Privacy Statement
Last updated: February 19, 2026
Table of Contents
- Introduction
- Summary
- Categories of personal data we collect and use
- Lawful bases for processing
- AI features and automated processing
- Consent and de-identified data
- Disclosure of your information
- International data transfers
- Your choices
- Account deletion
- Your privacy rights
- Data retention
- Security of your information
- Third-party websites and applications
- Children's information
- Supervisory authority
- Changes to this Privacy Statement
- Contact us
1. Introduction
Bedouin ("we", "us", or "our") values your privacy. This Privacy Statement explains how we collect, use, and disclose personal data when you use our platform and related services, including AI features. It also describes your rights and how to contact us.
2. Summary
This is a short overview of key points in this Privacy Statement.
What this Privacy Statement covers
- What personal data we collect and how we use it
- When and with whom we share personal data
- Your rights and choices, including deletion rights
- How AI features process relevant data to provide AI responses
How account deletion works
If you request account deletion, your account enters a deletion-requested state for 30 days so you can reactivate if you change your mind. After that window, we delete or anonymize personal data in line with legal and operational requirements. See Section 10 for details.
3. Categories of personal data we collect and use
| Category | Typical examples | Main purposes |
|---|---|---|
| Platform usage and service delivery | Account details, subscription details, trip plans, preferences | Provide the Service, manage accounts, deliver core features |
| Communications and customer service | Support requests, chat messages, email exchanges | Respond to requests, provide support, send service updates |
| Marketing | Email address, marketing preferences, campaign interactions | Send promotional content where permitted, measure effectiveness |
| AI feature inputs and outputs | AI chat prompts, conversation history, relevant trip context, AI-generated responses | Provide AI functionality, improve quality and safety, prevent misuse |
| Security and compliance | Device, log, and fraud-prevention data | Protect accounts, investigate abuse, comply with legal obligations |
4. Lawful bases for processing (EEA and UK)
Where Regulation (EU) 2016/679 (General Data Protection Regulation, "EU GDPR") and the UK GDPR apply, we rely on one or more lawful bases:
- Performance of a contract - to provide features you request (such as account and trip tools).
- Legitimate interests - to secure and improve the Service, prevent abuse, and maintain reliability.
- Consent - for specific activities where required, such as certain marketing or optional cookies.
- Legal obligation - to comply with applicable laws, lawful requests, and recordkeeping requirements.
If processing is based on consent, you can withdraw consent at any time. Withdrawal does not affect processing already performed before withdrawal.
5. AI features and automated processing
Bedouin offers AI features to help with travel planning and assistance.
- AI features may process your prompts, selected conversation context, and relevant trip information to generate responses.
- We may use trusted service providers to run and support AI functionality.
- AI outputs can be inaccurate or incomplete and should be reviewed before you rely on them.
- AI features are not used to make solely automated decisions that produce legal or similarly significant effects about you.
6. Consent and de-identified data
We may process personal data for additional purposes when we clearly disclose those purposes and, where required, obtain your consent.
We may also use de-identified or aggregated information that can no longer reasonably identify you for analytics, security, quality, and product improvement.
7. Disclosure of your information
| Recipient | Purpose | Example |
|---|---|---|
| Service providers | Operate the Service, support infrastructure, security, and analytics | Cloud hosting, customer support, analytics and AI providers |
| Business partners and integrations | Deliver integrated travel and account experiences | Travel data and booking-related integrations |
| Affiliates | Internal operations and shared service delivery | Entities under common ownership or control |
| Legal and protective disclosures | Comply with law, enforce terms, protect rights and safety | Court orders, lawful requests, fraud investigations |
| Corporate transactions | Business transfer, merger, acquisition, or restructuring | Due diligence and transaction execution |
8. International data transfers
Personal data may be processed in countries other than your own, including countries that may have different data protection standards. Where required, we use appropriate safeguards for cross-border transfers.
9. Your choices
- Marketing - You can unsubscribe from marketing emails using the link in those messages.
- Notifications - You can manage push and device-level notification settings on your device.
- Cookies and similar technologies - You can manage applicable preferences through available controls.
- AI usage - You can choose what information you share in AI prompts and avoid including sensitive information unless necessary.
10. Account deletion
How to request deletion
You can request account deletion from within the Service.
30-day reactivation window
After your request, your account is placed in a pending deletion state for 30 days. During this period, you may reactivate your account.
What happens after 30 days
After the window expires, we permanently delete or anonymize personal data associated with your account, subject to legal exceptions and technical constraints. Some shared content may remain where required to preserve other users' data integrity, but it is disassociated from your identity.
We may retain limited, non-identifying records where needed for legal compliance, fraud prevention, billing reconciliation, security, dispute resolution, or to enforce our Terms.
11. Your privacy rights
Depending on where you live, you may have rights including:
- Access - Request a copy of personal data we hold about you.
- Correction - Request correction of inaccurate data.
- Deletion - Request deletion of personal data, subject to legal exceptions.
- Objection or restriction - Object to or limit certain processing.
- Portability - Request data portability where applicable.
- Non-discrimination - Exercise rights without unlawful discrimination.
Depending on your location, these rights may apply under the EU GDPR, UK GDPR, U.S. state privacy laws (such as CCPA/CPRA), and other applicable privacy laws.
EEA and UK
If you are in the EEA or UK, your rights are provided under the EU GDPR and UK GDPR, as applicable.
United States
If you are in a U.S. state with an applicable privacy law, your rights may include access, correction, deletion, opt-out rights for certain processing (such as targeted advertising where required), and non-discrimination.
Other jurisdictions
If you are in another jurisdiction with applicable privacy laws, we will honor rights required by those laws.
How to exercise your rights
Contact us at Section 18. We may need to verify your identity before processing your request.
12. Data retention
We retain personal data only for as long as needed for service delivery, legal compliance, security, dispute resolution, and legitimate business purposes.
Retention periods vary by data type and legal obligations. When data is no longer needed, we delete or anonymize it.
13. Security of your information
We use technical and organizational safeguards designed to protect personal data, including encryption, access controls, and monitoring. No system is fully secure, but we work to detect and address security incidents promptly.
14. Third-party websites and applications
Our Services may link to third-party websites or apps that we do not control. Their privacy practices are governed by their own policies.
15. Children's information
Our Services are not directed to children. If we learn we have collected personal data from a child without required consent, we will take appropriate steps to delete it.
16. Supervisory authority
If you are in the EEA or UK, you can lodge a complaint with your local supervisory authority if you believe your rights have been violated.
17. Changes to this Privacy Statement
We may update this Privacy Statement from time to time. When required, we will notify you of material changes.
18. Contact us
Contact us if you have questions about this Privacy Statement or how we process personal data.