Privacy
What we collect, why, and how we keep it safe.
We collect what we need to run your booking business. We don't sell anything to anyone. Ever. We host in South Africa. We comply with POPIA.
This policy explains how Booking·Tours (Pty) Ltd handles personal information for operators using our platform and for their customers. It is written to align with South Africa's Protection of Personal Information Act (POPIA).
What we collect
We collect the information needed to run a booking business: operator account details, the tours and slots you configure, and — on your behalf — your customers' booking details, contact information, waiver information, and payment records. We collect only what the service needs to function.
Why we collect it
To take and manage bookings, process payments through Yoco, send confirmations and messages over WhatsApp and email, generate invoices, and produce the reports you rely on to run your operation.
How we protect it
- Hosted in the South Africa region — your data does not leave the country.
- Encrypted in transit with TLS 1.3 and at rest with pgcrypto AES-GCM. No plaintext credentials.
- Row-level security on every table, so each business only ever sees its own data.
- Every admin action and system call is logged for a full audit trail.
What we never do
We never sell your data or your customers' data to anyone. We do not use it to train third-party models. You own your data and can export it at any time.
Your rights
Customers can request access to, or deletion of, their personal information. Operators handle these through the in-app Data Requests queue: deletion permanently anonymises personal data while retaining financial records required for audit, with a 30-day cooling-off period.
Contact
Questions about privacy? Email support@bookingtours.co.za. For the practical detail on compliance, see our POPIA page and security overview.
This summary explains our practices in plain language and is not legal advice. Confirm your own obligations with a qualified advisor.