Privacy Policy

Rome2Rio Pty. Ltd.

This Privacy Policy was last revised August, 2025.


Rome2Rio Pty. Ltd.. (“Rome2Rio,” “we,” “us,” or “our”) knows that you care how information about you is used and shared. This Privacy Policy explains what information of yours will be collected by Rome2Rio when you use our website, application, and any services we offer (collectively, together with the Rome2Rio Software, the “Service”), how the information will be used, and how you can control the collection, correction and/or deletion of information. We will not use or disclose your information with anyone except as described in this Privacy Policy. Capitalized terms that are not defined in this Privacy Policy have the meaning given to them in our Terms of Use. You can contact our data protection officer at legal@rome2rio.com.

For avoidance of doubt, in this Privacy Policy, “Personal Data” (also referred to as “personal information” in some jurisdictions) means any information that relates to an identified or identifiable individual. This includes information that can directly identify you—such as your name, email address, or government ID number—as well as information that can indirectly identify you when combined with other data, such as your IP address, cookie identifiers, or device IDs.

What kind of data we collect?

User-Provided Information: You provide us information about yourself, such as your name, address, email address, mobile phone number, and travel interests, if you register for a Member account (named either “Login information” or “User-Provided Information”) with the Service (including by adding the Rome2Rio application on a social network). You may provide us with information through your social networking accounts, such as information about your social network connections. If you use the Rome2Rio Software, you may provide us with geolocation information, subject to the settings provided in the Rome2Rio Software. If you correspond with us by email, we may retain the content of your email messages, your email address and our responses. We may also retain any messages you send through the Service.

Cookies Information: When you visit the Service, we may send one or more cookies – a small text file containing a string of alphanumeric characters – to your computer that uniquely identifies your browser and lets Rome2Rio help you log in faster and enhance your navigation through the site. A cookie may also convey information about how you browse the Service to us. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Service may not function properly if the ability to accept cookies is disabled.

Log File Information: Log file information is automatically reported by your browser each time you access a web page. When you use the Service, our servers automatically record certain information that your web browser sends whenever you visit any website. These server logs may include information such as your web request, browser type, referring/exit pages and URLs, number of clicks, domain names, landing pages, pages viewed, and other such information. The server logs contain the first three octets of your Internet Protocol (“IP”) address.

When you use our Service, we collect certain usage information through analytics technologies, which sends event data to our servers or sends event data to our servers or places small, transparent graphics files called clear GIFs (or “web beacons”) in our web and mobile products to understand how people navigate and use the Service.These beacons help us compile aggregated statistics, improve features, and ensure the Service works as expected.

From time to time our marketing team also embeds clear GIFs (sometimes referred to as “tracking pixels”) in HTML-based emails. These pixels tell us whether an email is opened, which links are clicked, the type of device used, and similar metrics. We use that information to measure campaign performance, refine our content, and deliver more relevant messages.

We do not use clear GIFs to access personal files on your device, nor do we combine beacon data with information that directly identifies you except as described in this Privacy Policy. You can disable email-tracking pixels by setting your email client to block remote images.

How We Use Your Information?

We use the personal information you submit to operate, maintain, and provide to you the features and functionality of the Service.

By providing Rome2Rio your email address or mobile phone number (including by adding the Rome2Rio application on a social network), you consent to our using the email address or mobile phone number to send you Service-related notices via email or SMS, including any notices required by law, in lieu of communication by postal mail. You also agree that we may send you notifications of activity on the Service to the email address you give us, in accordance with any applicable privacy settings. From time to time, Rome2Rio may ask you for explicit consent to use your email address or mobile phone number to send you other messages, such as newsletters, changes to features of the Service, or special offers. If you do not want to receive such messages, you may opt out or change your preferences in your settings. Opting out may prevent you from receiving messages regarding updates, improvements, or offers. You may not opt out of Service-related messages.

Following termination or deactivation of your Member account, Rome2Rio may retain your profile information  for a commercially reasonable time for backup, archival, or audit purposes. Furthermore, Rome2Rio may retain and continue to use indefinitely all information contained in your communications to other Users or posted to public or semi-public areas of the Service after termination or deactivation of your Member account.

