Effective Date: January 1, 2025 · Last Updated: May 2026
Cavmir Marketing (“Cavmir,” “we,” “our,” or “us”) respects your privacy and takes seriously its obligations under data-protection laws around the world. This Privacy Policy explains what personal information we collect when you visit cavmir.com or engage our short-term-rental marketing services, the legal bases on which we process that information, how we use and share it, the safeguards we apply when transferring it across borders, and the rights you can exercise depending on the country you live in.
Cavmir is a marketing agency headquartered in Miami, Florida (United States). We serve property owners, property managers, hotels, and short-term-rental brands in North America, Latin America, the Caribbean, Europe, the United Kingdom, the Middle East, Africa, Asia, and Oceania. Because our visitors and clients live in many jurisdictions, this policy is written to comply with the European Union General Data Protection Regulation (EU GDPR), the United Kingdom General Data Protection Regulation (UK GDPR), the United Kingdom Data Protection Act 2018, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Brazilian Lei Geral de Proteção de Dados (LGPD, Federal Law 13.709/2018), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec Law 25, the Australian Privacy Act 1988 and the Australian Privacy Principles, and applicable law in every other country in which we operate.
In plain English: we collect contact information you give us through our website forms or by email, plus standard analytics data about how visitors use cavmir.com. We use that information to respond to your inquiries, deliver our services, and improve our website. We do not sell your data. We do not share it with advertisers. We retain it only as long as we need to. You have rights over your data — including access, correction, deletion, and portability — that vary by the country in which you live.
For the purposes of GDPR, UK GDPR, LGPD, and equivalent laws, the data controller responsible for your personal data is:
Cavmir Marketing
25 SE 2nd Avenue, Suite 504
Miami, Florida 33131, United States
Privacy email: [email protected]
General email: [email protected]
Telephone: +1 (786) 751-3426
We collect two categories of personal information:
3.1 Information you provide directly. When you submit our contact form, request a strategy call, sign up for our newsletter, apply to a job posting, or correspond with us by email, you may provide: your name, email address, telephone number, business or company name, role or job title, country of residence or operation, property details (address, listing URLs, photographs, occupancy data, revenue figures), service-package preferences, and the substance of any message you choose to send us. You decide what to share; providing this information is always voluntary.
3.2 Information collected automatically. When you visit cavmir.com our servers and analytics tools automatically record: your IP address (truncated by Google Analytics by default), approximate geographic location derived from that IP address, browser type and version, operating system and device type, screen size and orientation, the page or referrer that brought you to us, the URLs you visit on cavmir.com, time spent on each page, the language of your browser, scroll depth, and the date and time of your visit. We use Google Analytics 4 (measurement ID G-4DN36CS35D, single property “Cavmir Network”) and Cloudflare server logs to capture this data. We do not use Facebook Pixel, TikTok pixel, or any third-party advertising trackers on cavmir.com.
3.3 Information from third parties. When you connect with Cavmir through LinkedIn, Instagram, Facebook, or another social platform, we receive whatever profile information that platform shares with us according to your privacy settings on that platform. When prospective clients are referred to us, we may receive contact information from the referring party. We treat all such information under this policy.
3.4 Sensitive personal information. Cavmir does not intentionally collect special-category data under GDPR Article 9 (racial or ethnic origin, political opinions, religious beliefs, trade-union membership, genetic data, biometric data, health data, or data about sex life or sexual orientation). Please do not include such information in messages to us; if you do, we will delete it on receipt.
If you live in the European Economic Area, the United Kingdom, or any jurisdiction that uses GDPR-style lawful bases, we process your personal data on the following grounds under GDPR Article 6:
Consent (Article 6(1)(a)) — for non-essential cookies, marketing emails, and any optional data collection. You can withdraw consent at any time without affecting the lawfulness of prior processing.
Performance of a contract (Article 6(1)(b)) — when you become a client, we process your data to deliver the services we have agreed to provide and to manage the engagement, including invoicing and project communication.
