Privacy Policy

Holidayys.com - Your Privacy Matters to Us

Last Updated: January 25, 2025

This Privacy Policy describes how Holidays Tours LLC (referred to as "we," "us," or "our") collects, uses, stores, and protects your personal information when you access and use our website, mobile applications, and services (collectively, the "Services"). We are committed to protecting your privacy and ensuring transparency in our data practices.

Table of Contents

We collect various types of information to provide and improve our services:

Personal Information You Provide

  • Account Information: Name, email address, phone number, mobile number, WhatsApp number, date of birth, nationality, and password when you create an account
  • Travel Booking Information: Passport details (number, issue/expiry dates, nationality), travel dates, destinations, accommodation preferences, flight details, and passenger information
  • Visa Application Information: Passport scans, photographs, employment details, financial information, travel history, and supporting documents required for visa processing
  • Payment Information: Payment method details (credit/debit card information is processed securely through third-party payment gateways - we do not store complete card details), billing address, and transaction references
  • Communication Data: Messages sent through our contact forms, WhatsApp conversations, email correspondence, and customer support interactions
  • Business Information (B2B Clients): Company name, trade license number, tax registration, contact person details, and business address

Information Automatically Collected

  • Session Data: Login/logout timestamps, session duration, IP address, device type, browser name and version, operating system, and user agent information
  • Activity Tracking: Pages viewed, features used, actions performed, navigation patterns, and time spent on different sections of our platform
  • Location Data: IP-based geolocation (country, city, region, timezone, ISP) for security and service optimization purposes
  • Device Information: Device identifiers, screen resolution, browser capabilities, and installed plugins
  • Performance Data: Page load times, error logs, and application performance metrics

Note: We collect only the information necessary to provide our services effectively. You can choose not to provide certain information, but this may limit your ability to use some features of our Services.

We use the collected information for the following purposes:

  • Service Delivery: To process and fulfill your travel bookings, visa applications, hotel reservations, flight bookings, and other travel-related services
  • Account Management: To create and manage your user account, authenticate your identity, and provide personalized dashboard access
  • Payment Processing: To process payments, issue invoices, manage refunds, and maintain financial records
  • Customer Support: To respond to your inquiries, provide technical support, and resolve issues through email, WhatsApp, or phone
  • Communication: To send booking confirmations, visa status updates, payment receipts, and important service notifications
  • Marketing (with consent): To send promotional offers, travel packages, special deals, and newsletters (you can opt-out anytime)
  • Service Improvement: To analyze usage patterns, improve our platform functionality, develop new features, and enhance user experience
  • Security & Fraud Prevention: To monitor for suspicious activities, prevent unauthorized access, detect fraud, and ensure platform security
  • Legal Compliance: To comply with legal obligations, respond to lawful requests from authorities, and enforce our terms of service
  • Analytics & Reporting: To generate business insights, performance reports, and statistical analysis (using anonymized data where possible)

Data Storage Infrastructure

  • Primary Database: Supabase (PostgreSQL) hosted in the Asia-Pacific South region (Mumbai, India)
  • Custom Domain: All data is accessed through our secure custom domain (server.holidayys.co)
  • File Storage: Secure cloud storage for documents, passport scans, and visa-related files
  • Backup & Recovery: Regular automated backups with point-in-time recovery capabilities

Security Measures

  • Encryption: All data transmitted between your device and our servers is encrypted using industry-standard SSL/TLS protocols (HTTPS)
  • Authentication: Secure user authentication with encrypted password storage and session management
  • Access Control: Role-based access control (RBAC) ensuring users can only access authorized data
  • Database Security: Row-level security (RLS) policies protecting sensitive data at the database level
  • Activity Monitoring: Comprehensive audit logs tracking all data access and modifications
  • Security Scoring: Automated security scoring system monitoring session activities for suspicious behavior

Important: While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to protect your personal information.

We work with trusted third-party service providers to deliver our services. We share your information only when necessary and ensure these partners maintain appropriate data protection standards.

Third-Party Services We Use:

  • WhatsApp Business API: For customer communication, booking confirmations, and support (messages are processed through Meta's WhatsApp platform)
  • Email Service Providers (SendGrid): For sending transactional emails, booking confirmations, and notifications
  • Payment Gateways: PayPal, Stripe, Network International, and Telr for secure payment processing (we do not store complete credit card details)
  • Amadeus API: For hotel search and booking services (travel data is shared for reservation purposes)
  • IP Geolocation Services (IP-API.com): For location-based services, security monitoring, and fraud detection (supports both IPv4 and IPv6)
  • Cloud Infrastructure (Supabase): For database hosting and authentication services
  • Hosting & CDN (Netlify): For website hosting and content delivery
  • OpenAI API: For passport scanning and document processing features (processed data is not retained by OpenAI)

When We Share Your Information:

  • Service Providers: With vendors who help us operate our business (hosting, payment processing, email delivery, customer support)
  • Travel Partners: With airlines, hotels, visa processing centers, and other travel service providers to fulfill your bookings
  • Legal Requirements: When required by law, court order, or governmental regulations
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to affected users)
  • With Your Consent: When you explicitly authorize us to share your information

Note: We do not sell your personal information to third parties for marketing purposes. All data sharing is strictly for service delivery and operational purposes.