If you choose to use our invitation service to invite a friend to the Service, we will ask you for that person’s email address and automatically send an email invitation. Rome2Rio stores this information to send this email, to register your friend if your invitation is accepted, and to track the success of our invitation service. Your friend may contact us to request that we remove this information from our database at legal@rome2rio.com.

Rome2Rio may use certain information about you and your Login informatio internally for purposes such as analysing how the Service is used, diagnosing service or technical problems, maintaining security, and personalizing content.

We reserve the right to remove any such information or material for any reason or no reason, including without limitation if in our sole opinion such information or material violates, or may violate, any applicable law or our Terms of Use Agreement, or to protect or defend our rights or property or those of any third party. Rome2Rio also reserves the right to remove information upon the request of any third party when removal is necessary according to the applicable law.

We use cookies, clear gifs (also known as web beacons or tracking pixels), and log file information to: (a) remember your preferences and other information so that you donot have to re-enter it during your visit or the next time you visit the Service; (b) provide custom, personalized content and information; (c) monitor the effectiveness of our Service; (d) monitor aggregate metrics such as total number of visitors, traffic, and demographic patterns; (e) diagnose or fix technology problems reported by our Users or engineers that are associated with certain IP addresses; (f) help you efficiently access your information after you sign in; and (h) track content to the extent necessary to comply as a service provider with the Digital Millennium Copyright Act; and (i) automatically update the Rome2Rio Software on your system and related devices (j)  respect and record your privacy choices (for example, withdrawal of cookie consent or “Do Not Sell/Share” signals.

How long is my data kept? 

We determine the appropriate retention period for Personal Data based on the following;

  • The purpose for which we process the Personal Data,
  • The nature, and sensitivity of your Personal Data processed,
  • The potential risk of harm from unauthorized use or disclosure of your Personal Data, and
  • Any applicable legal requirements (such as statutes of limitation).

Once the legitimate business purpose or legal obligation no longer exists, We will either delete or anonymize your personal data.

When you first access our services, we ask you to confirm if you’re ok with us using Cookies in line with this policy. If you don’t agree to our use of these technologies, or you change your mind at a later date, you can either withdraw your consent using the options on our home page or, alternatively, stop using our services.

How We Disclose Your Information?

Personally Identifiable Information: Rome2Rio will not rent or sell your personally identifiable information to others in exchange for money. Rome2Rio may disclose your personal information to third-party vendors for the purpose of providing the Service to you, as well as for other purposes disclosed in this Privacy Policy. If we do this, such third parties’ use of your information will be bound by this Privacy Policy. We may store personal information in locations outside the direct control of Rome2Rio (for instance, on servers or databases co-located with hosting providers).

As we develop our business, we may buy or sell assets or business offerings. Customer, email, and visitor information is generally one of the transferred business assets in these types of transactions. We may also transfer or assign such information in the course of corporate divestitures, mergers, or dissolution.

Any personal information or content that you voluntarily disclose for posting to the Service, such as User Content, becomes available to the public, as controlled by any applicable privacy settings. If you remove information that you posted to the Service, copies may remain viewable in cached and archived pages of the Service, or if other Users have copied or saved that information.

From time to time, we may run contests, special offers, or other events or activities (“Events”) on the Service together with a third party partner. If you provide information to such third parties, you give them permission to use it for the purpose of that Event and any other use that you approve. We cannot control third parties’ use of your information. If you do not want your information to be collected by or shared with a third party, you can choose not to participate in these Events.

Except as otherwise described in this Privacy Policy, Rome2Rio will not disclose personal information to any third party unless required to do so by law or subpoena or if we believe that such action is necessary to (a) conform to the law, comply with legal process served on us or our affiliates, or investigate, prevent, or take action regarding suspected or actual illegal activities; (b) to enforce our Terms of Use, take precautions against liability, to investigate and defend ourselves against any third-party claims or allegations, to assist government enforcement agencies, or to protect the security or integrity of our site; and (c) to exercise or protect the rights, property, or personal safety of Rome2Rio, our Users or others.

We may disclose non-personally identifiable information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) to interested third parties to help them understand the usage patterns for certain Rome2Rio services.