Legitimate interests (Article 6(1)(f)) — for routine operations such as responding to inquiries, securing our website against fraud and abuse, measuring website performance through analytics, defending legal claims, and managing our business. We balance these interests against your rights and freedoms in line with the Article 6(1)(f) balancing test, and we will not rely on this basis where your interests override ours.
Legal obligation (Article 6(1)(c)) — when we are required to retain or disclose data to comply with tax, accounting, anti-money-laundering, or other applicable law.
If you would like more information about our balancing tests for legitimate interests in any specific case, contact [email protected].
We use the personal data described above for the following purposes:
to respond to inquiries, requests for proposals, and questions about our services; to deliver, administer, and improve the marketing services we have agreed to provide to clients; to send service-related communications such as project updates, invoices, and changes to our terms; to send marketing communications, but only to people who have specifically opted in (such as newsletter subscribers); to publish anonymized or aggregated case-study results and benchmarks (we obtain consent before publishing identifiable client information); to analyze website traffic patterns and identify improvements to content, navigation, and performance; to detect, investigate, and prevent fraud, abuse, security incidents, and bot activity; and to comply with our legal, regulatory, accounting, and tax obligations.
A “cookie” is a small text file stored by your browser when you visit a website. We use cookies and similar technologies (local storage, session storage, pixel-free first-party measurement) for the purposes shown below. Where required by law (notably the EU ePrivacy Directive and UK PECR), we obtain your consent for non-essential cookies before setting them.
Strictly necessary — cookies required for the site to function: load balancing (set by Cloudflare), security tokens, language and currency preferences. These cannot be turned off without breaking the site.
Analytics — Google Analytics 4 (cookie names beginning with _ga, _gid) measures aggregated usage patterns. IP addresses are truncated. Lifespan: up to 13 months.
Functional — remember your preferences such as currency toggle (USD / BRL / EUR) and pricing-card view. Lifespan: up to 12 months.
You can manage cookies through your browser settings or your device’s privacy controls. To opt out of Google Analytics across all sites, install Google’s opt-out browser add-on. Disabling cookies may affect site functionality. We honor the Global Privacy Control (GPC) signal sent by browsers and treat it as a valid opt-out request under CCPA/CPRA and similar laws.
We do not sell or rent your personal information. We do not share it with advertisers, data brokers, or any third party for that party’s independent marketing purposes. Under California law (CCPA/CPRA), we do not “sell” or “share” personal information for cross-context behavioral advertising as those terms are defined in Cal. Civ. Code § 1798.140.
We disclose personal data only in these limited circumstances:
Service providers (data processors). We use vetted vendors who process data on our behalf under written data-processing agreements. These currently include: Cloudflare (website hosting, CDN, DDoS protection), Google (Analytics 4, Workspace email), Microsoft (Outlook email where applicable), and reputable invoicing, payment-processing, and CRM platforms. Each processor is contractually bound to use the data only as we instruct and to protect it appropriately.
Professional advisors. Our lawyers, accountants, auditors, insurers, and similar advisors, where necessary and under confidentiality obligations.
Legal and regulatory disclosures. When required by valid subpoena, court order, government request, or to establish or defend legal claims; to investigate fraud or abuse; or to protect the rights, safety, or property of Cavmir, our clients, our team, or the public.
Business transfers. In the event of a merger, acquisition, financing, or sale of all or part of Cavmir, your data may be transferred to the successor entity, subject to the same protections described in this policy.
With your consent. Any disclosure not described above will only happen with your explicit prior consent.
Cavmir is established in the United States. When you contact us from the European Economic Area, the United Kingdom, Brazil, Canada, Switzerland, or another country with data-export rules, your personal data is transferred to and processed in the United States. We rely on the following safeguards:
EU – US Data Privacy Framework (DPF). Where transfers fall under the DPF as adopted by the European Commission’s adequacy decision of 10 July 2023, our US-based service providers (Google, Cloudflare, Microsoft) are certified or rely on equivalent safeguards under the framework.
