Privacy Policy

Tabilus (we) operates this website (the “Site”), a travel blog.

We respect your privacy and are committed to protecting it.

This Privacy Policy explains what personal data we collect, how we use and share it, and the choices you have.

If you do not agree with this Policy, please do not use the Site.

1) What we collect

Data you provide

Contact & inquiry data (e.g., name, email, message content) when you email us or submit a form.
Newsletter sign-up data (e.g., email address) if you subscribe.
Comment data (name, email/URL if provided, comment text). Your IP address and browser user agent may be processed for spam detection.

Data collected automatically

Usage & device data: IP address, approximate location, timestamps, pages viewed, referring/exit pages, clicks, user agent, and device identifiers.
Cookies and similar tech: Small files stored on your device to remember preferences, improve performance, analyze traffic, measure conversions, and attribute affiliate sales.

Data from partners

Analytics (e.g., Google Analytics 4): aggregated stats and event data.
Affiliate/monetization partners (e.g., Stay22, Travelpayouts, CJ Affiliate, Awin, Impact, ShareASale): link clicks, conversions, and limited tech data for attribution.
Anti-spam & security (e.g., Akismet/Cloud services): IP and user-agent information to detect abuse.

We do not intentionally collect sensitive personal data.

2) Why we use your data (purposes & legal bases)

Operate and improve the Site (performance, troubleshooting, analytics).
Respond to inquiries and provide content you request (contract / legitimate interests).
Personalize and measure content/links (legitimate interests; consent where required).
Run affiliate programs & track attribution (legitimate interests; consent where required).
Comply with legal obligations (e.g., record-keeping, security).

Where applicable (e.g., in the EEA/UK), our legal bases are consent, contract, legal obligation, and legitimate interests (such as site security, analytics, and monetization).

3) How we share data

We do not sell your personal information for money. We share limited data with:

Service providers (“processors”): hosting/CDN, analytics, email service, anti-spam, security.
Affiliate & travel partners (data necessary for attribution/commission):
- Aggregators/networks: Stay22, Travelpayouts, CJ Affiliate (Publicis), Awin (incl. ShareASale), Impact.
- Travel brands/platforms (examples, not exhaustive): Booking.com, Agoda, Expedia/Hotels.com, Trip.com, GetYourGuide, Viator, Klook, KKday, Tiqets, Go City, 12Go, Omio, Rentalcars.com, DiscoverCars, Airalo, World Nomads, SafetyWing, JRPass/Japan Experience, etc.
Legal & compliance: if required by law or to protect our rights/users’ safety.
Business transfers: in connection with a merger, sale, or reorganization.

4) International transfers

We are based in Japan, and our providers may process data in other countries.

Where required, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) for cross-border transfers.

5) Cookies & similar technologies

We use:

Essential cookies to operate the Site (e.g., security, load balancing).
Analytics cookies (e.g., GA4) to understand usage (IP anonymization or regional controls may be applied).
Affiliate/attribution cookies (e.g., from Stay22, Travelpayouts, and networks) to recognize that a purchase/booking came from our links.
Preference/performance cookies to remember settings.
Advertising cookies (e.g., set by Google and its partners) to deliver, measure, and improve ads, including frequency capping and fraud prevention.

Your choices:

Use our Cookie Settings tool (if shown) to manage optional cookies.
Adjust browser settings to block/clear cookies (may affect functionality).
Google Analytics opt-out: you can use Google’s opt-out add-on or disable Analytics in our Cookie Settings (where available).

6) Analytics, ads & links

Analytics: We mainly use GA4 to measure traffic and events; it may collect IP (with regional controls), device identifiers, and events (page views, outbound clicks).
Affiliate links & disclosures: This Site contains affiliate links. If you use them to make a booking or purchase, we may earn a commission at no extra cost to you.
Amazon Associates: We participate in the Amazon Services LLC Associates Program. As an Amazon Associate I earn from qualifying purchases. Amazon may place cookies or read identifiers to track referrals per its own privacy notice. If we display Amazon content (e.g., prices, images) via the Product Advertising API, that content is provided “as is” and is subject to change.
Google AdSense / Google Ads: We display advertising via Google AdSense (and related Google advertising services). Google and its advertising partners may use cookies, device identifiers, and similar technologies to deliver, measure, and improve ads, and to limit how often you see the same ad. Depending on your location and choices, ads may be personalized (based on your activity) or non-personalized (contextual).
External sites: We link to external websites we do not control. Their privacy practices apply when you visit them.

For users in the EEA, UK, and Switzerland, we collect and process data for ads personalization only after consent and provide a way to withdraw consent at any time (via our Cookie Settings).Learn more about how Google uses information from sites or apps that use its services.

Third-party vendors, including Google, use cookies and similar technologies to serve, measure, and improve ads based on your visits to this and other websites. Users can opt out of personalized advertising via Google’s Ads Settings; alternatively, you can opt out of some third-party vendors’ uses of cookies for personalized ads at aboutads.info.

7) Data retention

We keep data only as long as needed for the purposes above, including to meet legal, accounting, or reporting requirements.

Retention periods vary by data type and context (e.g., comment records, analytics aggregates).

8) Security

We use reasonable technical and organizational measures to protect your data (HTTPS, access controls, updates).

No method of transmission or storage is 100% secure.

9) Your rights & requests

If you are in the EEA/UK (GDPR)

You may have the right to access, rectify, erase, restrict, object, and port your personal data, and to withdraw consent at any time (without affecting prior processing).

You also have the right to lodge a complaint with your local supervisory authority.

In the EEA, UK, and Switzerland, we obtain consent via a Google-certified Consent Management Platform (CMP). If consent is not granted, we request non-personalized ads.

If you are in California (CCPA/CPRA)

California residents may have the right to know, delete, correct, and to opt-out of “sale” or “sharing” of personal information for cross-context behavioral advertising, and the right to non-discrimination.

We do not sell personal information for money.

Some analytics/affiliate activities may be deemed “sharing” under CPRA.

To exercise rights or to opt-out, contact us.
If we implement a “Do Not Sell or Share My Personal Information” link or preference center, you can use it to manage these settings.

Opt-out of “sale/share”: Use our Do Not Sell or Share My Personal Information link (if available) or email us at [Contact Email] with “California Opt-Out.” We honor Global Privacy Control (GPC) signals where feasible. When an opt-out is received, we use Google’s Restricted Data Processing (RDP) or similar measures to limit ads targeting.

10) Children’s privacy

The Site is not directed to children under 13 (or the age defined by local law).

We do not knowingly collect personal data from children.

If you believe a child has provided personal data, contact us to delete it.

11) Changes to this Policy

We may update this Policy from time to time.

Changes are effective when posted with a revised Effective date.

Material changes may be highlighted on the Site.