Privacy Policy

1. Overview

This Privacy Policy explains how SafarWise (“we,” “us”) collects, uses, shares, stores, and protects personal information when you use our website and applications (the “Service”).

We design our practices around transparency, data minimization, and respect for your rights under applicable privacy laws, including the EU/UK General Data Protection Regulation (GDPR) where it applies, and consumer privacy laws such as the California Consumer Privacy Act (CCPA/CPRA) where relevant.

This Policy works together with our Terms of Service and the planning disclaimer shown in our footer and account onboarding.

2. Who is responsible for your data

For most processing described here, SafarWise acts as the data controller (the organization that decides why and how personal data is processed).

When we process data strictly on behalf of another organization under a written agreement, we act as a processor and follow their instructions.

3. Information we collect

• Account data: email address, authentication identifiers, first and last name, and timestamps such as terms/privacy acceptance and disclaimer acceptance.
• Profile and planning data: trip details, destinations, dates, budgets, checklists, notes, memories, photos you upload, and preferences you save in the Service.
• Community data: public trip reports, comments, upvotes, and airline reviews.
• Usage and technical data: device/browser type, IP address, pages viewed, feature interactions, referral URLs, and diagnostic logs needed to secure and operate the Service.
• Communications: messages you send us for support or feedback.
• We do not intentionally collect more sensitive categories (such as government ID numbers or passport scans) unless you voluntarily include them in free-text fields—in which case you should limit what you share and verify official submission channels separately.

4. How we collect information

• Directly from you when you register, plan trips, submit reviews, or contact us.
• Automatically through cookies, local storage, and similar technologies needed for authentication and session management.
• From service providers that host authentication, databases, analytics, or infrastructure on our behalf.

5. Why we use your information

• Provide and maintain the Service, including visa guides, alerts, trip workspaces, and account features.
• Authenticate users, prevent fraud and abuse, and enforce our Terms.
• Personalize your experience (for example, remembering trips or passport context you save).
• Improve content quality, including automated enrichment of visa intelligence where enabled.
• Communicate with you about security, service updates, or support requests.
• Comply with legal obligations and respond to lawful requests.
• With your consent or as otherwise permitted by law, for optional features we clearly describe at the point of collection.

6. Legal bases (EEA/UK users)

Where GDPR applies, we rely on one or more of the following legal bases:

• Contract: processing necessary to provide the Service you request (for example, maintaining your account and trips).
• Legitimate interests: securing the platform, improving features, and operating community features, balanced against your rights.
• Legal obligation: compliance with applicable laws and valid requests from authorities.
• Consent: where required—for example, optional marketing or non-essential cookies when we offer them.

7. When we share information

• Infrastructure and authentication providers (for example, Supabase for auth and database hosting).
• Cloud hosting, email delivery, and security vendors that process data only to provide services to us.
• AI or data providers used to generate or refresh visa and travel intelligence, under contractual safeguards.
• Other users and the public, when you publish trip reports, comments, or reviews.
• Authorities, regulators, or parties involved in legal process, when required by law or to protect rights and safety.
• Successors in a merger, acquisition, or asset sale, subject to this Policy or a successor notice.
• We do not sell your personal information for money. If we ever use data for cross-context behavioural advertising in jurisdictions that define that as “selling” or “sharing,” we will provide required opt-out mechanisms.

8. International transfers

Your information may be processed in countries other than where you live. Where required, we use appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms for transfers from the EEA/UK.

9. How long we keep data

• Account and profile data: while your account is active and for a reasonable period afterward to resolve disputes, enforce Terms, and meet legal obligations.
• Trip and community content: until you delete it, close your account, or we no longer need it for the Service—subject to backups and legal holds.
• Logs and security records: typically for a limited period unless needed for incident investigation.
• You may request deletion as described below; some data may be retained where law requires or where anonymized aggregates are used.

10. Security

We implement administrative, technical, and organizational measures appropriate to the risk, such as access controls, encryption in transit, and monitoring. No method of transmission or storage is completely secure; you use the Service at your own risk and should protect your credentials.

11. Your privacy rights

To exercise rights, use in-app profile settings where available or contact us through the channels listed below. We may verify your identity before responding.

• Access, correction, and deletion of personal data we hold about you, subject to exceptions.
• Restriction or objection to certain processing, and data portability where GDPR applies.
• Withdrawal of consent where processing is consent-based, without affecting prior lawful processing.
• Opt-out of marketing communications at any time.
• For California residents: rights to know, delete, and correct personal information, and to opt out of sale/sharing where applicable.
• Lodge a complaint with your local supervisory authority if you are in the EEA/UK and believe we have not addressed your concern.

12. Children

The Service is not directed to children under 16 (or the higher age required in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided data, contact us so we can delete it.

13. Cookies and similar technologies

We use essential cookies and local storage for authentication, session persistence (including “Remember me” preferences), and security. Non-essential analytics or advertising cookies, if introduced, will be described in a cookie notice with choices where required by law.

14. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the revised version with an updated “Last updated” date and, where required, notify you of material changes.

15. Contact

For privacy questions or requests, contact us through the channels provided in the Service or at the privacy contact published on safarwise.com when available.