SVOYAGER — AI travel search platform

Privacy Policy

Last updated: 1 مايو 2026

1. Who we are

This Privacy Policy explains how SVOYAGER CONCIERGE & CONSULTANCY - FZCO ("SVOYAGER", "we", "us", or "our") — a company registered in the United Arab Emirates under license number IFZA license № 79681 (premises 79681 - 001), with its registered office at IFZA Business Park, Building A1, Dubai Digital Park, Dubai Silicon Oasis, P.O. Box 342001, Dubai, United Arab Emirates — collects, uses, shares, and protects your personal data when you use our website at https://www.svoyager.com, our mobile experiences, our AI chat assistant, and any related services (together, the "Services").

We are the data controller for personal data we collect through the Services. If you have questions about this policy or your data, you can contact us any time at privacy@svoyager.com.

2. What SVOYAGER does (and doesn't do)

SVOYAGER is a travel search platform. We help you find and compare flights, stays, cars, motorbikes, tours, and visa information from third-party providers ("Travel Providers"). When you book, payment is taken by the Travel Provider on their own site — not by us. We are not a travel agent, not a tour operator, and not the merchant of record for your booking.

For some specialised services — for example, complex visa coordination, multi-country itineraries, or family trip planning — you may also choose to engage our human specialists. In that case, this Privacy Policy still applies, and you'll be told upfront when our team will handle parts of your trip directly.

3. The personal data we collect

We collect three categories of personal data:

3.1. Information you give us. When you create an account or send us a message, we receive your name, email address, optional phone number, profile photo (if uploaded), trip preferences, search history within your account, saved guides and trips, and any messages you send to our support team or AI assistant. If you submit a request for visa support or a complex trip, we collect the trip details and any documents you choose to share.

3.2. Information collected automatically. When you use the Services, we automatically receive: device identifiers and browser metadata (user agent, screen size, language); IP address and approximate location derived from it (city / country level only); pages visited, search queries you type into our search bar, results you view, and outbound clicks to Travel Provider sites; cookies and similar technologies (see our Cookie Policy at /cookie-policy for the full list).

3.3. Information from third parties. If you choose to sign in with Google, Apple, or another social provider, we receive the basic profile information they share (typically name and email). When you click through to a Travel Provider, that provider may report back to us (via affiliate networks like Travelpayouts, Commission Junction, Agoda, GetYourGuide) that a booking was made — including the booking value and currency, but never your payment card details. If you contact us via WhatsApp, your phone number and message contents are processed by Twilio (our messaging partner).

4. Why we use your personal data (legal bases)

We process personal data only when we have a legal basis to do so under the EU General Data Protection Regulation (GDPR), the UAE Personal Data Protection Law (PDPL), and other applicable laws.

Performance of a contract (when you use the Services): to operate your account, run searches, save trips, send transactional emails, and provide customer support.

Legitimate interest: to keep the Services secure (rate-limiting, fraud detection through Cloudflare Turnstile and Upstash Redis), to understand how features are used (aggregated analytics through Google Analytics 4 and PostHog), to attribute affiliate commissions, and to improve our AI models and search relevance.

Consent (where required, especially in the EU): to set non-essential cookies, send marketing emails, and use your trip data to personalise recommendations beyond strictly necessary functions.

Legal obligation: to respond to lawful requests from regulators or courts, to keep tax and accounting records.

You can withdraw consent at any time without affecting processing that already happened.

5. Who we share data with

We share personal data only in the cases below. We never sell your data.

Service providers who help us run the platform under contracts that require them to protect your data: Vercel (hosting, edge cache), Supabase (database, auth), Cloudflare (DNS, captcha, analytics), Upstash (rate-limit cache), Sentry (error monitoring), Resend (transactional email), Twilio (WhatsApp), OpenAI / Anthropic / Google AI (LLM inference for the chat assistant), PostHog (product analytics), Trustpilot (review collection), Google Business Profile (review aggregation).

Travel Providers and affiliate networks when you click "View deal" or "Continue to provider": we share the parameters of your search (origin, destination, dates, traveller count, IP-derived country) so that the partner can show you a relevant page. We append our affiliate tracking ID so we can be paid commission if you book. We do not share your name or email unless you explicitly transfer information through our visa-coordination service.

Specialist support partners (Sherpa for eVisa workflows, our human visa specialist team) — only when you actively request specialist help and only data necessary to deliver that help.

Legal authorities if compelled by lawful process or to protect the rights, property, or safety of SVOYAGER, our users, or the public.

In a corporate transaction such as a merger, acquisition, or asset sale, your data may transfer to the new entity. We will tell you if that happens and what your rights are.

6. International data transfers

We are based in the UAE. Some of our service providers (Vercel, Supabase, Cloudflare, OpenAI, Sentry) operate primarily in the United States or European Union. When personal data is transferred out of the UAE or EEA, we rely on Standard Contractual Clauses (SCCs) or other safeguards approved by the relevant authority. You can request a copy of the safeguards in place by emailing privacy@svoyager.com.

7. How long we keep data

We keep personal data only as long as we need it for the purposes above:

Account information: while your account is active, plus 90 days after deletion (for restore-on-request and fraud prevention).

Search history within your account: 18 months, then aggregated.

Outbound click and booking attribution data: 36 months (typical affiliate network look-back).

Support messages and AI chat history: 24 months unless you delete them earlier from your account.

Tax and accounting records: 7 years (UAE legal requirement for businesses).

Analytics data: aggregated and anonymised after 14 months.

8. Your rights

Wherever you are, you have the following rights over your personal data. To exercise any of them, write to privacy@svoyager.com; we will respond within 30 days.

Access — get a copy of the personal data we hold about you.

Correction — ask us to fix anything that is inaccurate.

Deletion — ask us to delete your account and personal data (we will, except where we must keep records for legal reasons).

Restriction — ask us to stop processing for specific purposes.

Portability — receive your data in a structured, machine-readable format.

Objection — object to processing based on legitimate interest, including profiling.

Withdraw consent — turn off non-essential cookies, unsubscribe from marketing, opt out of personalisation.

Complain — lodge a complaint with the UAE Data Office, your local EU data protection authority, or any other supervisory authority that has jurisdiction over you.

9. Cookies and similar technologies

We use cookies and similar technologies for strictly necessary, functional, analytics, and marketing purposes. The full list, our partners, and how to control them is in our Cookie Policy at /cookie-policy.

10. Children

The Services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has given us personal data, write to privacy@svoyager.com and we will delete it.

11. Security

We protect your data with industry-standard measures: TLS 1.2+ in transit, encryption at rest in Supabase and Vercel, password hashing with Argon2, multi-factor authentication for our employee accounts, rate-limiting and bot protection (Cloudflare Turnstile, Upstash), and 24/7 error monitoring (Sentry). No system is perfectly secure, so we recommend you also use a strong unique password and turn on 2FA in your account settings.

12. Changes to this Policy

We will update this Privacy Policy when our practices change or when laws change. The "Last updated" date at the top tells you when. For material changes, we will notify you in-product and via email at least 14 days before the change takes effect.

13. Contact

For any privacy question:

Email: privacy@svoyager.com

Mail: SVOYAGER CONCIERGE & CONSULTANCY - FZCO, IFZA Business Park, Building A1, Dubai Digital Park, Dubai Silicon Oasis, P.O. Box 342001, Dubai, United Arab Emirates