Bedouin
Early Access

Privacy Statement

Last updated: September 22, 2025

Table of Contents

1. Introduction

Bedouin (“we”, “us”, or “our”) values you as our customer and recognises that privacy is important to all of us. This Privacy Statement explains how we collect, use, and disclose personal data when you use our platform and associated services, outlines your rights regarding the data we hold about you, and tells you how to contact us.

2. Summary

This is a short overview of the key points in our Privacy Statement.

What this Privacy Statement covers

This Privacy Statement describes:

  • What personal data we collect and how we use it
  • When and with whom we share your personal data
  • Your choices and rights concerning the collection, use, and sharing of your data
  • How you can access, correct, or delete your personal data

Types of personal data we collect

We collect personal data when:

  • You provide it directly – e.g., creating an account, signing up for newsletters, or using the platform.
  • It is collected automatically – e.g., cookies, device identifiers, IP addresses, and usage logs (with your consent where required).
  • We receive it from third parties – e.g., business partners that help us improve the platform, detect fraud, or market our services.

When your personal data is shared

Your personal data may be shared for several purposes, including:

  • Facilitating travel or holiday bookings – with airlines, hotels, car‑rental firms, activity providers, and other travel‑service suppliers.
  • Communicating with you – sending transactional, informational, or emergency notifications, and enabling communication with travel providers or property owners.
  • Legal compliance – responding to lawful requests, protecting our rights, or complying with regulatory obligations.

Your rights and choices

You can exercise your data‑protection rights in various ways. For example, you may opt out of marketing by clicking the “unsubscribe” link in emails, adjusting settings in your account, or contacting customer service. Detailed information is provided in Section 8.

3. Categories of personal data we collect and use

CategoryTypical examplesMain purposes
Platform usage & service deliveryAccount details, payment info (processed by third‑party processors), travel‑history, preferencesFulfil contracts, manage accounts, process payments, verify identity, provide core services
Communications & customer serviceSupport tickets, chat logs, email exchangesRespond to inquiries, enable communication with travel suppliers, send transactional or emergency alerts
MarketingEmail address, phone number, browsing/purchase historySend promotional messages, personalise advertising, measure campaign effectiveness, run contests/giveaways
Research, analytics & trainingSurvey responses, aggregated usage stats, anonymised logsImprove products, conduct market research, train AI models, monitor quality
Security & complianceFraud‑detection flags, IP addresses, device fingerprintsPrevent fraud, verify identity, meet legal and regulatory obligations

4. Lawful bases for processing

We rely on the following lawful bases (as defined by the GDPR and comparable regulations):

  • Consent – you have given explicit permission (e.g., to receive marketing communications).
  • Legal obligation – processing is required to comply with statutory duties (e.g., tax reporting, record‑keeping).
  • Performance of a contract – processing is necessary to fulfil contractual duties (e.g., booking a flight, delivering a service).
  • Legitimate interests – processing is necessary for our legitimate business interests, provided those interests do not override your fundamental rights (e.g., improving the platform, security monitoring, fraud prevention).

If a processing activity relies on consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal.

5. Consent & de‑identified data

Consent – We may use personal information for additional purposes that are clearly disclosed at the time of collection or with your explicit consent.

De‑identified and aggregated information – Once data can no longer be reasonably linked to you, it is considered de‑identified. Such data is not subject to this Privacy Statement and may be used for research, internal analysis, analytics, or any other lawful purpose.

