Privacy Policy

Information you provide directly

• Account details: name, email address, phone number, nationality, date of birth
• Profile information: profile photo, preferred language, preferred currency
• Booking details: guest names, passport or NID numbers, travel dates
• Payment information: processed securely through BML, MIB, or Stripe — we do not store raw card data
• Communications: messages sent through our platform, reviews, and support enquiries

Information collected automatically

• Device information: device type, operating system, browser type
• Usage data: pages visited, features used, search queries, booking behaviour
• Location data: approximate location based on IP address, or precise location if you grant permission for map features
• Cookies and tracking technologies (see Section 4)

Information from third parties

• Social login providers (Google, Microsoft, Apple, Facebook): basic profile and email
• Vendors and operators: information they provide about your booking or stay

We use your information to:

• Create and manage your Travelpaxeo account
• Process bookings, reservations, and payments
• Send booking confirmations, QR tickets, and receipts
• Send OTP verification codes via SMS for account security
• Provide customer support and resolve disputes
• Display your personalised trip history, wishlist, and loyalty points
• Show relevant listings and personalised recommendations
• Send transactional notifications (booking updates, payment receipts)
• Comply with legal obligations and prevent fraud
• Improve our platform through analytics and user research

We share your data only as necessary to operate the platform:

• Vendors and operators: We share booking details (guest names, dates, contact) with the resort, restaurant, or activity operator you have booked with
• Payment processors: BML, MIB, and Stripe receive payment data required to process transactions
• Communication providers: Twilio (SMS), Zoho/ZeptoMail (email), Firebase (push notifications) receive your contact details to deliver messages
• Analytics: Anonymised usage data shared with analytics providers
• Legal requirements: We may disclose data if required by law or to protect the safety of our users

We do not sell your personal data to third parties for marketing purposes.

We use cookies and similar technologies to:

• Keep you logged in across sessions
• Remember your preferences (currency, language)
• Analyse platform usage and performance
• Enable real-time features via Pusher

You can manage cookie preferences through your browser settings. Disabling cookies may limit some platform features.

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Account data: retained while account is active, deleted 30 days after account deletion request
• Booking records: retained for 7 years for financial and legal compliance
• Communication logs: retained for 2 years
• Loyalty point history: retained for 3 years

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and personal data
• Portability: Request your data in a portable format
• Opt-out: Unsubscribe from marketing communications at any time
• Withdraw consent: Withdraw consent for data processing where consent is the legal basis

To exercise any of these rights, contact us at [email protected].

We implement industry-standard security measures including:

• HTTPS encryption on all data in transit
• AES-256 encryption for sensitive data at rest
• PCI-DSS compliant payment processing (no raw card data stored)
• Regular security audits and vulnerability assessments
• Two-factor authentication available for all accounts

Travelpaxeo is not directed at children under the age of 18. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal data, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or through an in-app notification. The date at the top of this page indicates when the policy was last updated. Continued use of Travelpaxeo after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or how we handle your data, please contact our privacy team.