Privacy Policy

• We do not create user accounts or store personal profiles
• We do not store your payment card details
• We do not sell or share your data with advertisers
• Query results and access tokens are stored locally in your browser only
• Location inputs you type are sent to Google Maps to calculate routes
• City and country data is sent to Anthropic to generate travel guidance

2a. Location queries

When you enter a pickup and destination address, those addresses are transmitted to Google Maps Platform APIs (Distance Matrix, Directions, Places) to calculate route distance and duration. Google's use of this data is governed by the Google Privacy Policy.

2b. City and country

The city and country of your pickup location (e.g. “Bangkok, Thailand”) is sent to Anthropic's Claude API to generate taxi scam warnings, tipping recommendations, and driver phrases. No address-level detail is sent — only the city and country name. Anthropic's use of data is governed by the Anthropic Privacy Policy.

2c. Payment information

When you pay $0.99 for a query, you are redirected to a Stripe-hosted checkout page. Hootling never sees, handles, or stores your card number, CVC, or banking details. Stripe's data practices are governed by the Stripe Privacy Policy.

After successful payment, Stripe notifies us that a session was completed. We store a record that the session ID was used (to prevent token replay), but this record contains no personal or financial information.

2d. Browser storage

We store the following data locally in your browser:

• localStorage: A JWT access token (valid 30 minutes) that grants access to query results. Cleared when you start a new search or the token expires.
• sessionStorage: Your form inputs (pickup and destination) are temporarily saved before a payment redirect so they can be restored when you return. This data is cleared after use.
• localStorage (language): Your selected display language preference (e.g. “es” for Spanish). No personal data.

None of this browser-stored data is transmitted to Hootling servers.

• Name, email address, or any contact information
• Device identifiers, IP address, or fingerprinting data
• Browsing history or cross-site tracking
• Precise GPS location (you type addresses manually)
• Analytics or behavioural tracking cookies

Hootling does not use advertising cookies or tracking pixels. We use no cookies at all — only browser localStorage and sessionStorage as described above, which are not cookies and are not transmitted to any server.

We use Vercel Analytics, a privacy-first tool that does not use cookies, does not track individuals across sites, and collects only aggregate, anonymous data (page URL, referrer, country, browser type). No personal data is collected or stored by Vercel Analytics, and it is designed to be GDPR-compliant.

AI query results (scam warnings, tipping guides) are cached on our servers for up to 7 days to improve performance and reduce costs. These cache entries contain only the city/country name and the AI-generated response — no personal data.

Payment session records (used/not-used status) are retained for 24 hours to prevent token replay attacks, then automatically deleted.

Hootling is not directed to children under the age of 13. We do not knowingly collect any information from children. If you believe a child has used the Service and provided any personal information, please contact us and we will take steps to remove it.

Hootling is designed for international travellers and is accessible worldwide. By using the Service, you acknowledge that data (such as your location query and city name) may be processed in countries where our third-party providers (Google, Anthropic, Stripe, Vercel) operate, which may have different data protection laws than your country.

Australian users: Your privacy is protected under the Privacy Act 1988 (Cth) and the Privacy and Data Protection Act 2014 (Vic). Since we do not collect personal information as defined under the Act (we collect no names, emails, or persistent identifiers), the Australian Privacy Principles have minimal practical application to our Service.

EEA & UK users: You have rights under GDPR/UK GDPR including the right to access, rectify, or erase personal data. Since we collect no personal data directly, most GDPR rights are satisfied by default.

For any privacy enquiry or data subject request, contact us at privacy@hootling.com. We aim to respond within 30 days.

We may update this policy periodically. The “Effective” date at the top reflects the most recent update. Significant changes will be noted on the Service.

Privacy questions or requests: privacy@hootling.com