top of page

​Outatime Kennebunkport Tours Privacy Policy

​​​

Last updated: September 23, 2025

 

We respect your privacy. This Policy explains what we collect through our website contact form and online booking engine, how we use it, and the choices you have. By using our site and services, you agree to this Policy.

​

Quick summary

  • We collect only what we need to reply to you and complete your booking.

  • We never sell your personal information.

  • Payments are processed by a PCI-compliant provider — we don’t store full card numbers.

  • You can request access, correction, or deletion at any time.

 

1) Who we are

Outatime Kennebunkport Tours (“Outatime,” “we,” “us,” “our”) operates walking tours in and around Kennebunkport, Maine.
 

2) What this Policy covers

  • Information collected via:

    • Contact Us form on our website.

    • Booking engine (including any embedded or linked third-party checkout).

  • Basic website analytics and cookies related to the above.

 

3) Information we collect

 

A. Contact form

  • Identifiers: name, email, phone (optional).

  • Message details: tour interests, party size, preferred dates, and any other info you share.

B. Booking engine

  • Booking details: name, email, phone, party size, tour date/time, special requests.

  • Payment details: handled by our payment processor (e.g., last 4 digits, auth status).

    We do not store full credit/debit card numbers on our servers.

C. Cookies & analytics

  • Technical data: IP address, device/browser type, pages viewed, time on page, and referrers.

  • Functional cookies: remember preferences (e.g., selected tour/date).

  • Analytics cookies: understand site performance and improve the experience.

You can manage cookies through your browser settings or a cookie banner (if enabled).

 

4) How we use your information

  • Provide services: answer inquiries, create/manage bookings, send confirmations and reminders.

  • Customer support: handle changes, cancellations, and special accommodations.

  • Business operations: improve tours, site performance, safety, and fraud prevention.

  • Legal & compliance: tax/audit requirements, dispute resolution, and enforcing terms.

  • Marketing (lightweight): with your consent or as allowed by law, we may send updates about new tours or seasonal offers. You can opt out anytime.

 

5) Legal bases (EEA/UK visitors)

Where GDPR/UK GDPR applies, we process data based on:

  • Contract (to provide your booking and support),

  • Legitimate interests (site security, service improvements), and

  • Consent (optional marketing, certain cookies).

 

6) Sharing your information

We share only with service providers who help us run our business, under confidentiality and data-processing terms:

  • Booking & payment processors (to take and manage reservations and payments).

  • Email/SMS providers (to send confirmations and reminders).

  • Analytics & site hosting (to operate and secure our website).

  • Professional advisors and authorities (only when required by law).

We do not sell your personal information. We do not share it for cross-context behavioral advertising.

 

7) Payments

Payments are processed by a PCI-compliant payment processor. We receive confirmation of payment status but do not store full card numbers, CVV, or unmasked payment data on our servers.

 

8) Data retention

  • Contact form inquiries: typically retained up to 24 months after last interaction.

  • Booking records & receipts: retained as required for tax, accounting, and legal compliance (often 7 years in the U.S.).

  • Analytics logs/cookies: kept per tool defaults or as configured to meet our business needs and legal obligations.

We’ll keep data longer if necessary to resolve disputes or meet legal requirements.

 

9) Your choices & rights

  • Access/Update/Delete: email us to access, correct, or delete your information (subject to legal exceptions).

  • Marketing opt-out: use the unsubscribe link in emails or contact us.

  • Cookies: manage via your browser or our cookie banner (if shown).

 

California (CPRA)

California residents can request:

  • Access/Deletion/Correction of personal information.
    We do not sell or share personal information as defined by CPRA. Submit requests via the contact details below.

 

EEA/UK (GDPR)

You may also have the right to object to certain processing, request restriction, data portability, and lodge a complaint with your local supervisory authority.

 

10) Security

We use reasonable administrative, technical, and physical safeguards to protect personal information. No method of transmission or storage is 100% secure, but we work to protect your data and limit access to those who need it.

 

11) Children’s privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided data, contact us and we’ll delete it.

 

12) International transfers

If you access our site from outside the U.S., your information may be processed in the U.S. and other countries. Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) with our processors.

 

13) Do Not Track

Browsers may send “Do Not Track” signals. At this time, our site does not respond to DNT signals. You can still manage cookies as described above.

 

14) Changes to this Policy

We may update this Policy from time to time. Material changes will be posted on this page with a revised “Last updated” date.

​

bottom of page