How TLL handles your data.
The short version
If you join TLL, share a story, or just read the library, here's what we do with your data:
- We collect the bare minimum needed to run the platform.
- We use Google Analytics to understand what works, only with your consent.
- We use Memberstack as our auth partner. They follow GDPR.
- We will never sell your data. Not to advertisers. Not to data brokers. Not to anyone.
- You can delete your account anytime, take your stories with you, or stay anonymous from day one.
- EU/UK residents have full GDPR rights. We respect them.
The legal version is below. It's long because lawyers. The spirit is above.
1. Who runs this thing
That Layover Life ("TLL," "we," "us") is operated by Nancy Carleton, an independent American expat based in Copenhagen, Denmark. TLL is a community-powered travel storytelling platform.
Contact:hello@thatlayover.life
Business location: Copenhagen, Denmark
Data Controller: Nancy Carleton
For privacy concerns or data requests, we respond within 14 days.
2. What we collect, and why
When you visit the site (no account needed)
- IP address (anonymized for analytics)
- Browser type, device type, screen resolution
- Pages visited, time on page, referring site
- Whether you accepted or rejected cookies
- Approximate location (city-level, never precise)
Why: to understand which stories resonate, fix broken pages, improve the editorial mix. We use Google Analytics 4 with IP anonymization and a 14-month data retention window.
When you create an account
- Email address (required)
- First name (required for Google flow)
- Google account profile photo (if you sign in with Google)
- Date you joined
- Membership plan (currently free "Traveler")
Why: to give you a member account so your travel passport, stories, and bookmarks persist across sessions.
When you submit a story
- The content itself (text, photos, country tag, traveler credit choice)
- Your credit toggle: named, anonymous, or pen name
- Your syndication preferences (allow republish, press inquiries)
- Timestamps and editorial status
When you fill your travel passport
- Country list (where you've been)
- Pet records (name, species, microchip number if you choose, always stored privately)
- Layover cities, marathon list, continents marathoned
What we do NOT collect
- Precise GPS location (ever)
- Financial information (TLL is free; no card data passes through us)
- Health records, sexual orientation, political views, religious beliefs, biometrics
- Children under 16's data (TLL is for adults)
3. Cookies and tracking
TLL uses cookies, but only with your active consent (per GDPR and ePrivacy). When you first visit, a Cookiebot banner asks you to choose.
You can change your cookie choices anytime by clicking Cookie Preferences in the footer.
4. How we share data (and who with)
We use the following third parties to run TLL. They're contractually bound to GDPR-equivalent standards and cannot use your data for their own purposes.
- Memberstack: authentication, member accounts
- Webflow: site hosting and CMS
- Google Analytics 4: analytics (only with consent)
- Cookiebot: consent management
- Google Sign-In (OAuth): only when you click "Continue with Google"
We don't sell your data. Never. If TLL is ever acquired, we will notify members before transferring data and give the option to delete.
5. Your data, your control
If you're in the EU/EEA/UK (GDPR rights)
You have the right to access, correct, delete, export, restrict processing, object, and withdraw consent. Email hello@thatlayover.life with subject "GDPR Request". We act within 30 days. You can also lodge a complaint with the Danish Data Protection Agency (Datatilsynet).
If you're in California (CCPA/CPRA rights)
You have the right to know, delete, opt out of any "sale" (which we don't do), and non-discrimination.
Delete your account
Go to /account → Settings → Delete Account. Your data is deleted within 30 days. Offsite archive purged within 90 days.
6. The Anonymous Traveler treatment
Three credit modes per story: Named (full name + avatar), Pen name (name of your choosing, no avatar), or Anonymous Traveler (badge only, EXIF stripped from photos, no name in any byline).
7. Children
TLL is built for adults. You must be at least 16 to create an account. We don't knowingly collect data from anyone under 16.
8. Data security
- All traffic encrypted with TLS 1.3 (Webflow auto-SSL)
- Memberstack hashes passwords with bcrypt
- Google OAuth means we never store your Google password
- Production backups encrypted at rest
If there's ever a data breach, we'll notify affected users within 72 hours per GDPR.
9. International transfers
TLL is operated from Copenhagen. Some processors are US-based. Data transferred to the US is covered by Standard Contractual Clauses (SCCs) per the EU-US Data Privacy Framework where applicable.
10. Changes to this policy
Material changes get emailed to all members 30 days in advance, with a banner on the site. This is version 1, effective 20 May 2026.
Contact
Privacy questions or requests: hello@thatlayover.life
Related: Terms of Service · Editorial Charter · Cookie Declaration
Travel stories deserve a better home than a group chat. That home should also respect the privacy of the traveler.