Privacy statement

Privacy statement

This privacy notice tells you what personal data and non-personal data we may collect from you, how we collect it, how we protect it, how we may share it and how you can access and change it.

On this page

Effective date: May 24, 2018

Data we may collect

In joining and using Travelfish
When you become a Travelfish member, we require the following as an absolute minimum to create your account. A username, an email address and a password.

Your password is stored in a hashed (encrypted) format. We never see, nor have access to, the password in the plaintext format you entered it as. So for example, if your password was “password” we store it as something like “VBJKHSLFJBSKDAH&^^$$&**(&”. This is widely viewed as a secure way of handling passwords.

As a part of the sign-up process, aside from the above, we collect and store the following:

* The date, time and IP address used at the time of signing up
These are both used for fraud prevention (signing up for multiple accounts for example).

During the lifetime of your membership, we may collect other information as you come and go using the website. This information may include:

* If you have opted in as a subscriber to our newsletter
This allows us to determine if you should be shown a prompt to sign up for the newsletter.

* The time and date of the last time you logged in and how many times you have logged in overall
These both help us to measure how engaged our readers are.

* How many (if any) forum threads and posts you have started
This allows us to display these totals alongside your member name in the forum. We also record the date and time and IP address of forum posts for fraud prevention purposes.

* How many (if any) PDF guides you have downloaded
We record when you downloads a PDF travel guide to allow us to better gauge which guides are popular.

Any other information is optional and can be entered at your will in the profile pages within the membership section of the site. Not all of this is displayed on the public facing site, but all of the optional information can be removed by you from the member profile pages in the member section of the website.

Server logs

The web server which hosts the Travelfish website automatically records every raw request for a file on the server. The process of looking at a single page may entail requesting dozens of individual files (the HTML, the images, stylesheets and so on are each made by a single request).

In doing this, information including the previous page you were on (e.g.,, the type of browser you are using (e.g., Safari, Opera, Mozilla, Chrome, Internet Explorer), the screen size and type of operating system you are using, (e.g., Linux, MacOS, Windows XP), the type of mobile device (if you are using one) along with your IP address may all be recorded.

Here is an example entry from our raw access log: - - [21/May/2018:07:08:51 -0500] "GET /islands.php HTTP/1.1" 301 246 "" "Mozilla/5.0 (Linux; Android 8.0.0; SM-G950F Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.158 Mobile Safari/537.36 [Pinterest/Android]"

To explain the above: The client IP address
21/May/2018:07:08:51 -0500 The date and time of the request
GET /islands.php HTTP/1.1 How your browser requested the page (in this case GET), the page requested (islands.php) and the protocol (HTTP 1.1)
301 246 The server response code and the size of the file (in this case a redirect) the referring page (ie., the page you came from)
Mozilla/5.0 (Linux; Android 8.0.0; SM-G950F Build/R16NW; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.158 Mobile Safari/537.36 [Pinterest/Android] The user agent, ie., a whole bunch of information about the browser, operating system and so on.

The above information is archived daily on the Travelfish server and current log files are deleted at the end of each month. Logs are retained over this period primarily to protect against security threats—for instance if someone is attacking the server, clues can reveal themselves is these log files.

Google Analytics

We use Google analytics to measure site usage and performance. It records no personally identifiable information from Travelfish readers.

With regard to user privacy, we have anonymised the IP address which Google Analytics receives. IP Addresses generally are in the format XXX.XXX.XXX.XXX, so the anonymising process drops the final three numbers.

Secondly we have disabled Google Analytics demographics and interest reports. These are typically used for remarketing (ie., the ads that chase you all over the web) and extra reporting features. We have disabled both of these features.

No personally identifiable information is transferred from Travelfish to Google Analytics. You can read more on Google Analytics privacy position here.


We use cookies on the site to enable members to stay logged in to the site and to control in some instances what they see. For example if a signed in member already receives our newsletter, prompts to sign up for the newsletter will not be shown, or a logged in member would not be shown a prompt to become a member and so on.

We set a single session cookie on each visitor to the site. This retains no personally identifiable information for readers and we use it to maintain state for logged in readers—ie., so that if you are logged in the site “remembers” you are logged in when you land on the next page of the site. Unless you check the “remember me” check box when you log in (see below), this cookie is removed when you close your browser. We also use a cookie (called “travelfishnews”) to let us now if you have signed up for the newsletter. You can read more about what a session cookie is here.

If you click on the “Remember me” check box when you log in, then we set a single persistent cookie (called rememberme) and we use that to remember you are still logged in if you close your browser. This cookie is set to expire after two weeks, but if you log out of the site (by clicking on “Log out”) it is removed immediately. We use this to allow members to not need to log in every time they visit the site. Remember Me is not enabled by default. You can read more about what a persistent cookie is here.

Google Analytics sets up to three cookies on every page of the Travelfish website. They are called _ga, _gid and _gat. The first two are used to distinguish individual readers from one another and the third is used throttle request rate. They collect no personally identifiable information. For more information, please see the Google Analytics Cookie Usage on Websites page.

Third party partners

Our third party partner World Nomads may set a cookie when you visit pages on Travelfish which display creatives from them. You can read World Nomads’ privacy policy here.

Our mapping partner Mapbox may set a cookie when you visit pages on Travelfish which display maps from them. To learn what information they collect and what they do with it, you can read the relevant section of Mapbox’s privacy policy here.

Social sharing buttons and logins, tracking pixels etc

None of these products are used on Travelfish.


The Travelfish newsletter is managed by Aweber, and, if a Travelfish reader receives it, their email is stored on the Aweber server. You do not need to be a Travelfish member to receive the Travelfish newsletter. Readers can unsubscribe using the link in the bottom of each email, and, as soon as you do this, your email is removed from the mailing list. We delete these addresses from Aweber weekly (as a part of the process when we send the newsletter). You can read Aweber’s full privacy policy here.

Other email communication

Where explicitly requested, we may send emails to readers regarding matters such as password resets, account activations and notifications of replies on the forum. These are all clearly opt in or explicitly requested by the recipient. In some cases (for automatic emails only) we use Mandrill (a MailChimp service) to send emails in which case your email address and the message is stored on their servers. You can read up on their privacy policy here.

Deactivating account

As of May 25, 2018, if a member chooses to deactivate their account, we anonymise their member name, email address and any IP address data related to their account. This is done manually, upon request, after a member contacts us to deactivate their account.


We use Paypal and Stripe for membership payments. Stripe and Paypal are responsible for all payment processing—no credit card, nor other payment-related information is seen, recorded nor stored by Travelfish. Stripe currently sets cookies which may collect personally identifiable information when we load the button for payment via Stripe. You can read the full Stripe privacy policy here.

Data portability

You have the right to request and get your personal data that you have provided to us for your own purposes. We will provide your data to you within 30 days of your request. To request your personal data, please contact us.

How to Contact Us

If you have any questions or concerns about the Travelfish online policy you may contact us through our contact page.

If you wish to write to us, you can contact us at:
Travelfish Pty Ltd.
9 Robinson Close
Hornsby Heights
New South Wales