy and security policies.

Payments are processed through secure third-party payment providers, including Stripe. Stripe processes and stores payment information according to its own privacy and security policies.

You can review Stripe’s Privacy Policy here:

https://stripe.com/en-pt/privacy

1.3 Account passwords

Yes, You Deserve does not currently require customers to create password-protected customer accounts on our website for the ordinary booking of our tours. We do not intentionally collect or store customer account passwords for tour bookings.

If any future service requires account creation, this Privacy Policy will be updated accordingly.

1.4 Dietary, allergy, mobility, accessibility, and health-related information

In order to organize a safe, comfortable, and appropriate experience, we may ask you to voluntarily provide limited information about:

• Food allergies
• Dietary restrictions
• Mobility limitations
• Accessibility needs
• Relevant health or safety considerations
• Age-related needs, including information related to children, elderly guests, or guests requiring additional care

We collect this information only when it is relevant to organizing, adapting, or safely delivering your tour or experience.

We use this information only for operational, safety, accessibility, and service-delivery purposes. We may share only the necessary details with guides, drivers, restaurants, wineries, activity providers, or other partners when required to deliver the service safely and correctly.

We do not use this type of information for unrelated marketing purposes.

1.5 Information collected automatically

When you visit our website, certain technical information may be collected automatically, including:

• IP address
• Browser type
• Device type
• Operating system
• Language preferences
• Pages visited
• Time and date of visits
• Referring pages or links
• General usage and analytics information
• Cookie and tracking technology data, according to our Cookie Policy

This information is used to operate, secure, analyze, and improve our website and services.

1.6 Information received from third parties

We may receive limited information from third parties when necessary to manage your booking, communicate with you, process payments, or provide our services. This may include information from:

• Payment platforms such as Stripe
• Social media and messaging platforms such as Meta, Facebook, Instagram, Messenger, and WhatsApp
• Email providers
• Booking, calendar, CRM, or operational tools
• Members of your group who provide information on your behalf
• Guides, drivers, restaurants, wineries, or other service partners involved in your experience
• Review platforms or public review sources, when you choose to leave a review

2. How We Use Your Information

We process personal information for the following purposes:

• To respond to your inquiries
• To provide information about our tours and services
• To confirm availability
• To create, manage, and confirm bookings
• To organize private tours and experiences
• To personalize your itinerary within operational limits
• To arrange transportation, restaurant reservations, winery visits, monument visits, tickets, guides, drivers, or other service elements
• To communicate important information before, during, and after the tour
• To process payments, deposits, refunds, and invoices
• To comply with tax, accounting, legal, and regulatory obligations
• To handle complaints, incidents, operational changes, or customer support requests
• To protect the safety of guests, guides, drivers, partners, and the public
• To prevent fraud, abuse, misuse, and security risks
• To improve our services, customer experience, website, operations, and internal processes
• To analyze aggregated or anonymized operational trends
• To send service-related messages
• To send marketing communications where permitted by law or with consent where required

3. Legal Bases for Processing Personal Information

If you are located in the European Union, European Economic Area, United Kingdom, or another jurisdiction requiring a legal basis for processing personal information, we may rely on one or more of the following legal bases:

3.1 Performance of a contract

We process personal information when necessary to provide the services you request, manage your booking, organize your tour, process payments, communicate with you, and fulfill our obligations to you.

3.2 Consent

We may process information based on your consent, such as when you agree to receive certain marketing communications, voluntarily provide dietary/allergy/mobility/accessibility information, or interact with certain automated communication tools where consent is required.

You may withdraw your consent at any time, subject to legal or contractual limitations.

3.3 Legitimate interests

We may process personal information when necessary for our legitimate business interests, provided those interests do not override your rights and freedoms. This may include improving our services, responding to inquiries, preventing fraud, maintaining records, securing our systems, training our team, and analyzing aggregated operational trends.

3.4 Legal obligations

We may process and retain information when necessary to comply with tax, accounting, legal, regulatory, consumer protection, or other legal obligations.

3.5 Vital interests and safety

In limited cases, we may process information when necessary to protect the vital interests, health, or safety of a guest, team member, partner, or another person.

4. Automated AI Assistant and Internal AI/Automation

We may use automated tools, AI-assisted systems, and workflow automation to help us respond faster, organize information, support customers, improve operations, and reduce errors.

4.1 Customer-facing AI assistant

We may use an automated AI assistant, including an assistant named Alice, to provide customer support through channels such as Facebook Messenger and Instagram Direct Messages.

When you interact with an automated assistant, we may process:

• Your social media username and profile information, such as name and profile picture
• Messages you send to us
• Conversation history
• Interaction patterns
• Timestamps
• Response preferences

The assistant may use your messages to provide information about our services, answer questions, route requests, and help our team follow up.

Automated assistants may not understand every request perfectly. You may request human assistance at any time by clearly asking for a human team member.

