App: Coming Soon
Legal

Privacy Policy

Last updated: March 31, 2026 · Effective immediately

Pota is built on the idea that travel content should be honest and straightforward. We apply the same standard to your data: we collect what we need to run this site, we don't sell it, and we tell you exactly what it is.

1. Who we are

Heypota.com ("Pota", "we", "us", "our") is a travel publication focused on helping Canadians and Americans navigate Italy — practically, honestly, and without filler. We are an independent publication. We are not a travel agency, we do not book travel, and we are not affiliated with any government tourism board.

For all privacy-related inquiries, contact us at info@heypota.com.

2. Information we collect

2.1 Analytics data

When you visit any page on heypota.com, our analytics system records the following data to help us understand how the site is used:

  • Page path — which URL you visited (e.g. /blog/getting-around-rome)
  • Device type — mobile, tablet, or desktop
  • Country — derived from your IP address at the moment of the visit; the IP address itself is not stored
  • Browser — browser family (e.g. Chrome, Safari)
  • Referrer — the URL you came from, if any (e.g. a Google search or a link from another site)
  • Language — your browser's reported language preference
  • Screen size — viewport dimensions, used to improve layout on different screen sizes
  • Time on page — approximate reading time, measured in seconds
  • Visit type — whether this appears to be your first visit or a returning visit, based on a short-lived anonymous session token

This data is stored in a private database operated by Pota. It is used exclusively for internal reporting — to understand which content is useful, how people find the site, and whether technical issues exist. We do not use this data to build advertising profiles or target you with ads. This is our own first-party analytics system — we do not use Google Analytics or any third-party analytics service that tracks you across other websites.

2.2 Newsletter

If you subscribe to the Pota newsletter, we collect your email address. That is the only piece of personal information required. We use your email address to send you updates about new content, travel tips, and occasional curated recommendations related to travel in Italy. We do not share your email address with third parties for marketing purposes. You can unsubscribe at any time using the link at the bottom of any newsletter email, or by contacting us at info@heypota.com.

2.3 Contact form

If you use the contact form on our site, we collect your name, email address, and the message you submit. This information is used only to respond to your inquiry. We do not add contact form submissions to our newsletter list unless you explicitly request it.

2.4 Affiliate link clicks

Our Resources section contains affiliate links to travel services such as eSIM providers, travel insurance, train booking platforms, and experiences. When you click an affiliate link, you leave our site and are subject to the privacy policy of the destination website. We may receive a commission if you make a purchase — this is at no additional cost to you. We do not track which individual users click which affiliate links beyond standard anonymous analytics.

2.5 Information you do not provide

We do not require account registration to use heypota.com. We do not collect payment information — all transactions through affiliate partners are processed entirely on their platforms. We do not collect your precise geographic location (GPS coordinates). We do not collect information from social media profiles.

3. How we use your information

We use the information we collect for the following purposes:

  • To operate and improve the website — understanding what content is valuable, identifying broken pages, and improving the user experience
  • To send the newsletter to subscribers who have opted in
  • To respond to contact form submissions
  • To measure the performance of editorial content (page views, reading time, referral sources)
  • To detect and address technical problems (404 errors, broken links)

We do not use your data for advertising, retargeting, or any form of behavioral profiling. We do not use automated decision-making or profiling that produces legal effects about you.

4. Data storage and security

Our website is hosted on Vercel (servers in the United States and Europe). Our database infrastructure is provided by Supabase, which stores data in data centers in the European Union and United States. Both providers maintain industry-standard security practices including encryption in transit (TLS) and encryption at rest.

We take reasonable technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or method of electronic storage is 100% secure. If you believe your information has been compromised, contact us immediately at info@heypota.com.

5. Data retention

  • Analytics data — retained for up to 24 months, then deleted or anonymized
  • Newsletter subscriptions — retained until you unsubscribe; upon unsubscription your email is removed within 30 days
  • Contact form submissions — retained for up to 12 months, then deleted

6. Third-party services

We use a small number of third-party services to operate the site. Each has its own privacy policy:

  • Vercel — website hosting and content delivery. Vercel Privacy Policy
  • Supabase — database infrastructure. Supabase Privacy Policy
  • Affiliate partners — when you follow an affiliate link, you enter that partner's service and their privacy policy applies. Current affiliate relationships include travel services in the categories of connectivity (eSIM), insurance, train travel, and experiences.

We do not embed third-party social media widgets, trackers, or advertising scripts on heypota.com.

7. Your rights — CCPA (California residents)

If you are a resident of California, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to know — you can request information about the categories and specific pieces of personal data we have collected about you
  • Right to delete — you can request deletion of your personal data, subject to certain exceptions
  • Right to correct — you can request correction of inaccurate personal data
  • Right to opt out of sale or sharing — we do not sell or share your personal data for cross-context behavioral advertising, so this right is not applicable; no opt-out is needed
  • Right to non-discrimination — we will not discriminate against you for exercising any of these rights

To exercise your rights, contact us at info@heypota.com. We will respond within 45 days of receiving your request. We may ask you to verify your identity before processing your request.

8. Your rights — PIPEDA (Canadian residents)

If you are a resident of Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws:

  • Right to access — you can request access to the personal information we hold about you
  • Right to correction — you can request correction of inaccurate personal information
  • Right to withdraw consent — you can withdraw your consent to our collection and use of your personal information at any time, subject to legal or contractual restrictions and reasonable notice
  • Right to complain — you have the right to complain to the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated

To exercise your rights, contact us at info@heypota.com. We will respond within 30 days.

9. Your rights — GDPR (EU/EEA/UK visitors)

If you are visiting from the European Union, European Economic Area, or United Kingdom, you have rights under the General Data Protection Regulation (GDPR) or UK GDPR:

  • Right of access — to obtain a copy of your personal data
  • Right to rectification — to correct inaccurate personal data
  • Right to erasure — to request deletion of your personal data ("right to be forgotten")
  • Right to restriction of processing — to request that we limit how we use your data
  • Right to data portability — to receive your data in a structured, machine-readable format
  • Right to object — to object to processing based on legitimate interests
  • Rights related to automated decision-making — we do not carry out automated decision-making or profiling

Our lawful bases for processing are: legitimate interests (analytics, site improvement) and consent (newsletter). To exercise your rights, contact info@heypota.com. You also have the right to lodge a complaint with your local supervisory authority.

10. Children's privacy

Heypota.com is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us at info@heypota.com and we will delete it promptly.

11. Links to other websites

Our site contains links to external websites, including affiliate partners and sources we reference in articles. This Privacy Policy applies only to heypota.com. We are not responsible for the privacy practices of external sites, and we encourage you to review their privacy policies before providing any personal information.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. Material changes will be noted prominently. Your continued use of heypota.com after any changes constitutes your acceptance of the updated policy. If the changes are significant, we may also notify newsletter subscribers by email.

13. Contact

For any questions, requests, or concerns about this Privacy Policy or how we handle your data:

Email: info@heypota.com
We aim to respond to all privacy inquiries within 5 business days.