Privacy Policy

How we collect, use, and protect your personal data

← Back to BaliGoat

Last updated: June 9, 2026

BaliGoat ("we," "us," or "our") is operated by Jifu, LLC. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and purchase boat tickets. It applies to residents of the United States (under CCPA), the European Union & UK (under GDPR), and all other users worldwide.

1. Information we collect

Personal information you provide

  • Booking data: Full name, email address, phone number, departure/return details, passenger names.
  • Payment data: We do not store credit card numbers. All card payments are processed by Stripe (PCI DSS Level 1). We receive only the payment status and last four digits.
  • Communications: Messages you send via WhatsApp, email, or contact forms.

Information collected automatically

  • Device & usage data: IP address, browser type, operating system, pages visited, time of visit, referring website.
  • Cookies: Stripe session cookies (necessary for payment processing) and functional cookies (see our Cookie Policy).

2. How we use your information

  • Process & confirm bookings — issue e-tickets via Brevo email service.
  • Communicate with you about booking confirmations, changes, cancellations, and customer support.
  • Improve our service by analyzing usage patterns.
  • Legal compliance — detect fraud, comply with tax/accounting obligations, and respond to lawful requests.

Lawful basis (GDPR): We process your data based on contract performance (to fulfill your booking), legitimate interests (to improve our service), and your consent (for optional cookies). We never sell your personal data.

3. Sharing your information

We share data only with trusted service providers necessary to operate:

  • Stripe — payment processing (card details never reach our servers).
  • Brevo (Sendinblue) — email delivery for booking confirmations and e-tickets.
  • Boat operators — passenger names and contact details required for check-in at the port.
  • Legal authorities — if required by applicable law or valid legal process.

We do not sell, rent, or trade your personal information to third parties.

4. Data retention

We retain your personal data for as long as necessary to fulfill your booking, comply with legal obligations (tax records: minimum 5 years for US, 10 years for Indonesia), resolve disputes, and enforce our Terms & Conditions. When data is no longer needed, we securely delete or anonymize it.

5. Your rights

Under GDPR (EU / UK residents)

  • Right to access — request a copy of the personal data we hold about you.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure ("Right to be forgotten") — request deletion of your data.
  • Right to restrict processing — limit how we use your data.
  • Right to data portability — receive your data in a machine-readable format.
  • Right to object — object to processing based on legitimate interests.

Under CCPA (California residents)

  • Right to know — request details of personal information we collect, use, and share.
  • Right to delete — request deletion of personal information.
  • Right to opt-out — we do not sell personal information, but you may still submit an opt-out request.
  • Right to non-discrimination — we will not deny service for exercising your CCPA rights.

To exercise any of these rights, email us at [email protected] or contact us via WhatsApp at +1-302-217-0438. We will respond within 30 days (GDPR) or 45 days (CCPA).

6. International data transfers

Your data is processed in the United States (Stripe, Brevo servers) and Indonesia (boat operator records). When transferring data from the EU/UK to the US, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission.

7. Data security

We implement industry-standard security measures: HTTPS/TLS encryption, Stripe PCI DSS Level 1, access controls limiting staff access, and regular security updates. No method of transmission over the Internet is 100% secure, but we strive to protect your data using commercially acceptable means.

8. Cookies

We use minimal cookies necessary for payment processing and basic functionality. See our full Cookie Policy for details.

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date.

10. Contact us