4.2 Internal AI and operational automation

We may also use internal AI-assisted tools and automation systems to support our operations. These tools may help us:

• Summarize customer requests
• Organize booking information
• Prepare itinerary notes
• Classify preferences
• Improve response quality
• Support customer service
• Analyze aggregated operational trends
• Improve planning, training, pricing, and service quality

Where possible, we anonymize, minimize, or aggregate customer information before using it for internal analysis, service improvement, training, pricing, or operational planning.

We do not sell your personal data to AI providers.

We do not intentionally use highly sensitive customer information, such as detailed health information, for unrelated AI analysis or marketing.

4.3 AI service providers and automation tools

Depending on the channel and operational need, our AI and automation systems may involve service providers such as:

• Meta platforms, including Facebook, Instagram, Messenger, and WhatsApp
• n8n or similar workflow automation tools
• AI model providers used to generate, classify, or summarize responses
• Supabase or similar secure database tools
• CRM, email, calendar, spreadsheet, or internal operations tools

These providers process information only as necessary to provide the relevant service, support our operations, or comply with applicable law and contractual requirements.

5. When and With Whom We Share Personal Information

We may share personal information only when necessary and appropriate for the purposes described in this Privacy Policy.

5.1 Operational partners

To deliver your experience, we may share limited and necessary information with:

• Tour guides
• Drivers and transportation providers
• Restaurants
• Wineries
• Monument or ticket providers
• Activity providers
• Local partners or independent suppliers involved in your experience

This may include your name, group size, booking details, schedule, pick-up information, preferences, dietary restrictions, allergies, mobility/accessibility needs, or other details necessary to safely and correctly provide the service.

5.2 Technology and service providers

We may share information with trusted technology and service providers who help us operate our business, including providers for:

• Payment processing, including Stripe
• Email and business communication
• Website hosting and security
• Analytics and website performance
• CRM and booking management
• Calendar and productivity tools
• Messaging platforms
• AI-assisted customer support and internal automation
• Database and storage services
• Accounting, invoicing, and administrative services

5.3 Platforms and subprocessors we may use

Depending on how you interact with us, your information may be processed through or by platforms such as:

• Stripe for payments
• Meta, Facebook, Instagram, Messenger, and WhatsApp for communication
• Google Workspace, Google APIs, Gmail, Calendar, Drive, Docs, Sheets, and related Google services for business operations
• Kommo or similar CRM tools for managing customer communication and booking workflows
• n8n or similar automation tools for workflow automation
• Supabase or similar database/storage tools
• AI model providers used for customer support or internal operational assistance
• Microsoft Clarity/Bing or similar analytics tools, if active on our website
• Cloudflare, hosting, caching, or website security providers
• Elfsight, YouTube, or similar embedded website service providers where website features require them
• Email, calendar, file storage, accounting, and internal collaboration tools used to run our business

We do not sell your personal information.

We require service providers and partners to process personal information only for appropriate business, operational, legal, or service-delivery purposes.

5.4 Legal, safety, and business reasons

We may disclose information if necessary to:

• Comply with applicable law
• Respond to lawful requests from authorities
• Protect our legal rights
• Prevent fraud, abuse, or security threats
• Protect the safety of guests, team members, partners, or the public
• Handle a business transfer, merger, acquisition, restructuring, or sale of business assets

6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our website, improve performance, understand how visitors use our website, support security, and improve our services.

Some cookies are essential for the website to function. Others may be used for analytics, functionality, marketing, or embedded services, depending on your choices and the tools active on our website.

For more information, please review our Cookie Policy.

Important: Our Cookie Policy and all website legal policies should identify the responsible company as Daniel e Brenda Ponce LDA, operating under the brand Yes, You Deserve.

7. International Data Transfers

We are based in Portugal, but some of the platforms, service providers, technology tools, AI systems, messaging platforms, payment processors, hosting providers, analytics providers, and operational tools we use may process personal information outside Portugal, the European Union, or the European Economic Area.

When personal information is transferred internationally, we rely on appropriate safeguards where required by applicable law. These safeguards may include adequacy decisions, Standard Contractual Clauses, contractual data protection commitments, provider privacy frameworks, or other lawful transfer mechanisms.

By interacting with us through international platforms such as Meta, WhatsApp, Google, Stripe, or similar providers, your information may also be processed according to those providers’ own privacy policies and international data transfer mechanisms.

8. How Long We Keep Your Information

We keep personal information only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Booking, payment, invoice, and accounting records

Booking, payment, invoice, accounting, tax, and legally relevant business records may be retained for up to 10 years, or longer if required by applicable law, tax rules, accounting obligations, legal disputes, audits, or regulatory requirements.

8.2 Customer messages

Messages exchanged through platforms such as WhatsApp, Messenger, Instagram, email, CRM tools, and similar communication channels may remain stored within those platforms or our business accounts for as long as the relevant platform, account configuration, legal requirement, or business need requires or permits.

Where practical and appropriate, we may delete, archive, minimize, or anonymize customer communication records that are no longer necessary.

