Privacy

We host in the EU (Frankfurt) and process only aggregated daily data – no guest or staff data.

Data processing agreement under GDPR Art. 28 is the default. Sub-processors with access to personal data: Anthropic (model inference, EU region). Third-party providers for public weather, event and cruise data do not receive personal data.

You can request access, rectification or deletion of your data at any time at privacy@finrev.io.

Accessibility profile (GDPR Art. 9)

On vibeofthe.city, users may voluntarily create an accessibility profile (mobility, vision, hearing, cognitive, sensory, medical dietary needs). This data is a special category of personal data within the meaning of GDPR Art. 9(1).

Legal basis: explicit consent under GDPR Art. 9(2)(a). Consent is collected via a separate form and is the only basis on which we process this data.

Purpose: solely to personalise travel recommendations for the consenting user. The data is not sold, not used for advertising, not shared with third parties, and not included in aggregated analytics.

Retention: until consent is revoked or the user account is deleted, whichever comes first. Consent can be revoked in one click under Account → Accessibility. After revocation, profile data is deleted immediately; an audit record of the revocation is kept for GDPR Art. 5(2) accountability.

Recipients: none. The data is processed exclusively on our EU servers.