Home -
Privacy Policy

Privacy Policy

Last updated: February 2026

 

NUBA USA, Inc. (“NUBA,” “we,” or “us”), a Florida corporation with offices in Spain and Mexico,  respects your privacy and is committed to protecting the personal information we collect about you when you use our websites and services. This Privacy Policy explains how we collect, use, disclose, and protect personal information in the United States and describes the rights that may be available to you under applicable U.S. privacy laws.

 

This Policy applies to personal information collected online through our U.S.facing website, https://nuba.com/us/  ( “Website”), including any related domains and pages that link to this Privacy Policy, as well as to certain offline interactions where we reference this Policy.

If you are a resident of a U.S. state with a comprehensive privacy law (such as California), please see the “State-Specific Privacy Rights” section below for additional information about your rights.

 

  1. Who We Are and How to Contact Us

NUBA USA, Inc. is the entity responsible for the collection and use of personal information under this Privacy Policy.

If you have any questions about this Policy or our privacy practices, or if you wish to exercise your privacy rights, you may contact us via email at privacy@nuba.us.

  1. Personal Information We Collect

The types of personal information we collect depend on how you interact with us and the services you use. We may collect the following categories of personal information (using terms similar to U.S. state privacy laws):

  1. Identifiers: name, username, postal address, email address, phone number, unique identifiers, and similar contact information.
  1. Customer records and commercial information: booking details, itinerary information, transaction history, payment-related data processed through our payment providers (we typically receive only limited payment information), travel preferences, and communications with us.
  2. Internet or electronic network activity: IP address, device identifiers, browser type, operating system, referring URLs, pages viewed, links clicked, session information, and other information about your interactions with the Website.
  3. Geolocation data: approximate location based on IP address or information you provide (e.g., city, state, country).
  4. Inferences and profile information: preferences and interests we infer from your use of our services, such as preferred destinations or types of travel.
  5. Communications content: information contained in your inquiries, feedback, complaints, or other communications with us.

We do not intentionally collect “sensitive” personal information (such as precise geolocation, health information, or data about children under 13) except where necessary for our services and permitted by law, and we do not use such information for purposes beyond those allowed under applicable regulations.

We generally obtain this information:

  1. Directly from you (for example, when you submit a form, request a quote, register an account, or communicate with us).
  2. From your organization or travel agent (when they provide information to manage a booking or corporate travel).
  3. Automatically through cookies and similar technologies when you use the Website.
  4. From third‑party partners, service providers, or publicly available sources, as permitted by law.

In addition, the terms herein apply if you provide us with any personal information of the members of a group you are traveling with. It is your responsibility to ensure that they are aware that you have done so, and that they accept how we use and process their information. ALL PERSONAL INFORMATION THAT YOU PROVIDE TO US MUST BE TRUE, COMPLETE AND ACCURATE, AND YOU MUST NOTIFY US OF ANY CHANGES TO SUCH PERSONAL INFORMATION.

 

  1. How We Use Personal Information

We use the personal information we collect for the following business and commercial purposes, to the extent permitted by applicable law:

  1. Providing and managing services
    • Processing and managing trip inquiries, proposals, bookings, and related services.
    • Creating and managing user accounts and profiles.
    • Providing customer support and responding to questions, requests, and complaints.
  2. Communication and customer service
    • Responding to your inquiries submitted via the Website, email, phone, or other channels.
    • Sending administrative information, such as confirmations, updates, technical notices, and policy changes.
  3. Marketing and promotional activities
  • Sending information about offers, news, promotions, events, and services that may be of interest to you, in accordance with your communication preferences and applicable laws
  • Conducting satisfaction surveys, market research, and analytics to improve our services and user experience.
  1. Website operation, analytics, and improvement
  • Operating, maintaining, and improving the Website, including personalization and content tailoring.
  • Monitoring usage, performance, and trends to develop new services and features.
  1. Security and fraud prevention
  • Protecting the security and integrity of our systems, services, and users.
  • Detecting, preventing, and responding to fraud, abuse, security incidents, or other harmful or illegal activity.
  1. Legal, compliance, and business purposes
  • Complying with applicable laws, regulations, and legal processes, and responding to lawful requests from public authorities.
  • Enforcing our terms and conditions and protecting our rights, property, and safety, or that of our users and the public.
  • Supporting corporate transactions (such as mergers, acquisitions, or transfers of assets) consistent with this Policy.

We may aggregate or de‑identify personal information so that it can no longer reasonably be linked to an individual. We may use and disclose such aggregated or de‑identified information for any lawful purpose.

