Privacy Policy

1. Who we are

This Privacy Policy explains how SVOYAGER CONCIERGE & CONSULTANCY - FZCO ("SVOYAGER", "we", "us", or "our"), a company registered in the United Arab Emirates under license number IFZA license № 79681 (premises 79681 - 001), with its registered office at IFZA Business Park, Building A1, Dubai Digital Park, Dubai Silicon Oasis, P.O. Box 342001, Dubai, United Arab Emirates, collects, uses, shares, and protects your personal data when you use our website at https://svoyager.com, our mobile experiences, SVOYAGER AI (our AI-powered travel planner), and any related services (together, the "Services").

We are the data controller for personal data we collect through the Services. If you have questions about this policy or your data, you can contact us any time at privacy@svoyager.com.

2. What SVOYAGER does (and doesn't do)

SVOYAGER is an AI-powered travel planner and search platform. We help you find and compare flights, stays, cars, bikes, and visa requirements from third-party providers ("Travel Providers"). When you book, payment is taken by the Travel Provider on their own site, not by us. We are not a travel agent, not a tour operator, and not the merchant of record for your booking.

For digital products that SVOYAGER sells directly (currently the SVOYAGER Passport & Visa Photo at $4.99 and, for selected destinations, visa application routing to a licensed partner), this Privacy Policy still applies. The relevant product page tells you what data we collect, where it is processed, and how long it is kept before checkout.

3. The personal data we collect

We collect three categories of personal data:

3.1. Information you give us. When you create an account or send us a message, we receive your name, email address, optional phone number, profile photo (if uploaded), trip preferences, search history within your account, saved guides and trips, and any messages you send to our support team or AI assistant. If you submit a request for visa support or a complex trip, we collect the trip details and any documents you choose to share.

3.2. Information collected automatically. When you use the Services, we automatically receive: device identifiers and browser metadata (user agent, screen size, language); IP address and approximate location derived from it (city / country level only); pages visited, search queries you type into our search bar, results you view, and outbound clicks to Travel Provider sites; cookies and similar technologies (see our Cookie Policy at /cookie-policy for the full list).

3.3. Information from third parties. If you choose to sign in with Google, Apple, or another social provider, we receive the basic profile information they share (typically name and email). When you click through to a Travel Provider, that provider may report back to us (via standard affiliate-tracking networks) that a booking was made, including the booking value and currency, but never your payment card details.

3.4. Information from our direct digital products. When you use the SVOYAGER Passport & Visa Photo ($4.99), you upload a self-portrait image to our website. The image is forwarded server-side to a third-party biometric photo compliance service for ICAO verification; SVOYAGER never persists the original image in our own storage (it exists only in transient request memory and is discarded as soon as the response is returned). The compliance service returns a verification result and a randomly-generated photo identifier; only that identifier is retained on our side, embedded in the corresponding payment-session metadata. After successful payment via our third-party payment processor, the verified clean photo file is briefly stored with a cloud file storage provider (with a cryptographically random unguessable URL) so it can be linked from your delivery email and attached as a file. The cloud-stored copy is automatically deleted by a scheduled cleanup job within 24 hours of delivery. The payment processor provides us only with the email address you enter at checkout (used to send the delivery email through our transactional email provider) and the post-payment status; we do not see, store, or have access to your payment card details at any point.

4. Why we use your personal data (legal bases)

We process personal data only when we have a legal basis to do so under the EU General Data Protection Regulation (GDPR), the UAE Personal Data Protection Law (PDPL), and other applicable laws.

Performance of a contract (when you use the Services): to operate your account, run searches, save trips, send transactional emails, and provide customer support.

Legitimate interest: to keep the Services secure (rate-limiting, bot protection, and fraud detection through anti-abuse providers), to understand how features are used (aggregated analytics through our product-analytics providers), to attribute affiliate commissions, and to improve our AI models and search relevance.

Consent (where required, especially in the EU): to set non-essential cookies, send marketing emails, and use your trip data to personalise recommendations beyond strictly necessary functions.

Legal obligation: to respond to lawful requests from regulators or courts, to keep tax and accounting records.

You can withdraw consent at any time without affecting processing that already happened.

5. Who we share data with

We share personal data only in the cases below. We never sell your data.

Service providers who help us run the platform under contracts that require them to protect your data: cloud hosting and edge delivery providers; database and authentication providers; anti-abuse and bot-protection providers; error monitoring and observability services; transactional email and communications providers; payment processors (for our direct digital products); short-lived cloud file storage providers (for compliance-checked photo files); biometric photo compliance services (ICAO verification); large-language-model inference providers (for SVOYAGER AI); product-analytics platforms; and review-collection and review-aggregation services.

