Privacy policy

How we handle personal information when you browse our site, request a trek, or book with Adventure Shubha Nepal.

Last updated 4 April 2026

Scope

This notice describes how Adventure Shubha Nepal collects and uses personal information when you use our public website, request trip information, or interact with booking and review flows connected to this site. It reflects how our systems are built today using Payload CMS and a PostgreSQL database behind the scenes.

What we collect

Depending on what you do on the site, we may process:

  • Contact and trip details you send us. When you submit an inquiry about a package, use the trek matcher and email your shortlist, complete a booking request, or use embedded contact forms, we typically receive your name, email address, optional phone number, country where relevant, and the message or preferences you typed. Booking requests also include dates, traveller counts, and the package you selected. Some inquiry types may ask for travel dates, group size, or budget when that field applies.
  • Reviews. If you submit a review through our review flow, we store the details you provide (such as name, email, optional phone, country, rating, written feedback, and trip or booking references our staff use to verify the visit).
  • Form blocks on pages. Some pages built in the CMS include contact or other forms. Those submissions are stored in our Payload "form submissions" records so staff can read and reply, alongside the fields defined for that form.
  • Technical data from your browser. Like most sites, our servers and hosting receive standard technical signals when you load a page, for example IP address, browser type, and rough timing information. We may also receive performance metrics (such as load speed indicators) to keep the site reliable.

How we use it

We use this information to:

  • Respond to questions, send quotes, and coordinate treks and tours you ask about
  • Process and manage booking requests and related follow up
  • Operate internal tools in Payload (inquiries, bookings, reviews, activity logs) so staff can work from one place
  • Send operational email such as inquiry notifications through our email provider when a new lead arrives
  • Improve the website, fix errors, and understand aggregate traffic patterns where analytics is enabled

We do not sell your personal information as a product. We use it to run the trekking and tour business you contacted.

Where it is stored and security

Data you submit through the site is stored in our Payload CMS database (PostgreSQL) and is accessible only to authorised staff accounts (for example administrators and editors) through the admin panel and internal workflows. Media you upload where the product allows it (such as a review photo) is stored as files linked to that record, similar to other images on the site.

We apply reasonable technical and organisational measures appropriate to a small tour operator, including access control on the CMS, HTTPS on the public site, and careful handling of credentials and API keys on the server. No online system is perfectly secure; if we become aware of a breach that affects you, we will take steps consistent with applicable law.

Email

Transactional messages tied to inquiries or similar events may be sent through Resend (or a comparable provider configured in our environment) from addresses we control. Those messages relate to your request, not bulk marketing, unless you separately agree to marketing and we honour opt out where required.

Analytics and cookies

If our deployment has Google Analytics enabled, Google may set cookies and process usage data according to Google's policies. You can use browser settings or official opt out tools to limit ad or analytics cookies where available.

Staff who sign in to the Payload admin panel receive an authentication cookie for that session. That cookie is for operators only, not for general visitors browsing packages.

The site may store a simple preference in your browser's local storage (for example when you dismiss a small on screen prompt). That value stays on your device and is not uploaded to our database unless you submit a form.

Retention

We keep inquiry, booking, and review records for as long as we need them to operate the business, meet accounting or legal obligations, and resolve disputes. Exact retention periods can vary by record type and local requirements. If you want a copy or correction of what we hold about you, contact us using the details below and we will respond in line with applicable law.

Third party services

We rely on service providers that may process data on our behalf, including:

  • Hosting and infrastructure for the Next.js application and API routes
  • Database hosting for PostgreSQL
  • Email delivery (for example Resend)
  • Analytics (for example Google Analytics when configured)

Those providers act under instructions and contracts where we use them, and only to support the purposes above.

Your choices

You may ask to access, correct, or delete personal information we hold where the law in your country gives you that right. We will verify reasonable requests and may need to keep certain records where the law requires. Contact us at the email or phone number published on this site (for example on the About or Contact section).

Children

Our site is aimed at adults planning travel. We do not knowingly collect personal information from children for marketing. If you believe a child has sent us data in error, contact us and we will delete it where appropriate.

Changes

We may update this notice when our website, CMS fields, or legal requirements change. The date at the top of the page shows the latest revision. Continued use of the site after an update means you accept the revised notice where the law allows.

Contact

For privacy questions, write to us using the contact details shown on the website (postal address in Kathmandu, Nepal, where we operate). We will aim to reply within a practical timeframe.

Privacy·Terms