  1. Cookies and Similar Technologies

We use first‑party and third‑party cookies and similar technologies to operate and improve the Website. Cookies are small data files placed on your device that allow us and our partners to recognize your browser and store certain information.

We may use the following types of cookies:

  1. Strictly necessary cookies: Required for the Website to function properly (for example, to maintain login sessions and enable basic site features). These cookies are essential and cannot be disabled via our cookie tools.
  2. Functional and personalization cookies: Allow the Website to remember your settings and preferences (such as language, region, and saved itineraries) and provide enhanced features.
  3. Analytics and performance cookies: Help us understand how visitors use the Website, measure traffic and usage patterns, and improve our services (for example, through tools such as Google Analytics or similar providers).

You can control cookies through your browser settings, which may allow you to block or delete cookies. However, if you choose to disable cookies, some features of the Website may not function properly or may be unavailable. For more information, please review your browser’s help documentation.

Where required by law, we will provide additional notices and options (including cookie banners and preference tools) for managing analytics and targeted advertising cookies. Please visit our Cookie Policy for more detailed information on cookies and similar technologies.

  1. How We Share Personal Information

We do not sell personal information in the traditional sense (i.e., for money), and we do not share personal information with third parties for their own independent marketing purposes without your consent, where required by law. We may disclose personal information as follows:

  1. Service providers and business partners
    We share information with third‑party service providers that perform services on our behalf, such as booking systems, payment processors, IT and hosting providers, analytics providers, marketing platforms, customer support tools, travel suppliers, and other vendors that help us operate our business. These parties are authorized to use personal information only as needed to provide services to us.
  2. Corporate group
    We may share information with our affiliates and group companies where needed to provide services, ensure consistent practices, and improve offerings, subject to this Policy and applicable law.
  3. Legal and protection purposes
    We may disclose information when we reasonably believe it is necessary or appropriate to comply with applicable laws or legal processes, respond to lawful requests from public authorities, enforce our terms, protect our operations or the rights, privacy, safety, or property of NUBA, our users, or the public, or detect and prevent fraud or security issues.
  4. Business transfers
    If we engage in or are involved in a merger, acquisition, restructuring, sale of assets, financing, or similar corporate transaction, personal information may be disclosed or transferred as part of that transaction, subject to applicable law and, where required, your consent

We do not knowingly disclose personal information of children under 13 for advertising or other purposes that would be inconsistent with the Children’s Online Privacy Protection Act (COPPA).

 

  1. Data Retention

We retain personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, to comply with our legal and regulatory obligations, to resolve disputes, to protect our rights, and for other legitimate business purposes.

 

The retention period may vary depending on the type of information and the context. When personal information is no longer needed, we will delete, de‑identify, or anonymize it, or, if this is not feasible (for example, because it is stored in backup archives), we will securely store it and isolate it from further use until deletion is possible.

  1. Your Privacy Rights

Depending on your state of residence and applicable law, you may have certain rights regarding your personal information. Subject to applicable exemptions, these rights may include:

 

    1. Right to know / access: You may have the right to request that we confirm whether we process your personal information and provide you with access to that information, including details about categories and specific pieces of information collected, sources, purposes, and disclosures.
    2. Right to correction: You may have the right to request that we correct inaccurate personal information about you.
    3. Right to deletion: You may have the right to request that we delete personal information we hold about you, subject to certain exceptions (for example, where we are required to retain information by law or for legitimate business purposes).
    4. Right to data portability: In some states, you may request a copy of certain personal information in a portable and, if technically feasible, readily usable format.
    5. Right to opt out of certain uses: You may have the right to opt out of certain processing, such as targeted advertising, the sale or sharing of personal information (as those terms are defined under state law), or certain forms of profiling.
    6. Right to non‑discrimination: We will not discriminate against you for exercising your privacy rights (for example, by denying services, charging different prices, or providing a different level or quality of services), subject to permitted program differences and incentives under applicable laws.

How to Exercise Your Rights

 

You may exercise your rights by contacting us using any of the methods in the “Who We Are and How to Contact Us” section above and indicating the right you wish to exercise. We may need to verify your identity before responding to your request, which may require us to request additional information from you.

If permitted under applicable law, you may designate an authorized agent to submit a request on your behalf. We will respond to verified requests within the timeframes required by applicable law.

If we deny your request, in whole or in part, some state laws may allow you to appeal our decision. If this right applies, we will inform you of how to submit an appeal when we communicate our decision.

