01. Data We Collect
We collect personal information you provide directly and data generated through your use of our Service. Here's what we gather and why:
| Data Type | Purpose | Retention |
|---|---|---|
| Email & Name | Account creation, e-ticket delivery | 5 years or longer |
| Payment Info | Process bookings, fraud prevention | 3 years (PCI compliance) |
| Phone Number | Contact verification, support | 2 years |
| Booking History | Personalization, recommendations | 7 years (legal requirement) |
| IP Address & Device Info | Security, fraud detection | 90 days |
| Cookies & Tracking | Analytics, user experience | 12 months (user preference) |
Why we're transparent: We believe you deserve to know exactly what we collect and why. No surprises. No hidden data collection.
02. How We Use Your Data
Your data is used exclusively for the purposes listed below. We never process data for undisclosed reasons.
Essential (Required by Law)
- • Processing payments
- • Fulfilling bookings
- • Legal compliance
Performance (Your Consent)
- • Personalizing content
- • Improving the service
- • Customer support
Security
- • Fraud detection
- • Account protection
- • Cybersecurity
Marketing (Opt-Out Available)
- • Email newsletters
- • Promotional offers
- • Product updates
Your control: You can opt out of marketing emails anytime. Just click "Unsubscribe" at the bottom of any email.
03. Cookies & Tracking
We use cookies to remember your preferences and improve your experience. You control what happens next.
Essential Cookies
Required for security and legal compliance. Cannot be disabled.
Analytics Cookies
Help us understand how you use TruewayTours. You can opt out.
Marketing Cookies
Show you relevant ads. You can disable these anytime.
Your choice: You can manage cookie preferences in your account settings. Essential cookies cannot be disabled for security.
04. Third-Party Sharing
We never sell your data. Period. Here's who we share data with and why:
Payment Processors (Stripe, PayPal)
Only for payment processing. PCI-DSS Level 1 Compliant.
Venue Partners
Limited info (name, booking details) to facilitate your attendance.
Email Service Provider (SendGrid)
For transactional emails and newsletters (you can opt out).
Analytics Services (Google Analytics)
Anonymous, aggregated data only. No personal identification.
What we don't do: We do not broker, sell, or rent your personal information to any third party for marketing purposes. Ever.
05. Your Data Rights
You have powerful rights over your data under GDPR, CCPA, and other privacy laws. Here's what you can do:
Right to Access
Get a copy of all personal data we hold about you in a readable format.
Right to Rectify
Correct or update any inaccurate or incomplete personal information.
Right to Deletion
Request deletion of your data (subject to legal retention requirements).
Right to Restrict
Ask us to limit how we process your data in certain situations.
Right to Data Portability
Export your data in a standard, machine-readable format.
Right to Object
Opt out of marketing, profiling, and automated decision-making.
How to exercise your rights: Submit a request via our "Exercise Your Rights" center below. We'll respond within 30 days as required by law.
06. Security & Encryption
Your data security is paramount. Here's how we protect it:
256-bit AES Encryption
All data in transit and at rest encrypted with military-grade standards.
PCI DSS Level 1 Compliance
Payment data handled by certified processors. Zero on-site card storage.
Regular Security Audits
Third-party penetration testing and vulnerability assessments quarterly.
Multi-Factor Authentication
Optional 2FA available for account protection.
Breach notification: In the unlikely event of a data breach, we will notify affected users within 72 hours as required by law.