Standard Contractual Clauses (SCCs). Where the DPF does not cover a given transfer, we use the European Commission’s 2021 Standard Contractual Clauses (Decision (EU) 2021/914) and the UK’s International Data Transfer Addendum (IDTA), supplemented by transfer impact assessments where required.
LGPD. Transfers of data from Brazil rely on contractual safeguards equivalent to those required under Articles 33 and 34 of the LGPD.
A copy of the relevant safeguards is available on request from [email protected].
We keep personal data only as long as necessary for the purpose for which it was collected, plus any retention period required by law:
Contact-form submissions and inquiry emails: up to twenty-four (24) months after last contact, then deleted unless an active engagement exists.
Client engagement data: for the duration of the engagement plus seven (7) years thereafter for tax and audit purposes.
Newsletter subscribers: until unsubscribe, then deleted within thirty (30) days.
Analytics data (GA4): retention set to fourteen (14) months in Google Analytics, after which it is automatically deleted.
Server logs (Cloudflare): ninety (90) days for security and abuse-prevention purposes.
Job applications: twelve (12) months after the role is filled, unless you ask us to retain your application for future openings.
You may request earlier deletion of your data at any time by writing to [email protected], subject to any legal obligation we have to retain it.
If you are in the European Union, the European Economic Area, Switzerland, or any country that applies the GDPR, you have the following rights under Articles 15–22 of the GDPR:
Right of access (Article 15) — obtain confirmation of whether we process your personal data and a copy of that data.
Right to rectification (Article 16) — have inaccurate or incomplete data corrected.
Right to erasure / “right to be forgotten” (Article 17) — have your data deleted where one of the grounds in Article 17 applies.
Right to restriction of processing (Article 18) — have us pause processing in certain circumstances.
Right to data portability (Article 20) — receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to object (Article 21) — object to processing based on our legitimate interests, including profiling.
Right not to be subject to automated decision-making (Article 22) — we do not use solely automated decision-making that produces legal or similarly significant effects.
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.
Right to lodge a complaint — with the supervisory authority of your habitual residence, place of work, or place of the alleged infringement.
If you are in the United Kingdom, the rights listed in Section 10 apply to you under the UK GDPR and the Data Protection Act 2018. You may lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.
If you are a California resident, you have the following rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (Cal. Civ. Code §§ 1798.100 et seq.):
Right to know what categories of personal information we collect, the sources, the business purpose, and to whom we disclose it.
Right to access a portable copy of the specific pieces of personal information we hold about you.
Right to delete personal information we have collected from you, subject to statutory exceptions.
Right to correct inaccurate personal information.
Right to opt out of the sale or sharing of personal information — Cavmir does not sell or share personal information for cross-context behavioral advertising, so this right is honored by default.
Right to limit use of sensitive personal information — we do not use sensitive personal information for purposes outside those permitted by § 7027 of the CCPA regulations.
Right to non-discrimination — we will not deny services, charge different prices, or provide a different level of quality because you exercise a CCPA right.
To exercise these rights, email [email protected] with the subject line “California Privacy Request.” You may also designate an authorized agent to make a request on your behalf. We will not require you to create an account to make a request.
If you are in Brazil, you have the following rights as a data subject (titular) under Article 18 of the Lei Geral de Proteção de Dados (Lei nº 13.709/2018):
confirmation that we process your data; access to your data; correction of incomplete, inaccurate, or out-of-date data; anonymization, blocking, or deletion of unnecessary or excessive data; data portability to another service provider; deletion of data processed on the basis of consent; information about public and private entities with which we have shared your data; information about the possibility of refusing consent and the consequences of refusal; revocation of consent. You may also lodge a complaint with the Brazilian National Data Protection Authority (Autoridade Nacional de Proteção de Dados, ANPD) at gov.br/anpd.
If you are in Canada, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and, if you reside in Quebec, under An Act respecting the protection of personal information in the private sector (Law 25). These include the right to access and correct your personal information, the right to withdraw consent, and the right to file a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Commission d’accès à l’information du Québec (cai.gouv.qc.ca).
