This Privacy Notice for Adlift Media Group Corp. ('we', 'us', or 'our') describes how and why we might access, collect, store, use, and/or share ('process') your personal information when you use our services, including when you:
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at support@adliftmedia.com.
This summary provides key points from our Privacy Notice. You can find more detail in the linked sections or the full table of contents below.
In Short: We collect personal information that you provide to us.
We collect personal information that you voluntarily provide to us when you register on the Services, express interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided by You. The personal information we collect may include:
Sensitive Information. We do not process sensitive information.
Social Media Login Data. We may provide you with the option to register with us using your existing social media account details (Facebook or Google). If you choose to register this way, we will collect certain profile information about you from the social media provider, as described in How do we handle your social logins? below.
All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.
In Short: Some information — such as your Internet Protocol (IP) address and browser/device characteristics — is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies. See our Cookies section for details.
The information we collect includes:
For details on how we handle this data in our first-party event tracking (including how we strip IP, user-agent, and referrer fields for anonymous conversion tracking), see Tracking and analytics within Section 6 below.
Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
We process your personal information for a variety of reasons, depending on how you interact with our Services:
In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e. legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfil our contractual obligations, to protect your rights, or to fulfil our legitimate business interests.
If you are located in the EU or UK, this section applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on to process your personal information. We may rely on the following:
If you are located in Canada, this section applies to you.
We may process your information if you have given us specific permission (express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (implied consent). You can withdraw your consent at any time. Residents of Quebec are subject to the more restrictive consent model under Quebec's Law 25 (see Section 6 for region-specific defaults).
In Short: We may share information in specific situations described below and with the categories of third parties listed.
Vendors, Consultants, and Other Third-Party Service Providers. We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties designed to safeguard your personal information.
The categories of third parties we may share personal information with are:
We may also need to share your personal information in the following situations:
In Short: We are not responsible for the safety of any information that you share with third parties that we may link to or who advertise on our Services, but are not affiliated with our Services.
The Services may link to third-party websites, online services, or mobile applications and/or contain advertisements from third parties that are not affiliated with us and which may link to other websites, services, or applications. Accordingly, we do not make any guarantee regarding any such third parties, and we will not be liable for any loss or damage caused by the use of such third-party websites, services, or applications. The inclusion of a link toward a third-party website, service, or application does not imply an endorsement by us. We cannot guarantee the safety and privacy of data you provide to any third-party websites. Any data collected by third parties is not covered by this Privacy Notice. We are not responsible for the content or privacy and security practices and policies of any third parties.
In Short: We use cookies and similar tracking technologies. Third-party tags are consent-gated; our first-party event tracking is anonymized at source.
We use cookies and similar tracking technologies (like web beacons and pixels) to gather information when you interact with our Services. Some online tracking technologies help us maintain the security of our Services and your account, prevent crashes, fix bugs, save your preferences, and assist with basic site functions.
To the extent these online tracking technologies are deemed to be a 'sale' or 'sharing' (which includes targeted advertising, as defined under applicable laws) under US state laws, you can opt out by clicking the "Do not sell or share my information" link in the consent banner or by visiting your account preferences.
NoSetDestination uses two distinct categories of tracking, each governed by a different consent model.
We load tags from third-party advertising and analytics providers including Google Analytics 4, Google Ads (via Google Tag Manager), and Meta Pixel. These tags are governed by your consent choices through our consent management platform.
We use Google Consent Mode v2 to communicate your consent state to all Google tags on every page. Defaults are set per region in accordance with applicable law:
For users in opt-in regions who decline consent, Google tags transmit only cookieless signals so aggregate conversions can be measured without storing any user-level identifiers in your browser.
Separately, we record aggregate event counts on our own infrastructure to measure conversion volume across paid-traffic campaigns. For anonymous visitors (anyone not signed in with an account), we strip the following identifying data before any event is processed or stored:
What remains is purely aggregate: the type of action (e.g., affiliate-link click), the tour or page involved, the placement of the call-to-action, the affiliate destination, and a timestamp. None of this individually identifies a visitor. Because anonymous event records do not constitute personal data under privacy regulations including the GDPR (recital 26), we fire these events regardless of consent banner state — they are counts, not user records.
For signed-in users, the event also carries your NoSetDestination user identifier, which you agreed to associate with engagement records when you created your account. Signed-in events are retained as part of your account profile and are subject to the deletion request process described in Section 7 below.
Like all web servers, our hosting infrastructure records standard access logs (IP address, request path, response code, timestamp) for the purpose of system reliability, abuse prevention, and security monitoring. These logs are retained for a limited operational window and are not joined with marketing or analytics data.
