Privacy Policy

1. Introduction

Tripwai values the privacy of its Users and partners. This Privacy Policy aims to inform clearly and transparently how we collect, use, store and protect the personal data of Users who use our platform, in compliance with Brazilian legislation, notably the General Data Protection Law (LGPD – Law No. 13,709/2018).

The LGPD was enacted to protect fundamental rights of freedom and privacy, regulating the processing of personal data by individuals or legal entities, in digital or physical media. Thus, we commit to processing personal data responsibly and securely, observing the principles of purpose, adequacy, necessity, transparency, security, prevention and non-discrimination, among others provided by law.

By using Tripwai's services, the User declares that they have read and agreed to the terms of this Policy. If you do not agree with any provision, we recommend that you stop using our platform. We are available to clarify any questions related to this document via email info@tripwai.com.

2. Personal Data Collected

Tripwai may collect different types of personal data from Users, according to the interaction performed on the platform. Below we categorize the main data collected and its context:

Registration Data: information provided directly by the User when creating an account or filling out forms on the platform. They include, for example: full name, date of birth, nationality, identity document (ID, CPF or passport), residential address, email address, phone/WhatsApp number, profession/occupation, academic information (when relevant to a course), among others necessary for registration.

Login and Profile Data: credentials (login/email and encrypted password) and preferences defined in your Tripwai account, such as profile photo, language preferences, search history or saved destinations of interest.

Travel and Exchange Data: when requesting quotes or making reservations, we collect information such as: destination of interest, language and duration of the desired course, preferred type of accommodation, intended start and end date of the exchange, special needs (e.g., accessibility, dietary restrictions for accommodation), name of institutions of interest, among other information that helps personalize your experience.

Payment Data: information provided to make payments on the platform. They include credit card data (number, expiration date, cardholder name, CVV) or payment receipts. Important: Tripwai does not permanently store complete credit card data in its systems. We use payment providers (e.g., Stripe) that process the transaction securely.

Communication Data: content of messages exchanged with Tripwai on service channels (emails, support chats, WhatsApp, etc.). These communications may be stored for history purposes, service improvement and as evidence in case of formal requests.

Navigation Data (Cookies and Similar Technologies): when the User visits our website or app, we may automatically collect some information through cookies, pixels, tags and similar technologies. This includes: IP address, device and browser type, pages or screens accessed, access dates and times, click history and navigation within the site, possibly approximate geolocation data.

3. Purposes and Legal Bases of Processing

We use the collected data for various purposes, all aligned with the efficient provision of Tripwai services and the necessary support to the User. We describe the main purposes below, accompanied by their respective legal bases:

Service Provision and Contract Execution: We use data to execute the reservations and contracts requested by the User with exchange Service Providers. This includes: processing course enrollments, accommodation reservations, insurance policy issuance, purchase of phone chips, etc. Legal basis: contract execution and preliminary procedures (LGPD, art. 7, V).

User Consulting and Support: Data is used to provide personalized service. For example, a Tripwai consultant will access the User's profile information and preferences to better guide them in course or accommodation choices.

Communication and Marketing: We send emails or notifications with reservation confirmations, reminders, updates about your trip, promotions, new courses or available destinations. Legal basis: User consent (opt-in) for promotional communications, with the option to opt-out always available.

4. Data Sharing

Tripwai may share User personal data with third parties in the following situations, always observing legal and contractual limits:

• Service Providers: We share User data (name, contact, enrollment data, etc.) with language schools, accommodation providers, insurers, international chip issuers and other partners necessary to complete the booking and deliver the contracted service.
• Payment Processors: When the User makes a payment, financial data is transmitted directly to the secure payment processor (example: Stripe), which operates according to international security standards (PCI-DSS).
• Technology Partners and IT Service Providers: We hire companies for server hosting, data storage, email marketing services, data analysis, technical support, among others. These partners act as data operators under our instructions and are subject to confidentiality and data protection agreements.
• Legal Requirements and Protection of Rights: We may disclose personal data if required by law, regulation, court order or request from a competent public authority.

Tripwai does not sell personal data to third parties and does not use them for purposes incompatible with those described in this Policy without the User's due consent.

5. Data Retention

We retain personal data only for the time necessary to fulfill the purposes described in this Policy or as required by law.

6. User Rights

Under the LGPD, you (data subject) have rights over your personal information, which can be exercised upon request to Tripwai:

• Confirmation and Access: Right to confirm the existence of data processing and access the personal data that Tripwai holds about you.
• Correction: Right to request correction of incomplete, inaccurate or outdated data.
• Anonymization, Blocking or Deletion: Right to request anonymization, blocking or deletion of unnecessary, excessive data or data processed in non-compliance with the LGPD.
• Portability: Right to request data portability to another service or product provider.
• Consent Revocation: When processing is based on consent, the holder may revoke it at any time.

To exercise your rights, contact us via email info@tripwai.com.

7. Data Security

Tripwai implements appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, destruction, or improper alteration.

8. Contact Us

If you have any questions, comments or concerns about this Policy or the processing of your data, please do not hesitate to contact us.

Email: info@tripwai.com Address: Rua Samuel Heusi, 463, sala 907, Centro, Itajaí/SC, CEP 88301-320

Last updated: 23 February 2026