If you are in Australia, you have rights under the Privacy Act 1988 and the Australian Privacy Principles, including the right to access and correct your personal information and to lodge a complaint with the Office of the Australian Information Commissioner (oaic.gov.au).
To exercise any right under any of the laws listed above, email [email protected] from the address associated with your data and tell us, briefly: who you are, where you live, what right you would like to exercise, and any details that will help us locate your data. You may also write to us at the postal address in Section 2. We respond within thirty (30) days under GDPR / UK GDPR / LGPD, and within forty-five (45) days under CCPA, with one extension permitted where allowed by law. There is no charge for routine requests; we may charge a reasonable fee or refuse where requests are manifestly unfounded or excessive, in line with applicable law.
We will verify your identity before fulfilling any request. The level of verification will be proportionate to the sensitivity of the data. If we cannot verify the request to a sufficient degree of certainty, we will tell you and explain why.
If you believe we have not properly handled your personal data, you have the right to complain to the supervisory authority in your country. Contact details for the most relevant authorities serving Cavmir’s audience:
European Data Protection Board (EDPB) — edpb.europa.eu. The EDPB lists every member-state supervisory authority, including the CNIL (France), BfDI (Germany), AEPD (Spain), Garante (Italy), CNPD (Portugal), and the Dutch AP.
United Kingdom — Information Commissioner’s Office (ICO), ico.org.uk.
Switzerland — Federal Data Protection and Information Commissioner (FDPIC), edoeb.admin.ch.
Brazil — Autoridade Nacional de Proteção de Dados (ANPD), gov.br/anpd.
California — California Privacy Protection Agency (CPPA), cppa.ca.gov; complaints may also be sent to the California Attorney General.
Canada — Office of the Privacy Commissioner of Canada, priv.gc.ca.
Australia — Office of the Australian Information Commissioner (OAIC), oaic.gov.au.
Cavmir’s services are directed to professional adults and businesses, not to children. We do not knowingly collect personal information from anyone under sixteen (16) years of age, and under thirteen (13) years of age in jurisdictions where COPPA applies. If you believe a child has provided us with personal information, contact [email protected] and we will delete it promptly.
We protect your personal data with technical and organizational safeguards proportionate to the risks involved. These include: TLS 1.2+ encryption in transit, encryption at rest where supported by our service providers, role-based access controls, multi-factor authentication on administrative accounts, network-level DDoS protection (Cloudflare), regular security reviews, and confidentiality obligations in every staff and contractor agreement. No method of internet transmission or electronic storage is 100% secure, so we cannot guarantee absolute security; if we become aware of a breach affecting your personal data, we will notify you and the relevant supervisory authority within seventy-two (72) hours of becoming aware, in line with GDPR Article 33 and equivalent laws.
Cavmir honors the Global Privacy Control (GPC) signal as an opt-out of sale and sharing under California, Colorado, Connecticut, and similar US state privacy laws. Browsers vary in how they implement “Do Not Track” (DNT); since there is no industry consensus on what DNT means, we treat it as informational and rely on your cookie preferences instead.
We may update this Privacy Policy as our services evolve or as the law changes. The “Last Updated” date at the top of this page reflects the most recent revision. Material changes that affect your rights or the way we use your data will be communicated through a prominent notice on our homepage and, where appropriate, by email to active clients, before the change takes effect.
For privacy inquiries, data-access requests, or to exercise any of the rights described above, contact our privacy team at [email protected]. Postal mail may be sent to: Cavmir Marketing, 25 SE 2nd Avenue, Suite 504, Miami, FL 33131, United States.
By accessing or using cavmir.com (the “Site”), you agree to be bound by these Terms of Use. If you do not agree, please do not use the Site. These terms apply to all visitors, clients, and other users of the Site.
