Legal
Privacy policy
Last updated: July 10, 2026. This policy is a pre-launch working draft and will be finalised with legal counsel before bookings open.
1. What we collect
Account details (name, email, phone), booking details (trip dates, group size, and — where required for park permits — traveler names, dates of birth and passport numbers), communication on the platform (inquiry threads, quotes, reviews), and technical data (device, pages visited, approximate location) used to run and improve the service.
We do not store full card numbers. Payments are processed by our licensed payment service provider, which handles card data under its own PCI-DSS-compliant systems.
2. How we use it
To operate the marketplace: matching you with operators, processing bookings and payments, sending transactional messages (booking confirmations, balance reminders, payout notices), preventing fraud, providing support, and meeting legal obligations. With your consent, we may also send occasional product updates — you can opt out at any time.
3. What we share with operators
When you book or request a quote, the operator receives what they need to serve you: your name, group details, trip dates, your messages, and — for confirmed bookings that include park permits — the traveler identity details required by the Rwanda Development Board to issue those permits. Operators may not use your details for anything beyond your trip.
4. Cookies
We use essential cookies to keep you signed in and remember preferences such as display currency, plus privacy-respecting analytics to understand how the site is used. We do not sell your personal data.
5. Retention and security
We keep booking and payment records for as long as required for tax, accounting and dispute-resolution purposes, and delete or anonymise data when it is no longer needed. Data is encrypted in transit, access is restricted within our team, and permit-related identity documents are stored only as long as the permit process requires.
6. Your rights
You may access, correct, export or delete your personal data, and object to or restrict certain processing, subject to records we must keep by law (for example completed booking invoices). Rwanda's Law No. 058/2021 on the protection of personal data and privacy applies; travelers in other jurisdictions may have additional rights under local law (such as the GDPR).
7. Children
The platform is for users aged 18 and over. Child travelers appear only as booking participants added by an adult.
8. Changes and contact
We will announce material changes to this policy on the platform. For privacy questions or to exercise your rights, contact privacy@trip2rwanda.com.