Privacy Policy
Last updated: 30 April 2026
We try to collect as little personal data as possible. Today we run no marketing trackers, retargeting pixels, or session replay – our analytics is configured for in-memory storage only and does not set cookies. As we begin running paid marketing campaigns (Meta, Google Ads, YouTube, TikTok, Pinterest, Reddit, X), we will add the corresponding trackers and ask for your consent before any of them fire. The current state, and the planned trackers, are listed under "Marketing and advertising" below.
1. Who is responsible for your data
The data controller for testedroutes.com is MB TestedRoutes, a small private company (mažoji bendrija) registered in Lithuania. Full entity details (company code, registered address, VAT) are on our Legal Notice page. Privacy and data-protection contact: hello@testedroutes.com.
2. What we collect, and why
Newsletter signup
When you subscribe to our newsletter we collect your email address and, optionally, your preferred language and the part of the site you subscribed from (e.g. footer, top banner). We use this to send you the newsletter and to confirm your subscription via double opt-in. Legal basis: your consent (Art. 6(1)(a) GDPR), withdrawable at any time.
Purchases
When you buy a guide, the transaction is processed by Polar Software Inc. as our Merchant of Record. Polar collects the details needed to take payment, issue an invoice, and comply with payment-card and tax-reporting rules. Per Polar's Privacy Policy, this typically includes your name, email address, phone number (if provided), billing address, payment-card type and last four digits, business name and tax number (if you check the "purchasing as a business" box at checkout), and the IP-address-based coarse geolocation of your device. Polar in turn uses Stripe, Inc. as their payment processor for the actual card-handling step (see Polar's payment-processing partners). Polar also engages additional sub-processors (hosting, email, error-reporting, support tooling) listed at polar.sh/legal/sub-processors.
We (TestedRoutes) receive only the information needed to fulfil the order: typically the order ID, the product purchased, and your email address (so we can deliver the guide and respond to support questions). We do not receive your full payment-card data – Polar and Stripe handle that. Legal basis: performance of the contract for the digital guide (Art. 6(1)(b) GDPR).
Analytics
We use PostHog to understand how the site is used (e.g. which guides are viewed, which buttons are clicked). Our PostHog setup is configured for in-memory storage only – no cookies, no localStorage, no persistent device identifiers. Each page view is effectively anonymous and is not linked across sessions. We also do not capture your IP address. Legal basis: legitimate interest in measuring site usage (Art. 6(1)(f) GDPR), balanced against the minimal nature of the data.
Error tracking
We use Sentry to capture technical errors so we can fix bugs. Sentry is configured to not capture personal information, IP addresses, or cookies. Legal basis: legitimate interest in keeping the site secure and functional (Art. 6(1)(f) GDPR).
Strictly necessary cookies
We use a small number of strictly necessary cookies. These keep the site working and do not require your consent under EU ePrivacy / GDPR rules.
| Name | Purpose | Lifetime | Type |
|---|---|---|---|
tr_currency | Remembers the currency you've selected to view prices in (3-letter currency code, e.g. EUR). | 365 days | Strictly necessary |
We do not currently use any analytics, marketing, or advertising cookies. If we add any in future, this table will list them and we will ask for your consent before they fire – see "Marketing and advertising" below.
Affiliate links
Some of the links in our guides and on the "Get the links free" pages are affiliate links: when you click and complete a purchase on the destination site (for example, a hotel booking, a tour, or a piece of gear) we earn a commission, at no extra cost to you. Affiliate links are how we keep guide prices low and keep ourselves independent.
We use affiliate platforms including, where relevant, Amazon Associates, Booking.com, GetYourGuide, Viator (CJ), Tiqets, SafetyWing, Skyscanner, Awin, and Impact.com. When you click an affiliate link, the destination site may set its own cookies on your device per its own privacy policy; we do not control those cookies and they are subject to the destination site's disclosures, not ours. Where we add tracking pixels for these platforms on testedroutes.com itself (for example, Awin's MasterTag for conversion tracking), they are listed in the cookie table above and gated behind your consent.