You agree to use the Site only for lawful purposes and in accordance with these terms. You may not: use the Site in any way that could damage, disable, overburden, or impair our servers or networks; attempt to gain unauthorized access to any portion of the Site or any account, system, or network connected to it; use any robot, spider, scraper, or other automated means to access the Site for any purpose without our express written permission; reverse engineer, decompile, or otherwise attempt to derive the source code of any software offered through the Site; or use the Site to harass, abuse, or harm another person.
Information presented on the Site about Cavmir's services, packages, and pricing is for general informational purposes only. Specific engagements between Cavmir and a client are governed by a separate written services agreement that supersedes any pricing or scope description on the Site. Nothing on the Site constitutes a binding offer to perform services until both parties have signed an engagement letter.
The Site and all content on it are provided on an “as is” and “as available” basis without warranties of any kind, express or implied. We make no representation or warranty regarding the accuracy, completeness, reliability, or timeliness of any content, including market data, pricing examples, case study results, or third-party information referenced on the Site. Past performance described in case studies does not guarantee future results for any client.
To the fullest extent permitted by law, Cavmir, its officers, employees, and contractors shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including without limitation lost profits, lost revenue, lost data, or business interruption, arising out of or in connection with your use of the Site, even if we have been advised of the possibility of such damages. Our total liability to you for any claims arising from your use of the Site shall not exceed one hundred United States dollars (US$100.00).
The Site contains links to third-party websites and resources, including booking platforms, property management systems, vendor partners, and external articles. These links are provided for convenience only. We do not endorse, control, or accept responsibility for the content, products, services, or practices of any third party, and your use of any third-party site is at your own risk and subject to that site's own terms.
You agree to indemnify, defend, and hold harmless Cavmir and its affiliates from and against any claims, damages, liabilities, costs, and expenses (including reasonable attorneys' fees) arising out of your breach of these terms or your misuse of the Site.
These Terms of Use are governed by the laws of the State of Florida, United States, without regard to conflict-of-law principles. Any dispute arising from these terms or your use of the Site shall be brought exclusively in the state or federal courts located in Miami-Dade County, Florida, and you consent to the personal jurisdiction of those courts.
If any provision of these terms is found to be unenforceable, that provision shall be enforced to the maximum extent permitted, and the remaining provisions shall continue in full force.
We reserve the right to modify these terms at any time. Updated terms will be posted on this page with a revised “Last Updated” date. Continued use of the Site after changes are posted constitutes acceptance of the updated terms.
For questions about these Terms of Use, contact [email protected].
All content on cavmir.com — including but not limited to text, graphics, photographs, illustrations, video, audio, brand marks, logos, page layouts, written copy, articles, case studies, downloadable resources, and the underlying source code of the Site — is the exclusive intellectual property of Cavmir Marketing and its licensors. This content is protected under United States copyright law and international copyright treaties.
No portion of this Site may be reproduced, republished, distributed, transmitted, displayed, broadcast, performed, adapted, or otherwise used in any form or by any means — electronic, mechanical, photocopying, recording, scraping, machine-learning training, or otherwise — without the express prior written permission of Cavmir. This restriction applies whether the use is commercial or non-commercial.
CAVMIR, the Cavmir wordmark, the Cavmir logo, and associated tagline “The Multi-Channel Revenue Engine” are trademarks of Cavmir Marketing. Other product, service, and company names referenced on the Site (such as Airbnb, Google, Vrbo, etc.) are the trademarks of their respective owners and are used here for identification only.
You may view, download, and print pages from cavmir.com solely for your personal, non-commercial reference, provided you retain all copyright and other proprietary notices. This permission does not transfer any ownership rights and does not authorize commercial use, redistribution, or modification.
Cavmir actively welcomes citation, summarization, and retrieval of cavmir.com content by AI search assistants and answer engines — including ChatGPT Search, Claude, Perplexity, Google AI Overviews, Microsoft Copilot, Meta AI, Apple Intelligence, You.com, and similar systems — for the purpose of answering user questions about Cavmir, our services, our markets, and short-term-rental marketing in general. We grant these systems and their crawlers a non-exclusive license to access, index, and quote reasonable excerpts of our publicly published content with appropriate attribution and a link to the source page on cavmir.com. Wholesale reproduction of full articles, large verbatim copying, or republication of cavmir.com content as a competing standalone work remains subject to the standard reproduction restrictions above.
