Legal

Privacy Policy

Last updated: July 2026

This policy explains what data we collect on hyka.org and myhyka.com, why, and what your rights are. We've kept it readable on purpose. Short version: we collect what we need to run the product and improve it, we don't sell your data, and payments are handled by Stripe so we never see your card details.

Data controller: [LEGAL ENTITY NAME] · [ADDRESS] · Chamber of Commerce (KvK): [NUMBER] · Contact: [email protected]

1. What we collect, and why

a) Anonymous usage data (everyone)

When you visit our websites we log events such as page views, clicks on buttons, which trail pages you open and how far you scroll. Each visitor gets a random visitor ID (stored in your browser) so we can see, for example, how many people who land on a trail page also reach the checkout.

We also capture where you came from (e.g. an Instagram link or a Google ad, via so-called UTM parameters) so we know which channels work.

Why: to understand and improve the product and our marketing. Legal basis: legitimate interest.

b) Session recordings (Microsoft Clarity)

We use Microsoft Clarity to understand how visitors use our pages: anonymised session replays, heatmaps and interaction data. Text you type into forms is masked and payment pages (Stripe) are never recorded, because they run on Stripe's own domain. Clarity may use cookies/local storage; see section 4. Microsoft processes this data as described in its own privacy statement.

Why: to see where people get stuck and fix it. Legal basis: consent where required, otherwise legitimate interest.

c) Account data (buyers)

If you buy a guide and create an account (e.g. via Google sign-in) we store: your name, e-mail address, the guides you own, and the plans and adjustments you make (your itinerary choices, notes, gear lists, journal entries).

Why: without this we can't deliver, save and sync your purchase. Legal basis: performance of a contract.

d) Purchase data

When you buy, Stripe processes your payment. We never see or store your card number. We receive and keep: what you bought, the amount, the e-mail used at checkout, a payment reference, and the marketing source of the purchase (e.g. "came via a Google ad"). We keep purchase records as long as tax law requires (7 years in the Netherlands).

Why: delivering your guide, refunds, bookkeeping, and knowing which marketing channels lead to sales. Legal basis: contract + legal obligation + legitimate interest (attribution).

e) E-mail

If you contact us, pre-order a guide or join a waitlist, we store your e-mail and our correspondence. We only send you e-mail about your purchase, your pre-order, or things you explicitly signed up for. No spam, and every marketing e-mail has an unsubscribe link.

Legal basis: contract / consent.

2. What we do NOT do

3. Who else touches your data (processors)

We use a small set of service providers to run HYKA. They process data on our instructions:

ProviderPurposeNotes
StripePayments & refundsSees your payment details; we don't
Microsoft ClaritySession recordings & heatmapsInputs masked
Google (sign-in)Account loginOnly if you choose Google sign-in
Hosting & database providersRunning the websites and storing dataEU/US with appropriate safeguards
E-mail providerTransactional e-mailPurchase confirmations, refunds

Where data is processed outside the EU/EEA (for example by US providers), this happens under appropriate safeguards such as the EU–US Data Privacy Framework or standard contractual clauses.

4. Cookies and local storage

We use:

We do not run third-party advertising cookies on our sites. Where the law requires consent for non-essential cookies, we ask for it via a consent notice.

5. Affiliate links

Some links in guides (accommodations, transport, gear, insurance) are affiliate links. If you click one, the partner may set its own cookies on their site and may pay us a commission for your booking or purchase. Their processing is governed by their own privacy policies. We only see aggregate statistics (e.g. "12 clicks to this booking partner"), not what you personally booked.

6. How long we keep data

7. Your rights (GDPR)

You have the right to access, correct, delete and export your personal data, to object to or restrict processing, and to withdraw consent at any time. E-mail [email protected] from the address concerned and we'll handle it within 30 days — usually much faster.

You also have the right to complain to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), but feel free to e-mail us first; we prefer solving things directly.

8. Security

Data is transmitted over HTTPS, stored with access controls, and payment processing is fully delegated to Stripe (PCI-DSS certified). No system is perfectly secure, but we follow current good practice and keep the amount of personal data we hold deliberately small.

9. Children

HYKA is not directed at children under 16. We do not knowingly collect their data.

10. Changes

We may update this policy as the product evolves. Material changes will be announced on the website. The date at the top always tells you the current version.

11. Contact

Privacy questions, requests or concerns: [email protected]