Privacy Policy

TravelMaster · Skibbereen, County Cork, Ireland

Version 2.0 | Last updated: May 2026 | Effective date: 16th June 2026

1. Introduction

TravelMaster (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you:

use our website at https://travelmaster.ie/;
use the Travel Master mobile application on Apple iOS or Google Android; and/or
book or travel on our coach or event transport services.

This policy should be read alongside our Cookie Policy (https://travelmaster.ie/cookie-policy) and Terms & Conditions (https://travelmaster.ie/terms-conditions).

By using our Services, creating an account, or making a booking, you acknowledge that you have read this Privacy Policy. Where we rely on consent, you may withdraw it as described in Section 10.

2. Who is responsible for your data?

For the purposes of applicable data protection law — including the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018 — TravelMaster is the data controller for personal data processed through our Services, except where a third party acts as an independent controller (for example, payment processors) as described below.

Contact for privacy matters

Email	[email protected] (recommended: also create [email protected] before app store submission)
Postal address	TravelMaster, Skibbereen, County Cork, Ireland
Web contact form	https://travelmaster.ie/contact-us

3. Personal data we collect

We collect personal data depending on how you use our Services. Not all categories apply to every user.

3.1 Account and authentication data

When you register or log in (website or app), we may collect:

Data	Purpose
Full name	Account identification, bookings, customer support
Mobile phone number	Login via one-time password (OTP), account security, trip communications
Email address	Account recovery, booking confirmations, service updates
County (Ireland)	Service eligibility, routing, and regional offers
Guardian / parent email (if provided)	Where relevant for users under 16
OTP verification codes (processed in transit)	Authentication — not stored long-term in plain text
Account ID, username, role, account status	Account management
Access tokens / session identifiers	Keeping you signed in securely

We use passwordless authentication (OTP to your phone). We do not ask you to create or store a traditional password for our Services.

3.2 Booking and travel data

When you search, book, or travel with us, we may collect:

Data	Purpose
Selected event, date, pickup point, destination / county	Fulfil transport contract
Number of seats, booking type (e.g. individual / group)	Pricing and capacity
Passenger name(s) and phone number(s)	Passenger manifest, safety, and operational contact
Additional information provided at checkout	Special requirements, operational notes
Booking reference, ticket status, payment status	Service delivery and support
Purchase and transaction history	Records, refunds, disputes

3.3 Payment data

Payments are processed by third-party payment processors. We do not store full card numbers on our servers.

Processor	Data typically processed	Used on
Stripe	Card / payment method details, billing-related metadata, transaction IDs, fraud signals	Website and mobile app

Payment data is handled under Stripe’s privacy policy and PCI-DSS standards. See Section 8.

3.4 Location and maps data

Source	What is collected	Purpose
Device GPS (mobile app)	Precise location when you grant permission (typically while using the app)	Help you select your nearest pickup stop and improve booking UX
Pickup / stop information	Static addresses and coordinates of bus stops	Display stops, routes, and directions
Google Maps SDK	Map display and related technical data processed by Google when you use map features	Show maps and stop locations in the app and on the website

We do not use Google or other providers for OAuth or social sign-in. Google may process technical and usage data under Google’s Privacy Policy when you use Maps.

We do not use your device location for third-party behavioural advertising.

3.5 Usage, device, and technical data

Website and app data include:

Data	Source / notes
IP address, browser type / version, operating system	Server logs, security
Approximate location derived from IP	Analytics, fraud prevention
Pages / screens viewed, referral source, session duration	Service improvement
Device type, app version, language, time zone	App functionality and support
Push notification token (FCM)	Deliver trip and service notifications — see Section 3.6
Crash logs / in-app analytics	Not collected via Firebase Analytics, Crashlytics, or similar SDKs in the mobile app

Analytics tools (website only):

Service	Purpose
Google Analytics	Website usage statistics

3.6 Push notifications (mobile app)

We use Firebase Cloud Messaging (FCM) only for push delivery. We do not use Firebase Analytics, Crashlytics, or other Firebase measurement SDKs in the app.

With your permission, FCM sends push notifications about:

real-time trip updates (e.g. schedule changes, departure information); and
products and offers (e.g. events and TravelMaster services).

FCM may process device identifiers and notification delivery metadata. You can disable notifications in your device settings at any time.

We do not use third-party OAuth sign-in (e.g. Sign in with Apple or Google) for account access. Authentication is via phone number and OTP only.