 

  1. Email and Electronic Communications


    1. If you provide us with your email address, phone number, or other electronic contact information, you agree that we may use these methods to communicate with you about your bookings, inquiries, and our services. You may also receive promotional messages where permitted by law and in accordance with your preferences.
    2. We comply with the CAN-SPAM Act of 2003 and do not spam or send misleading information. You may opt out of promotional emails at any time by following the unsubscribe instructions in the email or by contacting us directly. Please note that even if you opt out of marketing communications, we may still send you non‑marketing messages relating to your account, transactions, or our ongoing business relationship with you.
    3. You may request to review or change the information in your account or terminate your account.  Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases.  However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements.
  •  

9.SMS Communications

By providing your mobile phone number, you consent to receive SMS (text) messages from us. These may include promotions, cart reminders, and other marketing communications. Message frequency varies, but you will receive no more than three SMS messages per day, and only one cart reminder SMS within 24 hours of any confirmed cart abandonment event. All messages will be sent only between 8:00 AM and 8:00 PM local time. Consent to receive SMS is not a condition of purchase. Further, you can reply HELP for help, and you may opt out at any time by replying STOP and/or by following the instructions to unsubscribe included in any message. Your opt-out request will be processed promptly and honored for the defined time period. Standard message and data rates may apply.

 

Cookies and SMS Abandoned Cart Disclosure. We use cookies to track items you add to your shopping cart, including when you begin but do not complete checkout (“cart abandonment”). This information is only used to trigger a single cart reminder SMS per abandoned cart event, as described above, and such SMS will be sent within 24 hours of the abandonment.

 

Third-Party Data Sharing. Your opt-in status and consent to receive SMS will not be shared with any third party except those vendors, platform providers, or carriers directly involved in delivering SMS services. For further details on data collection, use, and protection, please see the other sections of this Privacy Policy.

We retain records of your consent, opt-out requests, and message events in accordance with applicable consumer protection laws.

 

 

  1. Children’s Privacy

Our Website and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 without verifiable parental consent, as required by COPPA. If we become aware that we have collected personal information from a child under 13 without such consent, we will take steps to delete the information as required by law.

 

Parents or guardians who believe that a child under 13 may have provided us personal information may contact us using the details above.

 

 

  1. Security of Your Information

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. Despite these measures, no method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security, and as such you must take special care before deciding to send us information via email and the transmission of personal information to and from our connected services is at your own risk.

 

 

You are responsible for maintaining the confidentiality of any credentials you use to access our services and for notifying us immediately of any actual or suspected unauthorized use of your account.

 

 

  1. State-Specific Privacy Rights (Including California)

Residents of certain U.S. states, including but not limited to California, may have additional rights under their respective privacy laws. These may include more specific provisions relating to:

 

  1. The categories of personal information collected, disclosed, sold, or shared in the preceding 12 months.
  2. The categories of third parties to whom personal information was disclosed, sold, or shared.
  3. Opt‑out rights related to “sale” or “sharing” of personal information and to targeted advertising.
  4. The use of universal opt‑out mechanisms (such as browser‑based signals) where required.
 

If you are a resident of a state with such laws, you may exercise your rights as described in Section 7 and, where applicable, via any “Do Not Sell or Share My Personal Information” or privacy rights links we may provide on our Website. Additional state‑specific disclosures may be made available on dedicated pages linked from the Website footer.

 

 

  1. International Transfers

We may transfer, store, and process your information in, to, through or with countries other than your own. The level of protection for your information in the United States or such other countries may not be the same as the level of protection in your country.

 

 

In particular, we comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States and has certified its compliance with it. As such, we are committed to subjecting all personal information received from European Union (EU) member countries, in reliance on the Data Privacy Framework, to the Framework’s applicable principles. To learn more about the Data Privacy Framework, visit https://www.dataprivacyframework.gov/Program-Overview.

 

 

We are responsible for the processing of personal information we receive, under the Data Privacy Framework, and subsequently transfer to a third-party acting as an agent on its behalf. With respect to personal information received or transferred pursuant to the Data Privacy Framework, we are subject to the regulatory enforcement powers of the U.S. FTC. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements

 

 

  1. Third-Party Links and Services

The Website may contain links to third‑party websites, applications, or services that are not controlled by NUBA. We are not responsible for the privacy practices of such third parties. We encourage you to review the privacy policies of any third‑party sites or services you visit.

 

 

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the “Last updated” date at the top of this Policy and, where required by law, provide additional notice (such as by posting a notice on the Website or sending you a notification).

 

Your continued use of the Website or our services after any changes become effective signifies that you have read and understood the updated Privacy Policy, to the extent permitted by law.

 

  1. Governing Law

This Privacy Policy and any disputes arising from or relating to it are governed by the laws of the United States and the laws of the State of Florida, without regard to its conflict‑of‑laws principles, except where otherwise required by applicable state or federal law.