Privacy Policy

Minimal data. Clear choices. Your information, handled with care.

  • UK GDPR aligned
  • No public email — use Contact
  • Payments via Stripe & Coinbase Commerce

Effective date: 09 August 2025

Abstract travel privacy visual

Overview

We collect only what’s needed to search, book and manage travel. This policy explains what we collect, how we use it, how we secure it, and the choices you have under UK law.

Support channels: We don’t list public email addresses. For help, use our Contact page. Existing customers will see WhatsApp options there; new enquiries can use the form.

Who we are

Crypto Travel Dot Net (United Kingdom) is an independent travel brand. Customer support and service issuance are provided by UKVibes Ltd (trading as Travel Vibes UK), Company No. 14635905. Payment infrastructure (Stripe for cards, Coinbase Commerce for crypto) is provided by Crypto Travels Ltd, Company No. 15561576. We are not a trading style or subsidiary of any other company.

For privacy enquiries, please contact us through the Contact page.

Controller & partner roles

  • Crypto Travel Dot Net acts as a data controller for the information you provide to search, book and manage travel.
  • Airlines and certain industry systems act as independent controllers for the data they receive to issue/operate your ticket.
  • Payment processors (Stripe, Coinbase Commerce) are independent controllers for the payment data you provide to them directly.
  • Operational partners (e.g., Travel Vibes UK for customer support) act under contract to help service your booking.

What we collect

  • Booking details: passenger names, date of birth, gender (if required by airline), itinerary data, special service requests you ask us to add (e.g., assistance, meal type).
  • Contact details: name and email (required). Phone number is optional unless required for operational updates.
  • Payment: confirmations and outcomes from Stripe and Coinbase Commerce; we do not store card numbers or crypto private keys. Crypto transactions may appear on public blockchains.
  • Technical: IP address, device/browser info, and basic logs for security and fraud prevention.
  • Support: messages you send via approved channels on the Contact page.
  • Preference data: your communication or marketing opt-ins (if you choose to provide them).

Data we don’t collect

We do not intentionally collect sensitive categories unless strictly required to service your booking (e.g., special assistance you expressly request). We do not collect government IDs unless an airline or destination requires it for ticketing or border formalities.

Where data comes from

  • You — when you search, book or contact us.
  • Travelling companions/agents — someone acting on your behalf may supply your details.
  • Airlines/industry systems — required ticketing and schedule information.
  • Payment processors — payment confirmations and fraud signals.

Why we process it (legal bases)

  • Contract: to search, book, issue and manage your travel; send confirmations, receipts and updates.
  • Legitimate interests: keep services secure, prevent fraud/abuse, ensure reliability and provide customer support.
  • Legal obligation: compliance with applicable laws/regulators.
  • Consent: optional marketing communications; withdraw any time.

Who we share with

We share only what’s necessary:

  • Airlines & industry systems to issue and manage bookings.
  • Payment processors (Stripe, Coinbase Commerce) to take and verify payments. We do not store card numbers or crypto private keys.
  • Operational service providers (e.g., secure hosting, security tooling, support platforms) under contract and confidentiality.
  • Regulators/law enforcement where required by law.
High-level data flow across booking, payments and support
How data typically flows through booking, payment and support.

International transfers

Air travel is global. Your data may be processed outside the UK (for example by airlines or infrastructure providers). Where required, we use safeguards such as the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs) and assess partner protections.

How long we keep data

We retain data only as long as needed for the purpose collected or as required by law.

Data category
Typical retention
Reason
Booking & invoice records
Up to 6 years
Accounting, audit and legal requirements
Support communications
Until resolved + short period
Service quality and dispute resolution
Technical logs
Short rolling window
Security and fraud prevention
Marketing preferences
Until you opt out
Honouring your choices

Security

  • Transport encryption (HTTPS/TLS)
  • Access controls and least-privilege principles
  • Server hardening and audit logging
  • Vendor due diligence and data processing terms

Payments are processed by our providers; always verify the payment page URL before paying.

Security and compliance visual
Layers of protection for booking and payment.

Cookies & tracking

We use essential cookies to run the site and remember sessions. If we add analytics or marketing cookies in future, we’ll ask for consent where required and update this page. “Do Not Track” signals are not currently acted upon due to limited industry consensus, but you can control cookies via your browser settings and our cookie banner when present.

Marketing preferences

We send marketing only if you opt in. You can withdraw consent at any time via the unsubscribe link (where present) or by contacting us through the Contact page.

Profiling & automated decisions

We do not make decisions that produce legal or similarly significant effects on you solely by automated means. We may use automated checks for fraud prevention or to prioritise customer service, with human oversight.

Your rights (UK GDPR)

Subject to conditions and exemptions, you may:

  • Access, correct or delete your personal data
  • Restrict or object to certain processing
  • Receive a copy in portable format
  • Withdraw consent to marketing at any time

You can also lodge a complaint with the UK Information Commissioner’s Office (ICO). We encourage contacting us first so we can resolve your concern quickly.

How to make a privacy request

Use the Contact page and choose the privacy option if shown, or describe your request (e.g., access, deletion). We may ask for limited information to verify your identity and booking before actioning a request.

Children

Our services are for adults. We process child passenger data only where it’s provided by an adult to complete a booking or where required by airlines/border formalities.

Updates

We may update this policy from time to time. Material changes will be posted here with a new effective date.

We search fares from many airlines including Emirates, Qatar Airways, Etihad, Turkish Airlines, British Airways, Lufthansa, Air France, KLM, Swiss, Iberia, Virgin Atlantic, American Airlines, Delta Air Lines, United Airlines, Air Canada, Qantas, Singapore Airlines, Cathay Pacific, ANA, Japan Airlines, Saudia, Ethiopian Airlines, Air India and over two hundred more.