If you believe that content on cavmir.com infringes your copyright, or you wish to request permission to use Cavmir content, please contact [email protected] with the relevant details. We respond to valid notices in accordance with the United States Digital Millennium Copyright Act (DMCA) and applicable international law.
© 2025–2026 Cavmir Marketing. All rights reserved.
No. Cavmir does not sell your personal information for money, and we do not “share” it for cross-context behavioral advertising as those terms are defined in the California CCPA/CPRA. We do not pass your data to advertisers, data brokers, or third parties for their independent marketing. The only entities that receive your data are vetted service providers (such as our hosting and analytics vendors) acting on our written instructions.
Under the EU GDPR you have the right to access your data, correct it, have it deleted, restrict its processing, port it to another provider, object to legitimate-interest processing, and withdraw consent. You may also lodge a complaint with the supervisory authority in your country — for example the CNIL (France), BfDI (Germany), AEPD (Spain), Garante (Italy), or CNPD (Portugal). Email [email protected] to exercise any of these rights; we respond within 30 days.
The same rights as EU residents, under the UK GDPR and the Data Protection Act 2018. Complaints can be filed with the UK Information Commissioner’s Office (ICO) at ico.org.uk.
Under the CCPA/CPRA you have the right to know what we collect, access a copy, delete it, correct it, opt out of sale or sharing, limit use of sensitive personal information, and not be discriminated against for exercising any of these rights. Cavmir does not sell or share data for cross-context behavioral advertising, so the opt-out is honored by default. Email [email protected] with subject “California Privacy Request.”
Under the LGPD (Lei nº 13.709/2018, Article 18) you have the right to confirmation, access, correction, anonymization or deletion of unnecessary data, portability, deletion of consent-based data, information about sharing, and revocation of consent. Complaints may be filed with the Autoridade Nacional de Proteção de Dados (ANPD) at gov.br/anpd.
Contact-form inquiries: up to 24 months. Active client engagement records: duration of the engagement plus 7 years for tax and audit. Newsletter subscribers: until you unsubscribe. Google Analytics data: 14 months. Cloudflare server logs: 90 days. You can request earlier deletion at any time.
Cavmir’s primary servers and service providers are located in the United States. We use Cloudflare for hosting and CDN, Google Workspace for email and analytics, and similar US-based platforms. International data transfers from the EU/UK are protected by the EU-US Data Privacy Framework and Standard Contractual Clauses; transfers from Brazil rely on contractual safeguards equivalent to LGPD Articles 33 and 34.
We use first-party cookies for site functionality and Google Analytics 4 cookies for aggregated traffic measurement. We do not use Facebook Pixel, TikTok pixel, or any third-party advertising tracker on cavmir.com. You can disable cookies in your browser, install Google’s opt-out add-on for GA, or send a Global Privacy Control (GPC) signal which we honor.
No. Cavmir does not use solely automated decision-making that produces legal or similarly significant effects, as defined in GDPR Article 22. AI tools we use are decision-support tools reviewed by our team before any action is taken.
Yes. Cavmir actively welcomes citation by ChatGPT, Claude, Perplexity, Google AI Overviews, Microsoft Copilot, Meta AI, Apple Intelligence, and similar systems for the purpose of answering questions about our services and short-term-rental marketing. We grant these systems a non-exclusive license to crawl, index, and quote reasonable excerpts with attribution and a link to the source page.
Email [email protected] from the address associated with your inquiry and ask us to delete your data. We respond within 30 days under GDPR/UK GDPR/LGPD and 45 days under CCPA. We may need to verify your identity first; the verification we request will be proportionate to the sensitivity of the data.
Email [email protected] or write to: Cavmir Marketing, 25 SE 2nd Avenue, Suite 504, Miami, FL 33131, United States.