Rome2Rio may allow third-party ad servers or ad networks to serve advertisements on the Service. These third-party ad servers or ad networks use technology to send, directly to your browser, the advertisements and links that appear on Rome2Rio. They automatically receive your IP address when this happens. They may also use other technologies (such as cookies, JavaScript, or web beacons) to measure the effectiveness of their advertisements and to personalize the advertising content. If you would like more information about this practice and to know your choices about not having this information used by these companies, you can visit https://www.youronlinechoices.eu. Rome2Rio does not provide any personally identifiable information to these third-party ad servers or ad networks without your consent where legally required. However, please note that if an advertiser asks Rome2Rio to show an advertisement to a certain audience and you respond to that advertisement, the advertiser or ad server may conclude that you fit the description of the audience they are trying to reach. The Rome2Rio Privacy Policy does not apply to, and we cannot control the activities of, third-party advertisers. Please consult the respective privacy policies of such advertisers for more information.

Third party ad servers or ad networks may, as required by applicable law, require Rome2Rio to ask for consent before showing personalized content. In this case, Rome2Rio will either ask for consent or show non-personalized content instead. Please note, non-personalized advertising content may still be contextual based on your current search on Rome2Rio and your Member account information.

How we protect Your Information?

Rome2Rio uses commercially reasonable physical, managerial, and technical safeguards to preserve the integrity and security of your personal information and implement your privacy settings. We cannot, however, ensure or warrant the security of any information you transmit to Rome2Rio or guarantee that your information on the Service may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. Your privacy settings may also be affected by changes to the functionality of Rome2Rio’s distributors, such as social networks. Rome2Rio is not responsible for the functionality or security measures of any third party.
To protect your privacy and security, we take reasonable steps (such as requesting a unique password) to verify your identity before granting you access to your account. You are responsible for maintaining the secrecy of your unique password and account information, and for controlling access to your email communications from Rome2Rio, at all times.

Compromise of Personal Information

In the event that personal information is compromised as a result of a breach of security, Rome2Rio will promptly assess the incident and, where required by applicable law, notify the applicable  relevant government authorities  and affected individuals , in accordance with the notification procedures set forth in this Privacy Policy, and applicable law (including but not limited to Articles 33–34 GDPR and any U.S. state breach-notification statutes).

Your Choices About Your Information

You may, of course, decline to submit personally identifiable information through the Service, in which case Rome2Rio may not be able to provide certain services to you. You can review, correct or delete the information about you that Rome2Rio keeps on file by contacting us directly at legal@rome2rio.com.

Your Rights

If you are located in the EU or UK, or otherwise covered by GDPR, you might have the following data‑subject rights:

  • The right to access the personal data we hold about you;
  • The right to rectification of inaccurate or incomplete data;
  • The right to erasure (“right to be forgotten”), subject to legal exceptions;
  • The right to restrict or object to the processing of your data;
  • The right to data portability, where technically feasible;
  • The right to withdraw consent at any time, where consent is the basis for processing;
  • The right to lodge a complaint with a supervisory authority in the EU or UK.

You can exercise these rights at any time, subject to legal requirements, by contacting our Privacy Team at legal@rome2rio.com.

If you object to the processing of your data as described in this Privacy Policy, and no opt-out mechanism is directly available to you (e.g., in your account settings or cookie preferences), you may also submit your objection by contacting us at the email address above.

Children’s Privacy

Protecting the privacy of young children is especially important. For that reason, Rome2Rio does not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register as Members. If you are under 13, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 is allowed to provide any personal information to or on Rome2Rio. In the event that we learn that we have collected personal information from a child under age 13 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at legal@rome2rio.com.

We are not responsible for the practices employed by websites linked to or from the Service, nor the information or content contained therein. Such sites may include third parties that process your credit card information to help you book travel plans. Please remember that when you use a link to go from the Service to another website, our Privacy Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our website, is subject to that website’s own rules and policies. Please read over those rules and policies before proceeding.

