Last updated: April 2026
1. Introduction
Aspire Business Consulting SRL ("we", "us", "our"), operating as wuvist, is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use wuvist.com (the "Platform").
We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable Romanian data protection laws. Aspire Business Consulting SRL is the data controller for all personal data collected through the Platform.
2. Data We Collect
Account Information
- Name, email address, and profile photo (provided during registration)
- Authentication data (managed by Clerk, our authentication provider)
- Account preferences and settings
Booking Information
- Booking history, including hotel names, dates, guest counts, and prices
- Guest details provided during the booking process (name, email, phone)
- Payment information (processed securely by Stripe; we do not store card numbers)
Usage and Preferences
- Search queries, saved destinations, and wishlist items
- Travel preferences and vibe search interactions
- Feed browsing behavior (scroll patterns, dwell time) used to personalize recommendations
- Device information, browser type, IP address, and approximate location
Creator Program Data
- Creator profile, referral links, and performance analytics
- Commission earnings and payout information
3. How We Use Your Data
We use your personal data for the following purposes:
- Booking fulfillment: processing reservations, sending confirmations, managing cancellations
- Personalization: tailoring hotel recommendations, feed content, and concierge suggestions based on your preferences
- Communication: sending booking confirmations, account updates, and (with consent) promotional offers
- Platform improvement: analyzing usage patterns to improve features, performance, and user experience
- Creator Program: tracking referral conversions, calculating commissions, and providing performance analytics
- Security: detecting and preventing fraud, abuse, and unauthorized access
- Legal compliance: fulfilling our legal obligations under EU and Romanian law
4. Third-Party Services
We share data with the following third-party services, each acting as a data processor under GDPR:
Stripe
Payment processing. Stripe processes your payment details securely and is PCI DSS Level 1 certified. We never store your full card details.
Clerk
Authentication and user management. Clerk handles sign-in, sign-up, and session management. Your auth data is stored securely by Clerk.
Supabase
Database and storage. Your profile data, bookings, and preferences are stored in our Supabase PostgreSQL database with row-level security enabled.
LiteAPI
Hotel search and booking. Guest details are shared with accommodation providers through LiteAPI to complete bookings.
Cloudinary
Image optimization and delivery. Property and user-uploaded images are processed through Cloudinary.
Anthropic (Claude)
Concierge and recommendation features. Your search queries and interactions with our concierge (NOVA) may be processed by Anthropic to generate personalized recommendations. Conversations are not stored by Anthropic beyond the session.
6. Your Rights (GDPR)
Under the GDPR, you have the following rights regarding your personal data:
- Right of access: request a copy of all personal data we hold about you
- Right to rectification: request correction of inaccurate or incomplete data
- Right to erasure: request deletion of your personal data ("right to be forgotten")
- Right to data portability: receive your data in a structured, commonly used, machine-readable format (JSON/CSV export)
- Right to restrict processing: request limitation of data processing in certain circumstances
- Right to object: object to processing based on legitimate interests, including profiling
- Right to withdraw consent: withdraw previously given consent at any time
To exercise any of these rights, contact us at privacy@wuvist.com. We will respond to all requests within 30 days. You also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) or any other EU data protection authority.
7. Data Retention
We retain personal data for the following periods:
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| Booking records | 5 years (legal/tax requirements) |
| Payment records | 7 years (financial regulations) |
| Usage analytics | 24 months |
| Creator earnings data | 5 years after last payout |
| Concierge conversation logs | 90 days |
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS) and at rest
- Row-level security (RLS) on all database tables
- Regular security audits and vulnerability assessments
- Access controls and least-privilege principles for internal systems
- PCI DSS compliant payment processing through Stripe
9. Children's Privacy
The Platform is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If we learn that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at privacy@wuvist.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. For material changes, we will notify registered users via email. Your continued use of the Platform after changes constitutes acceptance of the updated policy.
11. Contact
For any privacy-related questions or to exercise your GDPR rights:
Data Controller: Aspire Business Consulting SRL
Location: Romania, EU
Privacy Email: privacy@wuvist.com
General Support: support@wuvist.com