Anonymous conversion event records are automatically purged 30 days after creation. Signed-in user event histories are retained as long as your account is active, and are deleted when you submit an account-deletion request.
We may share your information with Google Analytics 4 to track and analyse the use of the Services, gated by your consent preferences. To opt out of being tracked by Google Analytics across the Services, visit https://tools.google.com/dlpage/gaoptout. You can opt out of Google Analytics Advertising Features through Ads Settings. For more information on the privacy practices of Google, please visit the Google Privacy & Terms page.
We may, in the near future, add Microsoft Clarity to anonymously measure how users interact with our Services (e.g. heatmaps, session aggregates). When enabled, Clarity will be consent-gated through the same consent management platform — it will not load for users who have denied analytics consent. For more information, see Microsoft's privacy statement.
In Short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you. You can disconnect and delete your account at any time.
Our Services offer you the ability to register and log in using your Google or Facebook account. Where you choose to do this, we will receive certain profile information from your social media provider — typically your name, email address, and profile picture. We will use this information only for the purposes described in this Privacy Notice. Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider.
NoSetDestination uses the official Meta Facebook Login integration for secure single sign-on. Our app only requests access to your basic, non-sensitive profile attributes: public_profile (used to display your first name and avatar on your account) and email (used as a verified account identifier). We do not request extended social-graph data, and we do not use it for behavioral advertising.
While our parent entity, Adlift Media Group Corp., maintains an independent B2B corporate privacy notice covering its agency operations at adliftmedia.com/privacy.html, this consumer property uses a separate, consumer-optimized data architecture. End-user profiles are stored in encrypted Amazon Web Services (AWS DynamoDB) records and synchronized with Brevo for delivering user-requested itineraries and email communications.
How to request account and data deletion. In compliance with Meta Platform rules, you have full control over your account data. You can disconnect your Facebook session and request permanent deletion of your account record by either method below:
Meta App Data Deletion Request.In Short: Push notifications are an opt-in channel for watchlist alerts, price drops, and related editorial updates. You can disable them at any time via your browser.
When you enable push notifications on NoSetDestination — by clicking "Turn Push Alerts On" or accepting your browser's permission prompt — you consent to receive notifications from us covering:
We send sparingly. Most active users will see at most a few notifications per week.
Your subscription record contains your browser's Firebase Cloud Messaging (FCM) token, the website you subscribed from, the date you subscribed, your browser's user agent string, and — if you're signed in — your NoSetDestination user identifier. As you browse our site, we may add tours and destination regions you've shown interest in to your subscription record so alerts can be relevant to you. If you subscribe without an account, your subscription record is keyed only by your browser's token and contains no personally identifying information beyond browser metadata.
We retain subscription records until you unsubscribe, your browser revokes push permission, or we detect repeated delivery failures over time (at which point we mark the subscription inactive automatically).
Push notifications are delivered through Google's Firebase Cloud Messaging service. Subscription records are stored in Google Cloud Datastore. Both run on Google Cloud infrastructure in the United States. Google's processing is governed by Google's privacy terms in addition to ours.
In Short: Our servers are located in the United States; some processors operate in other countries.
Our primary infrastructure (Amazon Web Services and Google Cloud Platform) is hosted in the United States. Some of our service providers may process data in other countries — for example, Brevo (email delivery) operates from the European Union. Regardless of your location, your information may be transferred to, stored by, and processed by us in our facilities and in the facilities of the third parties with whom we share your personal information.
If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this Privacy Notice and applicable law, including using the European Commission's Standard Contractual Clauses for transfers of personal information between us and third-party processors.
In Short: We keep your information for as long as necessary to fulfil the purposes outlined in this Privacy Notice unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law. No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us.
Anonymous conversion-event records are automatically purged 30 days after creation (see Tracking and analytics). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or, if this is not possible, we will securely store your personal information and isolate it from any further processing until deletion is possible.
In Short: We aim to protect your personal information through a system of organisational and technical security measures.
We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. Account profiles are stored in encrypted Amazon DynamoDB records with role-based IAM access (principle of least privilege). However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk.
In Short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly collect, solicit data from, or market to children under 18 years of age or the equivalent age as specified by law in your jurisdiction, nor do we knowingly sell such personal information. By using the Services, you represent that you are at least 18 or the equivalent age as specified by law in your jurisdiction. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at support@adliftmedia.com.
In Short: Depending on your state of residence in the US or some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information.
In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure, (iii) to restrict the processing of your personal information, (iv) if applicable, to data portability, and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information.
You can make such a request by contacting us at support@adliftmedia.com. We will consider and act upon any request in accordance with applicable data protection laws.