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and improve our services.

Types of Data Stored Locally:

  • Authentication Tokens: Stored in browser local storage to maintain your login session (Supabase auth tokens)
  • Session Data: Session ID, user preferences, and temporary application state
  • Cache Data: Temporary storage of frequently accessed data for performance optimization
  • User Preferences: Display settings, language preferences, and dashboard configurations
  • Analytics Data: Page views, feature usage, and interaction patterns (stored locally before transmission)
  • PWA Installation Data: Progressive Web App installation prompts and user responses

How to Manage Cookies:

  • You can configure your browser to refuse all cookies or alert you when cookies are being sent
  • Disabling cookies may limit your ability to use certain features of our Services
  • You can clear your browser's local storage and cache at any time
  • Session cookies are automatically deleted when you close your browser

Third-Party Analytics:

We use Google Analytics and Meta Pixel to understand how visitors interact with our website. These services help us improve user experience and measure the effectiveness of our marketing efforts.

We use analytics and advertising tracking to improve our services and provide you with relevant content. You can manage your tracking preferences below.

Current Tracking Status:

Status Unknown

Unable to determine current tracking status

Manage Your Tracking Preferences:

What Happens When You Opt-Out?

  • Analytics data will not be sent to Google Analytics
  • Advertising data will not be sent to Meta Pixel
  • Your browsing behavior will not be tracked
  • Your preference is saved in your browser
  • You can opt back in at any time

You have the following rights regarding your personal information:

  • Right to Access: You can request a copy of the personal information we hold about you
  • Right to Rectification: You can request correction of inaccurate or incomplete personal information
  • Right to Erasure: You can request deletion of your personal information (subject to legal retention requirements)
  • Right to Data Portability: You can request your data in a structured, machine-readable format
  • Right to Object: You can object to processing of your personal information for marketing purposes
  • Right to Restrict Processing: You can request limitation of how we process your data
  • Right to Withdraw Consent: You can withdraw consent for data processing at any time (where processing is based on consent)
  • Right to Opt-Out: You can unsubscribe from marketing emails using the unsubscribe link in our emails

How to Exercise Your Rights:

To exercise any of these rights, please contact us at info@holidayys.com or call +971 4 589 0001. We will respond to your request within 30 days.

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Retention Periods:

  • Account Information: Retained while your account is active and for 7 years after account closure (for legal and tax purposes)
  • Booking Records: Retained for 7 years after booking completion (for accounting and legal compliance)
  • Payment Records: Retained for 7 years (as required by UAE tax and financial regulations)
  • Communication Logs: Retained for 3 years for customer service quality and dispute resolution
  • Session & Activity Logs: Retained for 90 days for security monitoring and analytics
  • Marketing Data: Retained until you unsubscribe or request deletion

After the retention period expires, we securely delete or anonymize your personal information.

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18 without parental consent.

While we may process information about minors as part of family travel bookings, this is done with the consent and under the supervision of a parent or legal guardian who creates the booking.

If you believe we have inadvertently collected information from a child under 18 without proper consent, please contact us immediately at info@holidayys.com, and we will take steps to delete such information.

Your information may be transferred to, stored, and processed in countries other than your country of residence, including:

  • India: Our primary database is hosted in the Asia-Pacific South region (Mumbai)
  • United States: Some third-party services (payment gateways, email providers) may process data in the US
  • European Union: Certain travel partners and service providers may be located in the EU

When we transfer your personal information internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant data protection authorities
  • Ensuring third-party service providers comply with applicable data protection laws
  • Implementing technical and organizational security measures

By using our Services, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You:

  • We will post the updated Privacy Policy on this page with a new "Last Updated" date
  • For material changes, we will provide prominent notice on our website
  • We may send you an email notification if you have an account with us
  • Continued use of our Services after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Holidays Tours LLC

Office Address

Shop#35 Wilson Building
2nd December Street
Al Jaffliya, Dubai
United Arab Emirates

Business Hours

Monday - Friday: 9:00 AM - 8:00 PM
Saturday: 10:00 AM - 6:00 PM
Sunday: 12:00 PM - 5:00 PM

Response Time: We aim to respond to all privacy-related inquiries within 30 days. For urgent matters, please call us directly.

Your Privacy is Our Priority

At Holidayys, we are committed to protecting your personal information and maintaining your trust. This Privacy Policy reflects our actual data practices and is based on our real application infrastructure. We continuously review and update our security measures to ensure your data remains safe.