8.3 Dietary, allergy, mobility, accessibility, and health-related information

Information related to allergies, dietary restrictions, mobility, accessibility, or health/safety needs is kept only for as long as necessary to organize and safely deliver the service, handle related follow-up, or comply with legal obligations.

After the tour and a reasonable operational follow-up period, we aim to delete, minimize, or anonymize this information where practical, unless it must be retained because it remains part of legally relevant booking records, accounting records, customer communications stored on third-party platforms, an incident record, a complaint, or another legitimate legal or operational need.

8.4 AI conversation logs and automation records

Customer-facing AI conversation logs and automation records may be retained for up to 24 months for customer support, service quality, operational analysis, troubleshooting, training, and improvement purposes, unless a longer retention period is required or permitted by law.

Where possible, we use anonymized or aggregated information for long-term service analysis.

8.5 Marketing records

Marketing preferences and consent records may be retained for as long as necessary to respect your choices, comply with legal obligations, and manage marketing communications. You may unsubscribe or withdraw consent where applicable.

8.6 Backups

If information is stored in backups, it may remain in backup systems for a limited period until those backups are overwritten, deleted, or expire according to the relevant backup cycle. During this time, backup data is not used for active processing unless restoration is necessary.

9. How We Protect Your Information

We use reasonable technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, alteration, or disclosure.

These measures may include:

• Restricting access to team members, contractors, guides, drivers, partners, and service providers who need the information to perform their role
• Using secure payment processors instead of storing full payment card information ourselves
• Using access controls for business tools and accounts
• Limiting the amount of personal information shared with partners to what is necessary
• Applying data minimization where possible
• Using secure communication, hosting, storage, CRM, and automation tools where appropriate
• Deleting, minimizing, or anonymizing information when it is no longer needed where practical
• Reviewing internal processes for customer data handling

However, no method of electronic transmission or storage is completely secure. We cannot guarantee that unauthorized third parties will never be able to defeat our security measures. You should only share information through secure channels and should avoid sending unnecessary sensitive information.

10. Data Minimization and Internal Analytics

We aim to collect and use only the personal information that is necessary for the relevant purpose.

For internal analytics, pricing, service improvement, team training, operational planning, and business reporting, we aim to use aggregated, anonymized, or minimized data whenever possible.

For example, we may analyze trends such as:

• Popular monuments or activities
• Average group size
• Tour type demand
• Operational timing
• Customer preferences in aggregate
• Service quality trends

We do not need names, emails, phone numbers, or unnecessary identifying details for most internal analytics. Where possible, those details should be removed or anonymized before internal analysis.

11. Children and Minors

Our services may be booked by adults for families and groups that include children. We do not knowingly collect personal information directly from children for marketing purposes.

Where children participate in a tour, we may process limited information necessary for safety, logistics, legal requirements, child seats, booster seats, age-appropriate planning, or service delivery.

A parent, guardian, or responsible adult must provide any necessary information related to children in the group.

12. Your Privacy Rights

Depending on your location and applicable law, you may have rights regarding your personal information, including the right to:

• Request access to the personal information we hold about you
• Request correction of inaccurate or incomplete information
• Request deletion of your personal information
• Request restriction of processing
• Object to certain processing activities
• Withdraw consent where processing is based on consent
• Request portability of your personal information where applicable
• Opt out of certain marketing communications
• File a complaint with a data protection authority

These rights may be limited in some cases, including where we need to retain information to comply with legal, accounting, tax, contractual, safety, or legitimate business obligations.

To exercise your rights, contact us at:

info@yesyoudeserve.tours

13. Marketing Communications

We may send marketing communications where permitted by law or where you have provided consent where required.

You may opt out of marketing communications at any time by following the unsubscribe instructions in the message or by contacting us directly.

Even if you opt out of marketing communications, we may still send service-related messages about bookings, payments, safety, operational changes, or customer support.

14. Third-Party Websites and Platforms

Our website and communications may include links to third-party websites, platforms, payment services, social media pages, embedded content, maps, videos, reviews, or partner services.

We are not responsible for the privacy practices of third-party websites or platforms. Your use of those services is subject to their own terms and privacy policies.

15. Updates to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, tools, legal obligations, or operational practices.

The updated version will be identified by the “Last updated” date at the top of this page.

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us at:

Daniel e Brenda Ponce LDA
Operating under the brand Yes, You Deserve
Email: info@yesyoudeserve.tours
Website: https://www.yesyoudeserve.tours/

17. Practical Note About Sensitive Operational Information

To help us protect your privacy, please avoid sending unnecessary sensitive information unless it is relevant to your booking, safety, accessibility, dietary needs, or the proper delivery of your experience.

If you provide allergy, mobility, accessibility, dietary, or health-related information, we will use it only as necessary to organize and safely deliver your experience, share it only with the people or partners who need it, and delete, minimize, or anonymize it where practical after it is no longer needed.