3.7 Communications and marketing

Data	Purpose
Email / SMS / phone for newsletters or offers	Marketing (with consent where required)
Communication content and metadata	Support, complaints, record-keeping
Marketing preferences and unsubscribe status	Compliance with ePrivacy and marketing law
Email open / click analytics (if used)	Measure campaign effectiveness

You can opt out of marketing at any time (Sections 6 and 10).

3.8 Contact forms and support

Information you send via contact forms, email, phone, or in-app support, including enquiry content and related metadata.

3.9 Data we do not intentionally collect

We do not require you to provide special category data (for example, health or biometric data) unless you voluntarily include it in free-text fields or we are legally required to process it. Please avoid sending sensitive data unless we ask for it.

4. How we use your personal data

Under GDPR, we rely on one or more of the following legal bases:

Legal basis	Typical uses
Contract	Creating accounts, processing bookings, delivering transport, payments
Legitimate interests	Security, fraud prevention, service improvement, internal reporting, asserting legal claims — balanced against your rights
Consent	Marketing emails / SMS, non-essential cookies / trackers, optional app permissions where required
Legal obligation	Tax, accounting, regulatory requests, law enforcement

Main purposes include:

Operating accounts and authenticating users (OTP).
Processing bookings, payments, refunds, and customer support.
Sending service messages (booking confirmations, schedule changes, safety notices).
Improving our website, app, and services (analytics, troubleshooting).
Marketing our services where permitted and with appropriate consent.
Protecting passengers, staff, and property.
Complying with law and defending legal rights.

We process only what is adequate, relevant, and limited to what is necessary.

5. Cookies and similar technologies

Our website uses cookies and similar technologies. Essential cookies support login, security, and checkout. Analytics and functionality cookies are described in our Cookie Policy: https://travelmaster.ie/cookie-policy.

You can manage cookies through your browser settings. Blocking essential cookies may limit website functionality.

5.1 Mobile app — local storage and identifiers

The mobile app may store:

authentication tokens locally (secure storage where supported by the OS);
preferences (e.g. theme, session);
last-selected county or pickup preferences where applicable.

Device identifiers may be used for push notifications (FCM) as described in Section 3.6.

6. Marketing and advertising

We may send you information about events, offers, and TravelMaster services by email or SMS if you have opted in or where soft opt-in applies under Irish / ePrivacy rules.

Opt-out: unsubscribe links in emails, device notification settings (for push), or contact [email protected] or our contact form.
In-app / third-party ads: We do not display third-party behavioural advertising networks in the app. Push messages about our own trips and products are service and marketing communications as described in Section 3.6.

We do not sell your personal data.

7. How long we keep your data

We retain personal data for as long as needed for the purposes in this policy and as permitted by law.

Category	Retention
Account profile	For as long as your account is active; after closure, limited profile data may be retained where needed for legal or dispute purposes
Bookings and tickets	Retained on an ongoing basis as part of our operational and business records (manifests, customer service, legal claims)
Payment and transaction records	Retained on an ongoing basis for accounting, tax, chargebacks, and regulatory requirements
Marketing consents	Until you withdraw consent, plus a short suppression period to honour opt-out
Server logs	A limited period for security and troubleshooting (typically up to 12 months unless longer retention is required for an investigation)
CCTV	Not used on coaches
Support enquiries	Up to 3 years from the date of the enquiry

Even if you request account deletion (Section 10.1), we may continue to retain booking and payment records as above. Where possible, we will restrict use of closed-account data to legal, tax, and record-keeping purposes.

8. Sharing your data with third parties

We share personal data only where necessary:

Recipient type	Why we share	Examples
Payment processors	Process card payments	Stripe
Cloud hosting / IT	Run website, app, and databases (hosting location managed by our providers; contact us if you need details)	Our infrastructure and API providers
Maps and location services	Maps and stop display	Google Maps Platform
Push notifications	Trip and product notifications only (not analytics)	Google Firebase Cloud Messaging (FCM)
Analytics providers	Website usage statistics only	Google Analytics
Communications	Email / SMS and customer messages	Our email and messaging systems
Professional advisers	Legal, accounting, insurance	Lawyers, auditors, insurers
Authorities	Legal compliance	Police, courts, regulators when lawfully required

Third parties process data under contracts requiring appropriate security and, where applicable, GDPR-compliant processing terms. Some act as independent controllers — their privacy policies govern their processing:

Stripe: https://stripe.com/privacy
Google (Maps, Analytics, Firebase / FCM): https://policies.google.com/privacy
Firebase: https://firebase.google.com/support/privacy

We do not authorise third parties to use your data for their own marketing without your consent.