Notification Procedures

It is our policy to provide notifications, whether such notifications are required by law or are for marketing or other business related purposes, to you via email notice, written or hard copy notice, or through conspicuous posting of such notice on the Service, as determined by Rome2Rio in its sole discretion. We reserve the right to determine the form and means of providing notifications to you, provided that you may opt out of certain means of notification as described in this Privacy Policy.

Changes to Our Privacy Policy

If we change our privacy policies and procedures, we will post those changes on the Service to keep you aware of what information we collect, how we use it and under what circumstances we may disclose it. Changes to this Privacy Policy are effective when they are posted on this page.

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this website, please contact us at legal@rome2rio.com, or send mail to:

Rome2Rio Pty. Ltd.
29 Stewart St
Richmond VIC 3121
Australia

Supplemental Information for California Residents

If you are a California resident, California law requires us to provide you with some additional information about how we collect, use, disclose, sell and “share” your “personal information” each as defined in the California Consumer Privacy Act (CCPA). Rome2Rio will not rent or sell Your personal information to others in exchange for money.

Personal information we collect and how we use, disclose, and share such personal information.

Throughout this privacy policy, we discuss in detail the categories of personal information we collect from and about You, and if relevant, about your travel companions. The CCPA also requires us to provide the information in the chart below.

Category of personal information (PI) we collect How we use this PI Categories of third parties to which we disclose this PI for a business purpose Categories of third parties to which share/use this personal Data  for targeted advertising and related analytics purposes
Identifiers (e.g., your name, email address, phone number)
  • Provide our Service and respond to your requests
  • Communicate with you about the Service
  • Personalize the Service (e.g., remember your login details and preferences)
  • Analyze use of and improve the Service
  • Marketing and advertising
  • Security-related purposes
  • Comply with law or defend our legal/contractual rights
  • Business transfers
  • Create aggregate/de-identified information
  • Vendors
  • Advertising and related analytics providers
  • Entities for business transfer purposes
  • Entities for legal purposes
  • Others with your consent
Advertising and related analytics providers
Login information (such as your account name and password)
  • Provide our Service and respond to your requests
  • Security-related purposes
  • Comply with law or defend our legal/contractual rights
  • Business transfers
  • Create aggregate/de-identified information
  • Vendors
  • Entities for legal purposes
  • Others with your consent
We do not sell or share
Internet and other electronic network activity information (such as IP address, browsing history, and usage information)
  • Provide our Service and respond to your requests
  • Communicate with you about the Service
  • Personalize the Service
  • Analyze use of and improve the Service
  • Marketing and advertising
  • Security-related purposes
  • Comply with law or defend our legal/contractual rights
  • Business transfers
  • Create aggregate/de-identified information
  • Vendors
  • Advertising and related analytics providers
  • Entities for business transfer purposes
  • Entities for legal purposes
  • Others with your consent
Advertising and related analytics providers
Geolocation data (general and precise)
  • Provide our Service and respond to your requests
  • Communicate with you about the Service
  • Personalize the Service
  • Analyze use of and improve the Service
  • Marketing and advertising
  • Security-related purposes
  • Comply with law or defend our legal/contractual rights
  • Business transfers
  • Create aggregate/de-identified information
  • Vendors
  • Advertising and related analytics providers
  • Entities for legal purposes
  • Others with your consent
 General geolocation: Advertising and related analytics providers
Precise geolocation: We do not sell or share.
Other information (any other information you choose to provide us, including our communications and information about your social media connections)
  • Provide our Service and respond to your requests
  • Communicate with you about the Service
  • Personalize the Service
  • Analyze use of and improve the Service
  • Marketing and advertising
  • Security-related purposes
  • Comply with law or defend our legal/contractual rights
  • Business transfers
  • Create aggregate/de-identified information
  • Vendors
  • Advertising and related analytics providers
  • Entities for business transfer purposes
  • Entities for legal purposes
  • Others with your consent
Advertising and related analytics providers

We will retain your personal information for as long as reasonably necessary to fulfill the purposes for which it is collected or to comply with applicable law, including as set forth throughout our privacy policy. Retention periods may vary depending on the type of personal information and the ways that we use it.

