Privacy Policy – WhaleTu Community

WhaleTu Privacy Policy

Effective Date: July 06, 2026 | Applicable Platform: WhaleTu Community (whaletu.com)

Core Compliance Statement: All WhaleTu user data, servers, and databases are hosted and stored in the United States. We strictly comply with the EU General Data Protection Regulation (GDPR), the U.S. California Consumer Privacy Act (CCPA), and internationally recognized privacy protection standards to safeguard global users’ data privacy and legitimate rights.

Introduction

This Privacy Policy explains how we collect, use, store, transfer, delete, and protect your personal data. By accessing, registering for, or using our services, you voluntarily agree to all terms of this policy. If you do not agree, please discontinue use of our services.

1. Data Controller Information

  1. The data controller of this platform is WhaleTu Community (WhaleTu, domain whaletu.com), responsible for user data management, privacy compliance, and responding to user privacy requests.
  2. If you have any questions regarding this Privacy Policy or our data processing practices, please contact us at: legal@whaletu.com.

2. Data Storage and Jurisdiction

  1. All user personal data, browsing logs, published content, account information, uploaded files, and other data are stored exclusively on overseas compliant servers.
  2. Data storage, processing, and transfer are subject to overseas data security laws and international privacy compliance frameworks.
  3. All data processing activities strictly adhere to GDPR principles of data minimization, purpose limitation, and storage limitation, avoiding excessive collection and misuse of data.
  4. For cross-border data transfers involving EU users, we rely on EU Commission-approved Standard Contractual Clauses (SCCs) or equivalent protection mechanisms to ensure lawful data transfer.

3. Types of Personal Data We Collect

We only collect data necessary for providing community services. We do not collect irrelevant sensitive information. The specific categories are as follows:

  1. Account Registration Data: Basic information such as username, email address, and login credentials voluntarily submitted by users during account registration.
  2. Public User Content: UGC publicly posted by users, including travel guides, food reviews, itinerary plans, comments, images, and topic content.
  3. Device and Access Log Data: Device model, browser type, access time, page view records, and network access logs generated when users access this site, used for security risk control, troubleshooting, and service optimization.
  4. Voluntary Interaction Data: Communication information generated through private messages, feedback, and community interactions initiated by users.
  5. No Unnecessary Sensitive Data: We do not actively collect sensitive personal information such as ID numbers, addresses, bank card details, precise location, race, religion, or health information. Such content is only retained when voluntarily submitted by users.

4. Purposes and Legal Basis of Data Use

All data we collect is used only for the following lawful, explicit, and limited service purposes:

  1. Service Provision: To provide, maintain, and optimize core travel community services, ensuring stable account login, content publishing, and community interaction. (Legal basis: Contract performance)
  2. User Support: To handle user inquiries, feedback, after-sales requests, and community compliance management. (Legal basis: Contract performance)
  3. Security and Risk Control: To conduct platform security risk control, preventing malicious attacks, spam, account theft, and unauthorized access. (Legal basis: Legitimate interests)
  4. Service Optimization: To optimize website content and user experience, measure community content popularity, and recommend relevant travel guides, food content, and itineraries. (Legal basis: User consent or legitimate interests)
  5. Compliance Obligations: To fulfill platform compliance obligations, including handling infringement complaints and reviewing违规 content. (Legal basis: Legal obligation)

5. Data Sharing and Third-Party Disclosure

  1. No Commercial Sale: We will never sell, trade, or rent users’ personal data to any third party for commercial purposes.
  2. Limited Compliance Sharing: Data may be shared only in limited circumstances and in compliance with international data transfer rules:
    • With overseas compliant server providers and technical operation service providers as necessary for platform operation;
    • In response to lawful requests from overseas judicial or regulatory authorities.
  3. Third-Party Platform Rules: This site contains third-party links and external service entries. Data activities occurring after users navigate to third-party platforms are governed by those platforms’ privacy policies, for which WhaleTu assumes no responsibility.

6. Cookies and Tracking Technologies

  1. We use cookies and similar tracking technologies to record browsing preferences, maintain login status, and optimize website access experience. These are necessary technical means for normal website operation.
  2. Users may refuse or clear cookies through browser settings. Doing so may affect part of the page experience but will not restrict core browsing functions.
  3. We do not engage in cross-website user tracking or collect cross-platform behavioral data, fully complying with GDPR and CCPA tracking requirements.

7. Your Data Privacy Rights

All global users enjoy the following privacy rights and may submit requests through official channels:

  1. Right to Know and Access: Request access to all personal data stored about you and details of how it is processed.
  2. Right to Rectification: Request correction or supplementation of inaccurate or incomplete data.
  3. Right to Erasure (Right to be Forgotten): Request deletion of your account, personal data, and public content. We will permanently erase such data within the compliance timeframe.
  4. Right to Restrict Processing: Request suspension of processing of your personal data.
  5. Right to Data Portability: Request export of your public content and personal data.
  6. Right to Withdraw Consent: Withdraw consent to this Privacy Policy at any time. Upon withdrawal, we will terminate data processing and delete relevant data.
  7. Right to Lodge a Complaint: File a complaint with your local privacy supervisory authority if you believe our data processing violates applicable laws.

Rights request email: legal@whaletu.com

8. Data Retention and Destruction

  1. We follow the principle of minimum retention time and retain user data only for the duration necessary to provide services.
  2. After account deletion or user-requested data deletion, we will permanently and thoroughly destroy personal data within the compliance period, retaining only anonymized community public content statistics.
  3. We retain only necessary anonymized logs for compliance and risk control purposes, which are automatically cleared after expiration. We do not retain meaningless data permanently.

9. Protection of Minors

  1. Our services are intended for adult users worldwide. We do not actively collect personal information from minors.
  2. If a guardian discovers that a minor has submitted personal data to this site without authorization, please contact us at legal@whaletu.com, and we will promptly delete the relevant data.

10. Data Security Measures

  1. We adopt internationally recognized data security protection technologies, including encrypted storage, access isolation, and access risk control, to prevent data leakage, tampering, loss, and unauthorized access.
  2. We have established comprehensive internal data management systems and strictly limit staff access to user data.
  3. In the event of a data breach or security incident, we will notify regulatory authorities and affected users as required by applicable laws.

11. Automated Decision-Making

We currently do not use automated decision-making systems that produce legal or similarly significant effects on users (including profiling). Should we adopt such technologies in the future, we will inform users in advance and obtain explicit consent.

12. Policy Updates and Notifications

  1. We reserve the right to update this Privacy Policy as needed based on international compliance rules and platform operational requirements.
  2. Updated policies take effect upon publication on the website without individual notification. Continued use of our services constitutes acceptance of the latest Privacy Policy terms.
  3. For material changes, we will provide prominent notice on the homepage or at user login.

13. Dispute Resolution and Governing Law

  1. This Privacy Policy is not governed by the legal system of mainland China. It is governed by the EU GDPR, the U.S. CCPA, and the international compliance rules of the server location.
  2. All privacy-related disputes shall first be resolved through friendly negotiation. If negotiation fails, disputes shall be handled through overseas general commercial and privacy dispute mediation mechanisms.