Our Privacy and Cookies Policy
Last updated: January 1, 2026
Rumo Adventures LLC (“Rumo”, “we”, “our”, or “us”) is committed to protecting and respecting your privacy. This Privacy and Cookies Policy explains how we collect, use, store, and protect personal information when you use the Rumo application and related services.
1. Who We Are
Rumo Adventures LLC operates the Rumo application and related services.
If you have questions about this policy or how your data is handled, you may contact us at: support@rumoadventures.com
If you have questions about this policy or how your data is handled, you may contact us at: support@rumoadventures.com
2. Information We Collect
We collect only the information necessary to provide and operate the service.
Personal Information
We do not sell your personal information and do not share it with third parties for advertising or marketing purposes.
Legal basis:
Article 6(1)(b) GDPR - performance of a contract
Article 6(1)(f) GDPR - legitimate interest (service security and operation)
Personal Information
We collect limited personal information, including:
- Email address
- Username
This information is used to:
- Create and manage your account
- Authenticate access to the service
- Communicate with you about your account or the service
We do not sell your personal information and do not share it with third parties for advertising or marketing purposes.
Legal basis:
Article 6(1)(b) GDPR - performance of a contract
Article 6(1)(f) GDPR - legitimate interest (service security and operation)
3. User-Generated Content
Users may create or upload content such as:
This content is stored to provide the service and may be visible to other users or visitors depending on how it is shared within the application.
You are responsible for ensuring that you have the right to upload and share any content you provide.
- GPX tracks
- Photos
- Comments or other shared materials
This content is stored to provide the service and may be visible to other users or visitors depending on how it is shared within the application.
You are responsible for ensuring that you have the right to upload and share any content you provide.
4. Data Storage and Processing
Personal data and user-generated content are stored and processed using secure cloud infrastructure. This includes storage in Amazon Web Services (AWS), such as Amazon S3, for the purpose of hosting, backing up, and delivering application content.
AWS acts as a data processor on our behalf and processes data only in accordance with our instructions. We rely on AWS's GDPR-compliant data processing agreements and appropriate technical and organizational safeguards to protect personal data.
AWS does not use your personal data for its own purposes.
AWS acts as a data processor on our behalf and processes data only in accordance with our instructions. We rely on AWS's GDPR-compliant data processing agreements and appropriate technical and organizational safeguards to protect personal data.
AWS does not use your personal data for its own purposes.
5. Cookies and Similar Technologies
Rumo uses strictly necessary cookies to enable core functionality and secure authentication.
These cookies:
Legal basis:
Article 6(1)(b) GDPR – performance of a contract (account creation and waitlist enrollment)
Article 6(1)(f) GDPR – legitimate interest (user-requested functionality and service operation)
These cookies do not require user consent under EU cookie regulations.
Certain temporary values used to support user flows (such as trip editing or personalized sign-up experiences) are stored using browser storage mechanisms and are removed once their purpose has been fulfilled.
These cookies:
- Are required for the service to function
- Are not used for advertising
- Are not used to track users across websites
- Are not shared with third parties
| Cookie Name | Purpose | Type | Duration |
|---|---|---|---|
| __Host-next-auth.csrf-token | Protects against cross-site request forgery attacks | Essential | Session |
| __Secure-next-auth.callback-url | Enables secure authentication redirection | Essential | Session |
Legal basis:
Article 6(1)(b) GDPR – performance of a contract (account creation and waitlist enrollment)
Article 6(1)(f) GDPR – legitimate interest (user-requested functionality and service operation)
These cookies do not require user consent under EU cookie regulations.
Certain temporary values used to support user flows (such as trip editing or personalized sign-up experiences) are stored using browser storage mechanisms and are removed once their purpose has been fulfilled.
6. Data Retention
We retain personal data only for as long as necessary to:
You may request deletion of your account and associated personal data at any time.
- Provide and maintain the service
- Meet legal or accounting obligations
- Resolve disputes
- Enforce agreements
You may request deletion of your account and associated personal data at any time.
7. International Users
Rumo is used internationally. If you are located in the European Union or European Economic Area, your personal data is processed in accordance with the General Data Protection Regulation (GDPR).
8. Your Rights Under GDPR
If you are located in the EU or EEA, you have the right to:
To exercise these rights, contact us at: support@rumoadventures.com
- Access your personal data
- Request correction of inaccurate data
- Request deletion of your data
- Restrict or object to processing
- Request data portability
- Lodge a complaint with a supervisory authority
To exercise these rights, contact us at: support@rumoadventures.com
9. Changes to This Policy
We may update this Privacy and Cookies Policy from time to time. Material changes will be communicated through the service or by email where appropriate.