Privacy Policy

When you book a room, parking pass, or event: first and last name, email, phone, mailing address, license plate (parking only), names of additional guests in your party, payment information (handled by Stripe — see "Processors" below), and any optional notes you add.

When you submit a contact or inquiry form: name, email, phone, and whatever details you include in the message.

When you visit the site: standard server logs (IP address, browser, referrer, pages visited, timestamps), plus analytics events via Google Analytics 4 and Google Ads, and a Meta (Facebook) Pixel for advertising attribution.

We do not collect data about you from data brokers. We don't fingerprint your device beyond standard browser metadata.

Booking and inquiry data is used to: deliver the service you requested (confirm the reservation, send the parking pass PDF, route you to the right valet lane), follow up about your stay, and maintain accurate hotel records. Analytics data is used to: understand which pages drive bookings, improve the booking flow, and measure marketing campaign performance.

We do not sell your personal information. We do not share booking data with third-party marketers.

The data above is stored or processed by:

• Stripe — payment processing. We never see your card number.
• Supabase — database hosting for booking records, on our own infrastructure.
• Resend — outbound email delivery (confirmations, receipts).
• Vercel — website hosting and serverless functions.
• Google Analytics 4 — anonymous-ish traffic analytics.
• Google Ads — conversion tracking for paid ads.
• Meta (Facebook) Pixel — conversion tracking for Meta ads. You can opt out via the cookie banner.
• Apple Wallet / Google Wallet — optional digital pass delivery.

Each of those providers has its own privacy policy. We've chosen them because they're considered industry-standard and operate under SOC 2, GDPR, and CCPA frameworks.

California residents (CCPA/CPRA) can request a copy of the personal information we hold about you, request that we delete it, or opt out of any "sale" of personal information (we don't sell — but you have the formal right). Email hello@theworldofblue.com with "CCPA Request" in the subject line; we respond within 45 days.

EU/UK residents (GDPR) have the right to access, rectify, delete, restrict processing, or port your personal data, plus the right to object to processing for marketing purposes. Same email, "GDPR Request" in the subject; we respond within 30 days.

Anyone can ask us to delete their information at any time, even if you're not in a jurisdiction with a formal right.

Strictly-necessary cookies (booking session state, fraud prevention) are set automatically and can't be disabled.

Marketing cookies (Meta Pixel, ad attribution) only fire after you accept the consent banner. You can change your choice at any time via the "Cookie Preferences" link in the footer.

Booking records are kept for 7 years for accounting and tax compliance. Inquiry records are kept for 3 years. Analytics data is retained per Google's standard retention windows (14 months by default).

Match-day passes and shuttle codes are deleted from our active systems 30 days after the match.

Privacy questions or requests: hello@theworldofblue.com · (201) 896-0500.

This policy is provided for transparency. It is not a substitute for legal advice; we recommend you contact counsel if you need to understand how the law applies to your situation. World of Blue reserves the right to update this policy; material changes will be highlighted on this page.