Marketing and advertising
We are building out paid marketing across Meta (Facebook, Instagram), Google Ads, YouTube, TikTok, Pinterest, Reddit, and X (Twitter). When we activate the corresponding tracking pixel on testedroutes.com, that pixel sets cookies on your device and shares some browsing data (typically: pages viewed, products viewed, purchase events) with the relevant ad platform so that we can measure campaign performance and show you relevant ads on their platforms.
Status of each tracker (updated as we activate them):
| Platform | Status | Provider privacy policy |
|---|---|---|
| Meta Pixel (Facebook, Instagram) | Not yet active | facebook.com/privacy |
| Google Ads + Google Analytics 4 | Not yet active | policies.google.com/privacy |
| YouTube (via Google Ads) | Not yet active | policies.google.com/privacy |
| TikTok Pixel | Not yet active | tiktok.com/legal/privacy |
| Pinterest Tag | Not yet active | policy.pinterest.com/privacy-policy |
| Reddit Pixel | Not yet active | reddit.com/policies/privacy-policy |
| X (Twitter) Pixel | Not yet active | twitter.com/en/privacy |
When we turn any of these on, we will:
- •flip the status above to "Active" and describe exactly what data is collected and on which pages;
- •add the corresponding cookies to the strictly-necessary table above (re-categorised as marketing) with name, lifetime, and purpose;
- •display a cookie-consent banner that requires your opt-in before any of these pixels fire if you live in the EU, EEA, UK, or another opt-in jurisdiction; and an opt-out control where opt-out is the local norm.
The lawful basis for processing your data with these trackers, once active, will be your consent (Art. 6(1)(a) GDPR for EU/EEA/UK buyers) or our legitimate interest in measuring marketing effectiveness, as appropriate to your region. You will always be able to withdraw consent and disable the trackers via the cookie settings on the site.
3. Who we share your data with
We only share data with service providers who help us run the site. They process data on our behalf, under contracts that meet GDPR requirements:
- •Vercel – hosting and content delivery for testedroutes.com.
- •Sanity – content management for our guides and stories.
- •Beehiiv – newsletter delivery.
- •Polar Software Inc. – payment processing and merchant of record for purchases. Polar in turn engages Stripe, Inc. (US / Ireland) as their payment processor and additional sub-processors (hosting, invoicing, fraud monitoring) listed at polar.sh/legal/sub-processors.
- •PostHog – anonymous, cookie-free site analytics.
- •Sentry – technical error tracking with no personal data.
Some of these providers are based in or transfer data to countries outside the European Economic Area (notably the United States). Where that's the case, transfers rely on the European Commission's Standard Contractual Clauses or the EU–US Data Privacy Framework adequacy decision, as applicable.
4. How long we keep your data
- •Newsletter subscribers: until you unsubscribe. You can unsubscribe at any time using the link in any newsletter email.
- •Order records: kept for as long as required for accounting and tax purposes under Lithuanian law (typically 10 years).
- •Analytics: anonymous and not linked to you, so no personal retention applies.
- •Error logs: 90 days, our Sentry retention default.
5. Your rights
Under the GDPR you have the right to: access the personal data we hold about you, ask us to correct it if it's wrong, ask us to delete it, restrict or object to certain processing, and ask for a portable copy. To exercise any of these rights, use our contact form (select Privacy / data request as the topic) or email hello@testedroutes.com. We aim to respond within one month.
You also have the right to lodge a complaint with a supervisory authority. In Lithuania this is the State Data Protection Inspectorate (Valstybinė duomenų apsaugos inspekcija) at vdai.lrv.lt. If you live in another EU country you can also complain to your local data protection authority.
6. Children
The site is not directed at children under 16, and we do not knowingly collect data from them.
7. Changes to this policy
If we change how we handle data – for example by adding a new analytics tool – we'll update this page and bump the "last updated" date. Material changes will be announced on the site or, where appropriate, by email.
8. Contact
Privacy questions: hello@testedroutes.com. See also our Terms of Service and Refund Policy.