Legal

Privacy Policy

Last updated: 1 May 2026 · Plain English, GDPR-aligned.

1. Who we are

Ozes ("we", "us") is operated by Ozes Travel Technologies, a company registered in Cairo, Egypt, with a representative office in Lisbon, Portugal. For privacy questions you can reach us at privacy@ozes.travel.

2. What we collect

Account data (name, email, password hash); trip details you share with us (destinations, dates, preferences, party size); enquiry data (name, email, phone, travelers, dates and message); device and usage data (IP, browser, pages visited) collected via Google Analytics 4 (see our Cookie Policy); communications you send us by email or WhatsApp. Public card payments are not active in Phase 1.

3. How we use it

To handle your enquiries and show you the trips you've saved; to confirm and manage bookings with our partner operators; to send transactional emails (booking confirmations, reminders); to improve the product through aggregated analytics; to detect fraud and abuse; to comply with legal obligations.

4. Legal bases (GDPR)

Contract — to deliver the trip you booked. Legitimate interest — to improve the product and prevent abuse. Consent — for optional marketing emails, which you can withdraw any time. Legal obligation — for tax records and fraud reporting.

5. Sharing

We share the minimum data needed with: tour operators and hotels for trips you ask us to plan or confirm; infrastructure providers (Cloudflare, Supabase); transactional email providers (Resend); our analytics provider (Google Analytics 4 — loaded only after you consent in the EU/UK); and future payment processors only if online payment is enabled later. We never sell your personal data and we never share it with advertisers.

6. International transfers

Some processors are based outside the EU/UK. We rely on Standard Contractual Clauses and equivalent safeguards. A list of subprocessors is available on request.

7. Retention

Trip and booking records: 7 years (tax law). Account data: until you delete your account, then 30 days for backups. Marketing data: until you unsubscribe. Analytics: 14 months in aggregated form.

8. Your rights

You can access, correct, export or delete your personal data at any time from Profile → Privacy, or by emailing privacy@ozes.travel. You also have the right to lodge a complaint with your local data protection authority.

9. Cookies & analytics

We use strictly necessary cookies for sign-in and security, and — only with your consent — Google Analytics 4 to measure how the site is used. In the EU, EEA, UK and Switzerland, analytics cookies are disabled by default until you accept via our cookie banner (Google Consent Mode v2); elsewhere they are on by default and you can opt out at any time. We do not use third-party advertising cookies. Full details, and how to change or withdraw your choice, are in our Cookie Policy.

10. Children

Ozes is not intended for users under 16. We do not knowingly collect data from children. If you believe we have, contact us and we will delete it.

11. Security

Data is encrypted in transit (TLS 1.2+) and at rest. Passwords are hashed with bcrypt. Access to production systems requires hardware-key MFA and is logged.

12. Changes

We will notify you by email at least 14 days before any material change to this policy.

Questions? Email privacy@ozes.travel.