Privacy Policy

How we protect your travel agency data

Last Updated: January 1, 2026

📋 Contents

Introduction
Information We Collect
How We Use Your Data
Data Storage & Security
Third-Party Services
Your Rights
Policy Updates

1. Introduction

We respect your privacy and are committed to protecting the personal and business data of our users. This Privacy Policy explains how MTravels — our Travel Agency Management SaaS platform — collects, uses, stores, and protects information.

By using our Platform, you agree to the practices described in this policy. If you have any questions about our privacy practices, please contact us at allahdadmuhammadi01@gmail.com.

2. Information We Collect

We collect only what is necessary to operate and improve the Platform.

a) Account Information

Agency name and company registration details
Branch details (addresses, phone numbers, locations)
User names, roles, and email addresses
Contact details and administrative contact information
Payment and billing information (processed securely)

b) Operational Data

Ticket records (flight numbers, dates, pricing, refund status)
Umrah and family booking information
Visa applications and hotel reservations
Financial transactions (amounts, currency, payment status)
Client records (non-sensitive identifiers, contact information)

⚠️ Important Note on Document Processing: We do not store passport images, ticket PDFs, or visa documents permanently. When you upload documents for OCR processing, they are processed temporarily to extract data, then securely discarded. Only extracted text data is retained in your system.

c) System & Usage Data

Login activity and authentication logs
Audit logs (who accessed what, when, and what changes were made)
Support tickets and customer communications
System performance and usage metrics
IP addresses and device information for security purposes

3. How We Use Your Data

Your data is used strictly for legitimate business purposes:

Core Platform Operations: Managing ticket bookings, Umrah families, visa applications, financial transactions
Communication: Sending system emails and WhatsApp messages (only as authorized)
Reporting & Analytics: Generating dashboards, financial reports, and performance metrics
Security & Compliance: Ensuring platform security, preventing fraud, and maintaining audit trails
Service Improvement: Analyzing usage patterns to improve user experience and features
Legal Compliance: Meeting regulatory requirements and responding to legal requests

✓ What We Don't Do: We never sell or share your data with third parties for marketing purposes. We do not use your data to train AI models without explicit consent. Your data belongs to you.

4. Data Storage & Security

Data protection is built into our platform architecture.

Security Measures

Secure data storage using industry-standard encryption
Role-based access control ensures only authorized users can view or edit data
All critical actions are logged for accountability and auditability
Automated backups performed regularly with disaster recovery capabilities
Secure authentication including two-factor authentication support
Regular security audits and penetration testing

Data Retention

Operational data is retained for as long as your account is active
Audit logs are retained for compliance and security purposes
Upon account deletion, your data is securely purged within 30 days
Backup copies are retained for disaster recovery for up to 90 days

5. Third-Party Services

We may use trusted third-party services to enhance our Platform functionality. These providers are carefully selected and bound by strict data protection agreements.

Third-Party Providers

Email Delivery (SMTP): For sending system emails. Only email address and message content are shared.
WhatsApp Business API: For sending WhatsApp messages. Phone number and message are shared only when you authorize.
Video Hosting (Vimeo): For hosting tutorial videos. No data is shared with Vimeo.
Payment Processors: For secure payment processing. No credit card data is stored on our servers.

Note: All third-party providers are located in secure jurisdictions and comply with international data protection standards. We have Data Processing Agreements (DPAs) in place with each provider.

6. Your Rights

You have important rights regarding your data:

Right to Access: Request a copy of all personal data we hold about you
Right to Correction: Request correction or updating of inaccurate data
Right to Deletion: Request deletion of your data (subject to legal retention requirements)
Right to Export: Download your data in standard formats
Right to Restrict Processing: Limit how your data is used
Right to Account Termination: Close your account at any time

To exercise any of these rights, contact us at allahdadmuhammadi01@gmail.com with your request. We will respond within 30 days.

7. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Any material changes will be communicated to you via email or a prominent notice on our Platform.

Your continued use of the Platform following notification of changes constitutes your acceptance of the updated Privacy Policy.

Need Legal Documentation?

Review our Terms & Conditions and Data Protection Policy for complete legal information.

Terms & Conditions Data Protection Policy