6. Disclosure of your information

RecipientPurposeExample
Service providersDeliver the Services, process payments, provide IT support, prevent fraudPayment gateways, cloud hosting, analytics platforms
Business partnersJointly offer products/services or provide you with a product of interestTravel‑partner APIs, loyalty‑program operators
AffiliatesShared ownership or controlParent or sister companies within the Bedouin ecosystem
Advertising partnersMarket our own Services (e.g., targeted ads)Advertising networks that display Bedouin‑related ads
Friends/colleagues (with consent)Share invitations, itineraries, or collaborative planningSending a travel itinerary to a companion
Legal & protective disclosuresComply with law enforcement, protect rights, enforce policies, collect debtsCourt orders, subpoenas, fraud investigations
Merger, acquisition, or asset transferTransfer of business assetsSale of Bedouin to another entity, corporate restructuring

7. International data transfers

Personal data may be transferred, processed, and stored worldwide—including in jurisdictions such as the United States that may have different data‑protection regimes. We implement appropriate safeguards (e.g., Standard Contractual Clauses, EU‑U.S. Data Privacy Framework) to protect your information in accordance with applicable law.

8. Your choices

  • General – You may object to or opt out of certain processing activities. Withdrawal of consent does not affect processing that relies on other lawful bases.
  • Email communications – Use the unsubscribe link for promotional emails; transactional emails (e.g., booking confirmations) will continue. Certain essential communications (e.g., service updates, security alerts) cannot be opted out of.
  • Mobile push notifications – Adjust notification settings on your device to stop them. Location‑data collection can also be disabled via device settings.
  • Do Not Track – While we do not honour DNT signals, we respect legally recognised mechanisms such as the Global Privacy Control.
  • Cookies – Manage cookie preferences via the settings link in the website footer. See our Cookie Notice for detailed information.

9. Your privacy rights

Depending on your jurisdiction, you may have the right to:

  • Access – Obtain a copy of the personal data we hold about you.
  • Rectify – Request correction of inaccurate or incomplete data.
  • Erase – Request deletion of your data, subject to legal exceptions (e.g., tax records).
  • Restrict or object – Limit or oppose processing for specific purposes.
  • Data portability – Receive your data in a structured, commonly used, machine‑readable format.
  • Non‑discrimination – Receive the same level of service regardless of exercising your rights.

How to exercise these rights

Contact us at the email address listed in Section 16. We will verify your identity before acting on the request and may require written authorisation if you act through an authorised agent. In some cases we may need to decline a request (e.g., statutory retention obligations).

If you reside in the European Economic Area (EEA) or the United Kingdom, you also have the right to lodge a complaint with a supervisory authority and to appeal our decision.

10. Data retention

We retain personal data for as long as necessary to:

  • Provide our Services;
  • Fulfil contractual and legal obligations;
  • Resolve disputes, defend legal claims, and conduct audits;
  • Pursue legitimate business interests;
  • Comply with applicable laws.

Retention periods differ by data type (e.g., transaction records are kept for seven years for tax purposes, while marketing preferences are retained until you change them).

11. Security of your information

We employ industry‑standard technical and organisational measures (encryption at rest and in transit, access controls, regular security testing) to protect your data. No system can guarantee 100 % security; consequently we cannot assume liability for unauthorized disclosures beyond what the law permits. In the event of a breach, we will notify affected users via the Services, email, or postal mail, as appropriate, and we will cooperate with regulators.

12. Third‑party websites / applications

Our Services may contain links to external websites or applications. Those third parties are not under our control, and we do not endorse or accept responsibility for their privacy practices. We encourage you to review the privacy policies of any site you visit after leaving our platform.

13. Children’s information

Our Services are not directed at children. If we become aware that we have inadvertently collected personal data from a child without verifiable parental consent, we will promptly delete that data.

14. Supervisory authority

If you are located in the EEA or the United Kingdom, you have the right to lodge a complaint with the relevant supervisory authority should you believe our processing violates applicable law. Details of each authority can be found on the European Data Protection Board website or the UK Information Commissioner’s Office.

15. Changes to this Privacy Statement

We may amend this Privacy Statement at any time in our sole discretion. Material changes will be communicated as required by law (e.g., via email, banner notice, or a dedicated page). Continued use of the Services after such changes constitutes acceptance of the revised statement.

16. Contact us

📩 support@bedouinapp.com

If you have any questions about our privacy practices or this statement, please reach out using the contact details above. We will respond in accordance with applicable data‑protection timelines.