8.1 International transfers

TravelMaster is based in Ireland (EEA). Our primary operations and data protection governance are in Ireland.

Some service providers — including Stripe, PayPal and Google (Maps, Analytics, FCM)— may process data in countries outside the EEA, including the United States. Where required, we rely on appropriate safeguards such as the provider’s GDPR commitments, Standard Contractual Clauses, or other mechanisms approved under EU data protection law.

We do not maintain a separate public list of server locations. If you have questions about where data is processed, contact [email protected].

9. Security

We implement technical and organisational measures appropriate to the risk, including:

encryption in transit (HTTPS / TLS) for data sent between your device and our servers;
access controls and authentication for systems holding personal data;
use of reputable payment processors for card data;
secure storage of session tokens on mobile devices where the operating system supports it.

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately.

10. Your rights

If you are in the EEA or UK, you have the following rights (subject to conditions and exemptions):

Access — request a copy of your personal data.
Rectification — correct inaccurate or incomplete data.
Erasure — request deletion in certain circumstances.
Restriction — limit processing in certain cases.
Data portability — receive data you provided in a structured, machine-readable format where processing is based on contract or consent and is automated.
Object — object to processing based on legitimate interests or direct marketing.
Withdraw consent — where processing is based on consent (e.g. marketing).
Complaint — lodge a complaint with the Irish Data Protection Commission: https://www.dataprotection.ie.

How to exercise your rights: email [email protected], use our contact form (https://travelmaster.ie/contact-us), or write to our postal address. We may need to verify your identity. We respond within one month, extendable where complex.

10.1 Account deletion

You may request closure of your account and deletion of personal data that is not required to be kept by contacting [email protected] or via our contact form.

When we process your request we will:

deactivate your account and stop using your data for marketing;
delete or anonymise data where we have no lawful reason to keep it; and
retain booking, payment, and related transaction records on an ongoing basis as described in Section 7 (including for tax, accounting, passenger records, and legal claims).

Account deletion does not cancel confirmed upcoming travel. Contact us separately for booking changes or refunds under our Terms and Conditions.

We aim to complete verified requests within 30 days.

11. Children’s privacy

Our Services are not directed at children under 16. Users under 16 should only use the Services with the involvement and consent of a parent or guardian. Where we collect a guardian email at registration, it is used in line with this policy.

If you believe we have collected personal data from a child under 16 without appropriate consent, contact [email protected] and we will take appropriate steps to review and delete data where required.

12. Automated decision-making

We do not use solely automated decision-making that produces legal or similarly significant effects on you without human involvement.

13. Third-party links and social media

Our Services may link to third-party websites, event venues, or social platforms. Their privacy practices are not controlled by TravelMaster. Embedded content (videos, social widgets) may collect data under the third party’s policy.

Official TravelMaster social accounts may receive information you choose to share with us there. We will never ask for your passwords on social media.

14. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Material changes may be notified via the app, website, or email where appropriate.

Continued use of our Services after changes take effect constitutes acceptance of the updated policy, except where further consent is required by law.

15. App store disclosures

For Apple App Store and Google Play listings, this policy is publicly available at:
https://travelmaster.ie/privacy-policy (after publication).

Data type	Collected	Linked to user	Used for
Contact info (name, email, phone)	Yes	Yes	Account, bookings, support
Financial info (via Stripe)	Yes	Yes	Payments
Precise location (GPS)	Yes (with permission)	Yes	Pickup stop selection
Coarse location / Maps	Yes	Yes	Maps (Google Maps SDK)
Identifiers (device / session, FCM token)	Yes	Yes	Auth, push notifications
Usage data	Yes (website: Google Analytics)	No dedicated in-app analytics SDK	Service improvement
Diagnostics / crash data	No (no Firebase Crashlytics or similar)	No	—

Permissions to declare: Location (while in use), Notifications. Not used: PayPal, OAuth sign-in.

Align App Store Privacy Nutrition Labels and Google Play Data Safety form with this policy and actual SDK behaviour.

16. Contact us

Privacy and data requests	[email protected]
Phone	021 2347268
Web	https://travelmaster.ie/contact-us
Postal address	TravelMaster, Skibbereen, County Cork, Ireland

Our Services are intended primarily for users in Ireland. Irish and EU data protection law applies.

Document history

Version	Date	Notes
1.0	April 2022	Legacy website-only policy (SEQ Legal template)
2.0	[16/06/26]	Website + mobile app; GDPR 2018; store-ready structure

Privacy Policy

Login

Register