Privacy Policy

Last Updated: 11/18/2025

Introduction

Nalu Bookings LLC, a Hawaiian limited liability company (“Nalu,” “we,” “us,” or “our”), operates an online booking platform designed for tour and activity providers in Hawaii. This Privacy Policy describes how we collect, use, maintain, protect, and disclose information collected through our booking platform (the “Service”).  In this Privacy Policy, “Company”  refers to any charter company, tour operator, activity provider, or other business that uses our booking platform to manage reservations.

Our Role in data processing

Platform Provider: We provide booking software that Companies integrate into their websites and use to manage their operations.

When You Make a Booking: When you make a booking through a Company’s website using our platform, we collect and process your booking information to facilitate your reservation. However, the Company you are booking with controls your booking information and determines how it is used. When we share your booking information with the Company, they collect and process your personal information as a controller, and your personal information is subject to the Company’s privacy policy and practices. In connection with your booking, we provide the Company with all the information listed in the ‘From Customers Making Bookings’ section below.

Service Provider to Companies: We provide support and platform services directly to Companies, not to individual customers booking tours.

Infomration We collect

From Customers Making Bookings (Guest Bookings)

When you make a booking through a Company’s website using our platform, we may collect:

  • Name
  • Email address
  • Phone number
  • Birthdate (for minors participating in tours or activities, collected from parents or legal guardians)
  • Text message opt-in/opt-out preference
  • Lunch choice and custom meal notes
  • Booking comments and special requests
  • Accommodation information (where you are staying)
  • How you heard about the Company
  • Payment information (processed securely through Stripe, our third-party payment processor; we do not store full credit card numbers or CVV codes)

Note: You do not create an account with Nalu. Each booking is tied to your contact information for that specific reservation.

    From Company Staff (Admin Accounts)

    Company staff who use our portal to manage bookings provide:

    • Name
    • Email address

    Technical Information Collected Automatically

    We may automatically collect:

    • Browser type
    • IP address
    • Usage analytics and telemetry data for performance monitoring, security, error detection, and diagnostics
    • We and our service providers use cookies and similar tracking technologies to collect some of this information. Cookies are small data files stored on your device that help us operate the Service and understand how it is used.

    How We Use Your Information

    To Fulfill Bookings

    • Process and manage reservations
    • Facilitate secure payment processing through Stripe
    • Send booking confirmations and communications on behalf of Companies
    • Process digital waivers through WaiverForever
    • Enable Companies to manage their daily operations

      To provide platform services

      • Monitor platform performance and security
      • Diagnose technical issues
      • Improve platform functionality
      • Provide support to Companies

        For Analytics and Optimization

        • Use anonymized booking data to help Companies optimize pricing, availability, tour performance, and fleet operations
        • Analyze platform usage to improve our services

        We do not sell customer personal information to third parties. We do not use or otherwise process customer information beyond what is necessary to fulfill reservations with Companies, provide our platform services, ensure security, comply with legal obligations, and improve our services as described in this Privacy Policy.

        Third-party providers

        We share information with the following third-party service providers who process data on our behalf:

          • Stripe: Payment processing (does not provide us access to full credit card numbers)
          • Twilio/SendGrid: Text message and email delivery on behalf of Companies
          • WaiverForever: Digital waiver processing
          • Sentry.io: Performance monitoring and analytics
          • Vercel: Backend operations
          • Supabase: Cloud database storage
          • WordPress: Platform integration

          How your information is shared

          With Companies

          All booking information we collect is shared with the Company through whom you made your reservation. This includes all information listed in the “From Customers Making Bookings (Guest Bookings)” section above. Companies access this information through our platform dashboard.

          with service providers

          We share information with the third-party service providers listed above solely to provide our booking platform services.

          for legal purposes

          We may disclose information when required by law, to protect our rights, or in connection with business transfers.

          Data Storage and Retention

          Storage Location: Customer data is stored in Supabase, a cloud database provider with servers located in the United States. Payment information is stored by Stripe in accordance with their data storage policies.

          Retention Period: We retain booking information for as long as necessary to provide services to the Company, typically for the duration of the Company’s use of our platform and for a reasonable period thereafter for accounting, legal compliance, dispute resolution, and business purposes. Companies may request deletion of customer data at any time, subject to our legal retention obligations. We may retain certain data for longer periods where required by law or for legitimate business purposes such as fraud prevention and platform security. If you have questions about data retention for your specific booking, please contact the Company directly.

          Communications

          Our system sends automated text messages and emails to customers on behalf of Companies for transactional purposes related to bookings (such as confirmations, reminders, and updates). The Company determines the content and timing of these communications. You can opt out of text messages by following the opt-out instructions in the messages or by contacting the Company directly. Please note that opting out may affect your ability to receive important booking updates.

          your rights and choices

          access and control

          Cookies and Tracking Technologies. You can set your browser to refuse cookies or alert you when cookies are being sent. However, some features of the Service may not function properly if cookies are disabled.

          Because Companies are the primary controllers of your booking data, please contact them directly to:

          • Access your booking information
          • Correct inaccurate information
          • Request deletion of your data
          • Opt out of communications

          Marketingt opt-out

          You can opt out of text messages by following the opt-out instructions in the messages. For email communications, contact the Company directly.

          data security

          We implement reasonable technical and organizational safeguards to protect personal information, including secure transmission protocols and restricted access controls. However, no internet transmission is completely secure.

          international data transfers

          We are headquartered in Hawaii, United States. Personal information may be transferred to and processed in the United States or other locations where our service providers operate, which may have different data protection laws than your jurisdiction. By using our Service, you acknowledge and consent to such transfer and processing of your personal information.

          children’s privacy

          Our Service is not intended for use by children under 13. We do not knowingly collect personal information from children under 13 except birthdates collected for minors as part of legitimate tour bookings managed by their parents or guardians.

          state privacy rights

          Residents of certain states (including California, Colorado, Connecticut, Virginia, Utah, and others with comprehensive privacy laws) may have additional rights regarding their personal information under applicable state law, including rights to: (a) know what personal information we collect, use, and disclose; (b) access their personal information; (c) correct inaccurate information; (d) delete their personal information; (e) opt-out of the sale or sharing of personal information (we do not sell personal information); and (f) not be discriminated against for exercising these rights. To exercise these rights regarding your booking information, please contact the Company with whom you made your reservation. For rights related to our processing of data as an independent controller, you may contact us directly at the contact information below. We will respond to verified requests within the time periods required by applicable law.

          changes to policy

          We may update this Privacy Policy periodically. Material changes will be posted on our website with an updated “Last Updated” date.

          Contact us

          For questions about this Privacy Policy:

          Nalu Bookings LLC
          Email: info@nalubookings.com
          4-831 Kuhio Hwy
          Suite 438-232
          Kapaʻa, HI 96746

          For questions about your specific booking or to exercise privacy rights related to your booking data, please contact the Company directly.