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you have the right to complain to your Member State data protection authority or the UK data protection authority. If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us at support@adliftmedia.com or by adjusting your preferences in the consent banner. However, please note that this will not affect the lawfulness of the processing before its withdrawal, nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
You can unsubscribe from our marketing and promotional communications at any time by clicking the unsubscribe link in the emails that we send, by adjusting your notification preferences in your account settings, or by contacting us. You will then be removed from the marketing lists. However, we may still communicate with you — for example, to send service-related messages necessary for the administration of your account.
If you would at any time like to review or change the information in your account or terminate your account, you can:
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms, and/or comply with applicable legal requirements.
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. You may also opt out of interest-based advertising via the consent banner on our site or through your browser's Global Privacy Control (GPC) signal — see Controls for Do-Not-Track Features below.
If you have questions or comments about your privacy rights, you may email us at support@adliftmedia.com.
Most web browsers and some mobile operating systems include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised; we do not currently respond to legacy DNT browser signals.
Global Privacy Control: We recognize and honor Global Privacy Control (GPC) signals. If you use a browser or extension that supports GPC (Firefox, Brave, DuckDuckGo, Privacy Badger, and others), we will treat this as a valid request to opt out of the sale or sharing of your personal information for targeted advertising purposes under applicable state privacy laws, including the California Consumer Privacy Act (CCPA). When we detect a GPC signal from your browser, we will automatically apply your opt-out preference without requiring any additional action. For more information about GPC and how to enable it, visit globalprivacycontrol.org.
In Short: If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information.
The table below shows the categories of personal information we have collected in the past twelve (12) months.
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers | Real name, email address, account name, IP address, online identifiers | YES |
| B. Personal information as defined in the California Customer Records statute | Education, employment, employment history, financial information | NO |
| C. Protected classification characteristics under state or federal law | Gender, age, race and ethnicity, national origin, marital status | NO |
| D. Commercial information | Transaction history, purchase history, payment information | NO |
| E. Biometric information | Fingerprints, voiceprints | NO |
| F. Internet or other similar network activity | Browsing history, search history, interactions with our Services and advertisements | YES |
| G. Geolocation data | Approximate device location based on IP address | YES |
| H. Audio, electronic, sensory, or similar information | Voice/video/call recordings | NO |
| I. Professional or employment-related information | Business contact details, job title, work history | NO |
| J. Education Information | Student records, directory information | NO |
| K. Inferences drawn from collected personal information | Inferences about preferences and travel-style affinity drawn from watchlist + survey + browse history | YES |
| L. Sensitive personal information | — | NO |
We will use and retain the collected personal information as needed to provide the Services. For categories we DO collect (A, F, G, K), retention is for the period in which the user has an account with us, after which the data is deleted or anonymised.
We collect personal information directly from you (when you sign up, complete the onboarding survey, save tours to your watchlist, or contact us), and automatically when you visit our Services (server logs, consent-gated analytics, anonymous conversion events).
See How do we process your information? and When and with whom do we share your personal information? above. We do not "sell" personal information in the traditional sense (no exchange for money), but certain consent-gated third-party advertising tags (Google Ads, Meta Pixel) may be considered "sharing" under applicable state privacy laws.
We collect and share your personal information through:
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. See When and with whom do we share your personal information? for the full list. We do not consider our internal research for technological development and demonstration to be "selling" of your personal information.
You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law. These rights include:
Depending on the state where you live, you may also have additional rights under California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Virginia (VCDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Delaware, Florida, Indiana, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Rhode Island, Tennessee, and Kentucky privacy laws — including the right to access categories of personal data being processed, obtain a list of third parties to which we have disclosed personal data, review and correct profiling decisions, and limit the use of sensitive personal data.
To exercise these rights, you can email us at support@adliftmedia.com or refer to the contact details at the bottom of this document. You can opt out of the selling of your personal information, targeted advertising, or profiling by disabling cookies in the consent banner Preference Settings. We honor your opt-out preferences when you enact the Global Privacy Control (GPC) opt-out signal on your browser.
Under certain US state data protection laws, you can designate an authorised agent to make a request on your behalf. We may deny a request from an authorised agent that does not submit proof that they have been validly authorised to act on your behalf in accordance with applicable laws.
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes.
Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us at support@adliftmedia.com. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.
California Civil Code Section 1798.83, also known as the 'Shine The Light' law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact details below.
In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.
If you have questions or comments about this notice, you may email us at support@adliftmedia.com or contact us by post at:
Adlift Media Group Corp.
351 Kribs St
Cambridge, Ontario N3C 3L4
Canada
Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request to review, update, or delete your personal information, please email us at support@adliftmedia.com.
Policy framework structure derived from a Termly-generated compliance template (last reviewed Jun 27, 2026) and adapted to NoSetDestination's actual data architecture and processing practices.