Opt out of sharing of personal information

To opt out of our use of your personal information for purposes that are considered “sharing” for cross-context behavioral advertising purposes (as indicated in the chart above), you can visit this link. Please note that you must complete this opt-out on each browser or device you use to access the Service. 

California Privacy Rights

California residents have the right to ask us to: 

  • Inform you about the types of personal information we collect or disclose about you; the types of sources of this information; the business or commercial purpose for collecting this information; and the categories of third parties to which we disclose this information (this information is provided in this privacy policy).
  • Provide you access to and/or a copy of certain personal information we hold about you.
  • Correct or update personal information we hold about you.
  • Delete certain personal information we have about you.
  • Opt you out of the processing of your personal information for purposes of profiling that furthers decisions that produce legal or similarly significant effects, if applicable (note that we do not engage in such processing). 

Certain information may be exempt from these requests under applicable law. For example, we need certain information in order to provide the Service to you or comply with applicable law.  We may take reasonable steps to verify your identity before responding to a request. Depending on the sensitivity of the information you are requesting and the type of request you are making, this may include verifying your name and email address. If we cannot verify your identity, we may be unable to respond to your requests.  

To exercise these rights, you can email us at legal@rome2rio.com. You may be able to designate an authorized agent to make requests on your behalf. For us to verify an authorized agent, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may verify your identity directly with you before processing the authorized agent’s request, as permitted by applicable law.  

In the limited circumstances that we process sensitive personal information as defined in the CCPA (e.g., log-in information and precise geolocation data), we only use or disclose it for disclosed and permitted business purposes. Under the CCPA, there is not a right to limit these uses and disclosures.

“Shine the Light” disclosure

California Law allows customers who are California residents to request certain information once per year regarding our disclosure of “personal information” (as that term is defined under applicable California law) to third parties for such third parties’ direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes.

“Do Not Track”

California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently isn’t an industry or legal standard for recognizing or honoring DNT signals, we don’t respond to them at this time.  Do Not Track is a different mechanism that the legally recognized browser-based opt out preference signal mentioned above.

Supplemental Information for Covered Residents

This section applies to consumers residing in Colorado, Connecticut, Oregon, Texas, Utah, and Virginia, and other U.S. states with similar consumer privacy laws (“Covered Residents”). The consumer privacy laws in these states (“State Privacy Laws”) require us to provide you with some additional information about how we collect, use, disclose Your “personal data,” and how we use personal data for “targeted advertising” purposes, each as defined in State Privacy Laws.

Throughout this privacy policy, we discuss in detail the categories of personal data we collect from and about Covered Residents, and if relevant, about your travel companions. For more detail about how we use, disclose, and use such personal data for targeted advertising purposes, please see the chart in the section above.

Opt out of sale of personal data or use of personal data for targeted advertising.

To opt out of our use of your personal data for purposes that are considered “targeted advertising” (as indicated in the chart above), Covered Residents can visit this link. Please note that you must complete this opt-out on each browser or device you use to access the Service. If you have a legally recognized browser-based opt out preference signal turned on through your browser, we recognize the preference expressed by this signal in accordance with applicable law.  

Your Privacy Rights

Covered Residents have the right to ask us to: 

  • Confirm whether we are processing your personal data.
  • Provide you access to and/or a copy of certain personal data we hold about you.
  • Correct or update personal data we hold about you.
  • Delete certain personal data we have about you.
  • Opt you out of the processing of your personal data for purposes of profiling that furthers decisions that produce legal or similarly significant effects, if applicable (note that we do not engage in such processing). 

Certain personal data may be exempt from these requests under applicable law. For example, we need certain data in order to provide the Service to you or comply with applicable law.  We may take reasonable steps to verify your identity before responding to a request. Depending on the sensitivity of the data you are requesting and the type of request you are making, this may include verifying your name and email address. If we cannot verify your identity, we may be unable to respond to your requests. 

To exercise these rights, you can email us at legal@rome2rio.com. You may be able to designate an authorized agent to make requests on your behalf. For us to verify an authorized agent, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may verify your identity directly with you before processing the authorized agent’s request, as permitted by applicable law.  

If we deny your request to exercise these rights, you have the right to appeal our decision. We will provide information about making an appeal in our response denying the request.