Back to home

Privacy Policy

Last updated: 16 June 2026

1. Who We Are (Data Controller)

The data controller is YALLA2TRIP PORTAL LLC, Trade License #1622080, Dubai, United Arab Emirates.

For privacy matters: support@yalla2trip.com.

2. Personal Data We Collect

You provide: full name, email, phone or WhatsApp number with country code, nationality, date of birth, profile photo (if you sign in with Google), booking details (dates, traveler counts, pickup location and preferences, notes), and any messages or attachments you send through our support chat.

Collected automatically: IP address, browser, operating system, pages visited, referring URL, and an anonymous hashed user identifier used by Microsoft Clarity (see §6).

From third parties: Google OAuth profile (name, email, picture) if you choose Google sign-in.

3. Why We Use Your Data and Legal Basis

  • Process bookings, payments, refunds — performance of a contract.
  • Coordinate pickup and delivery with Partners — performance of a contract.
  • Send booking confirmations and updates — performance of a contract.
  • Provide customer support, including AI chat (see §7) — performance of a contract.
  • Fraud prevention, security, accounting and legal compliance — legitimate interest / legal obligation.
  • Analytics, session recording and marketing pixels — consent, controlled via the cookie banner.
  • Service announcements about your account — legitimate interest.
  • Marketing emails — consent (opt-in, opt-out anytime).

4. Who We Share Data With (Sub-processors)

  • Activity Partners (Phuket, Thailand) — receive name, contact, party size, dates and pickup info to fulfill your booking.
  • Stripe (USA / EU) — process card payments.
  • Resend (USA) — send transactional email.
  • Supabase (Tokyo, Japan) — database and authentication hosting.
  • Vercel (global edge) — web hosting and CDN.
  • Anthropic (“Claude”) (USA) — powers our AI support chat (see §7).
  • Google (USA) — OAuth sign-in (optional) and Google Analytics 4 (consent-gated).
  • Microsoft Clarity (USA) — product analytics and session recording (consent-gated).
  • Meta / TikTok (USA) — marketing pixels for ad measurement (consent-gated, if enabled).

We do not sell your personal data and we do not share it with third parties for their own marketing.

5. WhatsApp Communications

We collect a WhatsApp number to coordinate pickup details and to allow the Partner to message you directly about your booking. Messages to you are sent manually by our team or by the Partner. We do not use automated WhatsApp messaging.

6. Cookies, Analytics and Session Recording

We use three categories of cookies and tracking, controlled via the Cookie Preferences link in the footer.

  • Strictly necessary (always on): authentication, security (CSRF), the cookie-preference cookie itself. No consent required.
  • Analytics (consent required):
    • Google Analytics 4 — aggregate site usage. Events include searches, sign-ups, save-activity, begin-booking, checkout started and checkout completed.
    • Microsoft Clarity — product analytics, heatmaps and session recording. Clarity records your interactions (clicks, scrolls, mouse movement). We mask form inputs by default but cannot guarantee masking of all visible content. We tag each Clarity session with an anonymous hashed user identifier — never your name, email or phone.
  • Marketing (consent required, if enabled): Meta Pixel, TikTok Pixel — to measure ad effectiveness.

You can change or withdraw your cookie consent at any time using “Cookie preferences” in the footer.

7. AI Support Chat

Our support chat is powered by Anthropic's Claude (operated by Anthropic, USA). When you send a message: the message and recent context are sent to Anthropic to generate a reply; we store the conversation in our database for support quality and audit. Please do not share information you do not want stored (card numbers, passwords). For sensitive issues, email support@yalla2trip.com instead.

8. International Data Transfers

Operating a booking marketplace between the Gulf and Thailand inherently involves cross-border data transfers — to Thailand (Partners), the USA (Stripe, Resend, Anthropic, Google, Microsoft, Meta, TikTok) and our Supabase region (Tokyo, Japan). We rely on appropriate safeguards, including contractual data protection clauses with our processors.

9. How Long We Keep Your Data

  • Account profile — while active, plus 24 months after last activity.
  • Booking and financial records — 7 years (UAE accounting / tax law).
  • Support chat conversations — 24 months.
  • Analytics events (GA4) — 14 months (Google default).
  • Session recordings (Clarity) — per Microsoft Clarity defaults.
  • Marketing consent records — until consent is withdrawn.

10. Your Rights

Under the UAE Personal Data Protection Law (Federal Decree-Law 45/2021) and, where applicable, the EU/UK GDPR, you have the right to: access, correct, delete, restrict or object to processing, portability, withdraw consent (for consent-based processing) and lodge a complaint with the UAE Data Office or your local data protection authority.

To exercise any right, email support@yalla2trip.com. We may ask you to verify your identity. We will respond within 30 days.

11. Security

All data is encrypted in transit (HTTPS/TLS). Card payments are handled by Stripe under PCI DSS. Access to personal data is role-based and restricted to authorized personnel. We monitor for unauthorized access and will notify you and the relevant authority of any data breach affecting your data within the timeframes required by law.

12. Children

The Platform is not intended for use by anyone under 18 as the primary booker. Where a booking is made on behalf of a minor guest, the booker confirms parental or guardian authority and provides only the data necessary for the activity.

13. Changes to This Policy

We post updates on this page with an updated “Last updated” date. Material changes are notified by email.

14. Contact

YALLA2TRIP PORTAL LLC · Trade License #1622080 · Dubai, United Arab Emirates · support@yalla2trip.com