Your Information

Privacy Policy.

Last updated May 2026 · VIAIVE, a travel advisory affiliated with Fora

Who we are

Viaive is a private travel maison operated as a travel advisory affiliated with Fora. The site is accessible at viaive.com. Questions about this policy can be directed to hello@viaive.com.

Data we collect

We collect the following categories of data: (1) Contact and correspondence data — name, email address, and the content you submit through the correspondence form or newsletter signup. (2) UTM attribution parameters — campaign source, medium, campaign name, term, and content appended to inbound URLs. These are stored in session storage and attached to correspondence and newsletter records. (3) Consent state — your analytics preference ("accepted", "declined", or "gpc"), stored in your browser's localStorage under the key "viaive.consent.v1". (4) Server request data — IP address and request headers logged transiently by Vercel's hosting infrastructure. These logs are not stored by Viaive and are subject to Vercel's own data retention policy. (5) Email delivery data — delivery status, bounce status, and provider message identifiers for transactional emails sent via Brevo.

Legal basis for processing

Where EU GDPR or UK GDPR applies: (a) Brief submissions and transactional emails are processed on the basis of contract performance — you initiated contact and we are responding to your request. (b) Newsletter subscriptions are processed on the basis of consent, confirmed via double opt-in. (c) Analytics are processed on the basis of your explicit consent via the banner. (d) Essential operational data (server logs, admin session state) are processed on the basis of legitimate interests in operating a functional and secure website. Where CalOPPA or CCPA applies: we do not sell personal information.

Analytics and tracking

Viaive uses Vercel Web Analytics. This service is cookieless — it does not set any cookies, does not use fingerprinting, and does not collect personal data or cross-site identifiers. Analytics events are only dispatched after you accept analytics via the consent banner, or if you have previously accepted. If your browser sends a Global Privacy Control (GPC) signal, analytics are automatically declined regardless of any prior stored preference. No Google Analytics, Meta Pixel, LinkedIn Insight Tag, or other third-party trackers are active on this site.

Cookies actually set

Viaive does not set first-party analytics cookies. The only cookies set on this domain are: (1) Payload CMS session cookies — set only on /admin routes for authenticated admin users; not accessible from public routes; expiry follows your Payload session timeout. No cookies are set on public pages (/, /the-journal, /destinations, /what-we-arrange, /privacy, /terms, /affiliate-disclosure, /cookies). Your consent preference is stored in localStorage — not a cookie.

Third-party processors

We share data with the following processors: (1) Brevo (Sendinblue SAS) — email delivery for transactional emails (brief acknowledgment, admin notifications) and newsletter. Brevo processes your email address, name (if provided), and brief content as required to deliver messages. Data Processing Agreement: available at brevo.com/legal/dpaterms. (2) Vercel Inc. — hosting and edge delivery. Vercel transiently processes server request data including IP addresses. DPA: vercel.com/legal/dpa. (3) Supabase Inc. (bruloe-core project) — database storage for brief submissions, newsletter signups, and admin content. Data is isolated in the viaive schema. DPA: supabase.com/legal/dpa. (4) Cloudflare Inc. (R2 storage) — media file storage. DPA: cloudflare.com/cloudflare-customer-dpa.

Data retention

Correspondence records are retained for 36 months from submission, then deleted or anonymised. Newsletter subscriber records are retained until you unsubscribe. Transactional email logs (delivery status) are retained for 12 months. Analytics event data held by Vercel follows Vercel's own retention policy (90 days for raw events). Server logs on Vercel are retained per Vercel's default policy.

Your rights

Depending on your jurisdiction, you may have the right to access, correct, export, restrict processing of, or delete your personal data. You may also withdraw consent for analytics at any time by visiting /cookies and selecting "Essential only." To exercise data subject rights, email hello@viaive.com. We will respond within 30 days. See our data-subject-requests process at docs/legal/data-subject-requests.md (published on request).

AI crawlers and scraper policy

This site's robots.txt and related directives govern automated access. As a content-driven site, we permit reputable search engine and AI-assistant crawlers (including Googlebot, ClaudeBot, GPTBot, PerplexityBot, and similar) to index publicly available content. We do not permit scraping or crawling of admin routes, API endpoints, or user-submitted data.

Changes to this policy

We may update this policy to reflect changes in law, technology, or our practices. Material changes will be noted in the "effective" date above. Continued use of the site following a change constitutes acceptance.

Contact

Privacy questions, data subject requests, and DPA enquiries: hello@viaive.com. General correspondence: hello@viaive.com.