Exploro

Legal

Privacy Policy

How we collect, use, and protect your information

Last updated: March 10, 2026

1. Introduction and Data Controller

Exploro ("we", "our", or "us") is committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Exploro is the data controller responsible for your personal data collected through our platform, including our website, chat widget, and related services. If you have any questions about how we handle your data, you can contact us at [email protected].

2. Information We Collect

Blogger Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign up via Google or GitHub (using OAuth, a secure method that lets you log in through an existing account), we receive your basic profile information from those providers.

Blog Content

When you connect your travel blog, we scrape and store your publicly available blog content to train the AI chatbot. This includes post text, image references, and any affiliate links present in your content.

Visitor Chat Data

We collect chat messages exchanged between Visitors and the AI chatbot, including session metadata such as timestamps, session duration, and interaction patterns.

Analytics Data

We collect anonymised usage data including widget impressions, chat session counts, paywall interactions, and conversion metrics. This data is aggregated and cannot be used to identify individual users.

Payment Data

When Visitors make a purchase, payment transactions are processed by our third-party payment provider. Exploro does not store credit or debit card details. We receive confirmation of successful transactions and basic transaction records for accounting purposes.

3. Lawful Basis for Processing

Under UK GDPR, we must have a valid legal reason (known as a "lawful basis") to process your personal data. We rely on the following bases:

  • Contract performance — Processing necessary to provide the Platform service to you, including operating the chatbot, processing payments, and managing your account
  • Legitimate interests — Processing necessary for our legitimate business interests, including service improvement, analytics, security monitoring, and fraud prevention, where these interests do not override your rights
  • Consent — Where you have given clear consent for us to process your data for a specific purpose, such as receiving marketing communications
  • Legal obligation — Processing necessary to comply with legal requirements, such as tax and financial record-keeping

4. How We Use Your Information

We use the personal data we collect to:

  • Provide, operate, and maintain the Exploro platform
  • Train and improve AI chatbot responses based on Blogger content
  • Process payments and revenue share distributions
  • Send account-related communications (such as payment confirmations and service updates)
  • Analyse usage patterns to improve our services
  • Detect, prevent, and address fraud, security issues, and technical problems
  • Comply with legal obligations

5. Cookies and Similar Technologies

What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help the site remember your preferences and understand how you interact with it.

Essential Cookies

These cookies are necessary for the Platform to function. They handle authentication, security, and session management. You cannot opt out of essential cookies as the Platform would not work without them.

Analytics Cookies

We use analytics cookies to understand how users interact with the Platform. This helps us improve the user experience and identify technical issues. Analytics data is aggregated and anonymised.

Preference Cookies

These cookies remember your settings, such as your preferred theme (light or dark mode). They help provide a more personalised experience.

Widget Cookies

The Exploro chat widget embedded on Blogger websites uses minimal cookies to maintain chat session state. These cookies are scoped to the widget and do not track Visitors across other websites. They are essential for the widget to function correctly.

Third-Party Cookies

Some third-party services we use (such as authentication providers and payment processors) may set their own cookies. We do not control these cookies. Please refer to the respective third-party privacy policies for more information.

Managing Cookies

You can manage cookies through your browser settings. Most browsers allow you to view, block, or delete cookies. However, blocking essential cookies may prevent you from using certain features of the Platform.

6. Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share data with the following categories of service providers who assist us in operating the Platform:

  • Cloud hosting — Our database is hosted by Neon, which stores your account data, blog content, and chat history
  • AI providers — We use Anthropic and OpenAI to power chatbot responses and generate text embeddings. Chat messages and blog content may be sent to these providers for processing
  • Payment processors — Transaction data is shared with our payment provider to process purchases
  • Authentication providers — If you use OAuth sign-in, basic profile data is exchanged with Google or GitHub

All third-party providers are bound by data processing agreements and are required to process your data only in accordance with our instructions and applicable data protection law.

7. International Data Transfers

Some of our third-party service providers are based outside the United Kingdom. When your personal data is transferred internationally, we ensure appropriate safeguards are in place, including:

  • Transfers to countries recognised by the UK government as providing adequate data protection
  • Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
  • Other lawful transfer mechanisms as required by UK GDPR

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes set out in this policy:

  • Account data — Retained while your account is active and for a reasonable period thereafter to handle any outstanding matters
  • Blog content — Retained while your account is active and deleted within a reasonable period following account termination
  • Chat data — Retained in accordance with tenant-specific settings configured by the Blogger
  • Analytics data — Anonymised and retained indefinitely for statistical analysis, as it cannot be linked back to individuals
  • Payment records — Retained for as long as required by applicable tax and financial regulations

Upon account termination, you may request deletion of your personal data by contacting [email protected].

9. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — You can request a copy of the personal data we hold about you
  • Right to rectification — You can ask us to correct inaccurate or incomplete personal data
  • Right to erasure — You can request that we delete your personal data in certain circumstances (also known as the "right to be forgotten")
  • Right to restrict processing — You can ask us to limit how we use your data in certain circumstances
  • Right to data portability — You can request your personal data in a structured, commonly used, machine-readable format
  • Right to object — You can object to our processing of your personal data where we rely on legitimate interests as the lawful basis
  • Rights related to automated decision-making — You have the right not to be subject to decisions based solely on automated processing that significantly affect you

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, as required by UK GDPR.

10. Right to Complain

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection.

You can contact the ICO at ico.org.uk or by calling 0303 123 1113. We would appreciate the opportunity to address your concerns before you contact the ICO, so please reach out to us at [email protected] first.

11. Children's Privacy

The Platform is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information as soon as possible.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Where changes are material, we will provide at least 30 days' notice via email or through the Platform before they take effect. The "Last updated" date at the top of this page indicates when this policy was last revised.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at [email protected].