Despegar's data privacy policy is available on our website. The policy ensures the responsible use of data, which is stored and processed only after obtaining our customers' consent to how we collect, use and protect personal information. Our policy also explains how Despegar complies with all applicable privacy laws and regulations.

Following the implementation of LGPD (data protection in Brazil), we are improving our Data Protection proficiency by developing the following capabilities as part of a continuous process improvement.

Data Mapping and Data Discovery Process Implementation:

A process of auditing, monitoring and documenting the business processes in which we are using Private Identifiable Information (PII) of our customers, including where that information is stored.

PII Encryption and Obfuscation:

We are working on the obfuscation of all Personally Identifiable Information transit. Encryption transit is already in place.

Third Party Assurance Process Implementation:

We ensure that our suppliers comply with our Cybersecurity and Data Protection standards.

DLP Solution:

We implemented a Data Loss Prevention system capable of detecting leakage of sensitive or confidential information.