Travel Providers and affiliate networks when you click "View deal" or "Continue to provider": we share the parameters of your search (origin, destination, dates, traveller count, IP-derived country) so that the partner can show you a relevant page. We append our affiliate tracking ID so we can be paid commission if you book. We do not share your name or email unless you explicitly transfer information through our visa application routing service.

Visa-processing partners (the licensed agency selected to handle your visa file, based on destination), only when you actively request visa application routing and only with the data necessary to deliver that help.

Legal authorities if compelled by lawful process or to protect the rights, property, or safety of SVOYAGER, our users, or the public.

In a corporate transaction such as a merger, acquisition, or asset sale, your data may transfer to the new entity. We will tell you if that happens and what your rights are.

6. International data transfers

We are based in the UAE. Some of our service providers operate primarily in the United States or European Union. When personal data is transferred out of the UAE or EEA, we rely on Standard Contractual Clauses (SCCs) or other safeguards approved by the relevant authority. You can request a copy of the safeguards in place by emailing privacy@svoyager.com.

7. How long we keep data

We keep personal data only as long as we need it for the purposes above:

Account information: while your account is active, plus 90 days after deletion (for restore-on-request and fraud prevention).

Search history within your account: 18 months, then aggregated.

Outbound click and booking attribution data: 36 months (typical affiliate network look-back).

Support messages and AI chat history: 24 months unless you delete them earlier from your account.

Tax and accounting records: 7 years (UAE legal requirement for businesses).

Analytics data: aggregated and anonymised after 14 months.

SVOYAGER Passport & Visa Photo: the original selfie is never stored by SVOYAGER (processed in transient memory and forwarded server-side to a third-party biometric compliance service); the delivered clean photo file in our cloud file storage is automatically deleted by a scheduled cleanup job within 24 hours of email delivery.

8. Your rights

Wherever you are, you have the following rights over your personal data. To exercise any of them, write to privacy@svoyager.com; we will respond within 30 days.

Access — get a copy of the personal data we hold about you.

Correction — ask us to fix anything that is inaccurate.

Deletion — ask us to delete your account and personal data (we will, except where we must keep records for legal reasons).

Restriction — ask us to stop processing for specific purposes.

Portability — receive your data in a structured, machine-readable format.

Objection — object to processing based on legitimate interest, including profiling.

Withdraw consent — turn off non-essential cookies, unsubscribe from marketing, opt out of personalisation.

Complain — lodge a complaint with the UAE Data Office, your local EU data protection authority, or any other supervisory authority that has jurisdiction over you.

9. Cookies and similar technologies

We use cookies and similar technologies for strictly necessary, functional, analytics, and marketing purposes. The full list, our partners, and how to control them is in our Cookie Policy at /cookie-policy.

10. Children

The Services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has given us personal data, write to privacy@svoyager.com and we will delete it.

11. Security

We protect your data with industry-standard measures: TLS 1.2+ in transit, encryption at rest with our database and storage providers, password hashing with Argon2, multi-factor authentication for our employee accounts, rate-limiting and bot protection through anti-abuse providers, and 24/7 error monitoring through a third-party observability service. No system is perfectly secure, so we recommend you also use a strong unique password and turn on 2FA in your account settings.

12. Changes to this Policy

We will update this Privacy Policy when our practices change or when laws change. The "Last updated" date at the top tells you when. For material changes, we will notify you in-product and via email at least 14 days before the change takes effect.

13. Contact

For any privacy question:

Email: privacy@svoyager.com

Mail: SVOYAGER CONCIERGE & CONSULTANCY - FZCO, IFZA Business Park, Building A1, Dubai Digital Park, Dubai Silicon Oasis, P.O. Box 342001, Dubai, United Arab Emirates

14. Travelers: visibility, location, and messages

If you turn on Travelers visibility, you choose to appear to other signed-in members who are searching a city or destination. Visibility is off by default. When it is on, we show an approximate area (such as a district or city), never your exact coordinates, hotel, or home address. We derive this area from a location you enter or, with your permission, from your device, and we round it before it is shown to others. Your visibility expires automatically (at the end of your trip dates or within 24 hours), and you can turn it off instantly at any time. We use this data only to power discovery within Travelers and we never sell it.

Travelers also lets members send message requests and, once accepted, exchange messages. These messages are encrypted in transit and at rest, but they are not end-to-end encrypted, so our systems can process them to keep the community safe (detecting spam, scams, and abuse), investigate reports, and provide optional features you choose to use. SVOYAGER AI only reads or acts on a conversation when you explicitly invoke it (for example by tapping an AI action or mentioning @SVOYAGER), for translation, safety tips, or group trip planning. We do not silently read private conversations. The rules for this community are in our Community Guidelines at /community-guidelines.