Privacy Policy

Minimal data. Clear choices. Your information, handled with care.

  • UK GDPR aligned
  • No public email - use Contact
  • Payments via Stripe & Coinbase Commerce

Effective date: 09 August 2025

Abstract travel privacy visual

Overview

We collect only the information needed to search, book, manage, and support travel services on this website. This policy explains what we collect, how we use it, how we protect it, and the choices available to you under UK law.

Support channels: We do not list public email addresses on the website. For help, please use our Contact page. Existing customers may also see WhatsApp options there for supported booking-related requests.

Who we are

This website is operated by Crypto Travels Ltd, Company No. 15561576, registered at 17 Huxley Avenue, Manchester, England, M8 0LX. Customer service is handled by UKVibes Ltd (trading as Travel Vibes UK), Company No. 14635905.

Payments are securely processed via Stripe (cards) and Coinbase Commerce (crypto) through Crypto Travels Ltd.

For privacy enquiries, please contact us through the Contact page.

Controller & partner roles

  • Crypto Travels Ltd acts as a data controller for the information you provide to search, book, pay for, and manage travel on this website.
  • Airlines, hotels, accommodation providers, and certain travel industry systems may act as independent controllers for the data they receive to fulfil and operate your booking.
  • Payment processors (for example Stripe and Coinbase Commerce) act as independent controllers for payment data you provide directly to them or through their checkout flows.
  • Operational partners (for example Travel Vibes UK for customer service) act under contract to help service your booking.

What we collect

  • Booking details: passenger or guest names, date of birth, gender (if required by an airline or supplier), itinerary or stay details, room occupancy details, and special service requests you ask us to add.
  • Contact details: name and email address (typically required). Phone number may be requested for operational updates, supplier requirements, or supported customer service contact.
  • Payment data: payment confirmations, statuses, and limited transaction information from Stripe and Coinbase Commerce. We do not store card numbers or crypto private keys. Crypto transactions may appear on public blockchains.
  • Account and lookup data: information needed to access or verify booking records, such as booking reference, email address, and verification signals used in tools like My Bookings.
  • Technical data: IP address, device/browser information, security logs, and anti-abuse signals used for fraud prevention, service reliability, and verification.
  • Support data: messages you send through approved channels on the Contact page or supported customer service routes.
  • Preference data: your communication and marketing preferences, if you choose to provide them.

Data we don't collect

We do not intentionally collect special category data unless it is strictly necessary to service your booking or request (for example, special assistance you explicitly ask us to arrange). We do not routinely collect government ID documents unless an airline, hotel, destination, border authority, or legal requirement makes them necessary.

Where data comes from

  • You - when you search, book, pay, contact us, or use customer tools on the website.
  • Travelling companions, family members, or agents - where someone books or communicates on your behalf.
  • Airlines, hotels, accommodation providers, and travel industry systems - where needed for fulfilment, updates, and operational servicing.
  • Payment processors - payment confirmations, outcomes, and fraud signals.

Why we process it (legal bases)

  • Contract: to search, book, confirm, issue, manage, and support travel services; and to send confirmations, receipts, and important updates.
  • Legitimate interests: to keep the website secure, prevent fraud and abuse, operate customer support, improve reliability, and verify booking access where needed.
  • Legal obligation: to comply with applicable laws, regulatory duties, accounting obligations, and lawful requests.
  • Consent: for optional marketing communications or similar optional features, where consent is required.

Who we share with

We share only what is necessary for the relevant purpose:

  • Airlines, hotels, accommodation providers, and travel industry systems to create, fulfil, operate, and manage bookings.
  • Payment processors (including Stripe and Coinbase Commerce) to take, verify, and support payments. We do not store card numbers or crypto private keys.
  • Operational service providers (for example secure hosting, infrastructure, anti-abuse tools, customer service systems, and support platforms) under contract and subject to confidentiality obligations.
  • Regulators, courts, law enforcement, or similar authorities where required by law or to protect legal rights.
High-level data flow across booking, payments and support
How data typically flows through booking, payment, and customer support.

International transfers

Travel is international by nature. Your data may be processed outside the UK, for example by airlines, hotels, accommodation providers, travel systems, or infrastructure partners. Where required, we use appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), Standard Contractual Clauses (SCCs), or equivalent lawful mechanisms, and we assess partner protections where appropriate.

How long we keep data

We retain personal data only for as long as reasonably needed for the purpose it was collected, or as required by law, accounting, fraud prevention, or dispute handling.

Data category
Typical retention
Reason
Booking & invoice records
Up to 6 years
Accounting, audit, legal, and dispute-handling requirements
Support communications
Until resolved + reasonable follow-up period
Service quality, continuity, and dispute resolution
Technical and security logs
Short rolling window
Security, fraud prevention, abuse monitoring, and system reliability
Marketing preferences
Until you opt out or withdraw consent
Honouring your communication choices

Security

  • Transport encryption (HTTPS/TLS)
  • Access controls and least-privilege principles
  • Server hardening, monitoring, and audit logging
  • Vendor due diligence and appropriate data processing terms

Payments are processed by our payment providers. Always verify that you are on the correct payment page before completing a transaction.

Security and compliance visual
Layers of protection for booking and payment.

Cookies & tracking

We use essential cookies and similar technologies to run the website, maintain sessions, support security, and enable core customer functions. If we use analytics, marketing cookies, or other optional tracking tools, we will request consent where required and update this page accordingly. "Do Not Track" signals are not currently acted upon due to limited industry consensus, but you can still manage cookies through your browser settings and our cookie banner when available.

Marketing preferences

We send marketing communications only where you opt in or where we are otherwise lawfully permitted to do so. You can withdraw consent or opt out at any time using the unsubscribe option where available, or by contacting us through the Contact page.

Profiling & automated decisions

We do not make decisions that produce legal or similarly significant effects on you solely by automated means. We may use automated checks for fraud prevention, verification, anti-abuse screening, or service prioritisation, with human oversight where appropriate.

Your rights (UK GDPR)

Subject to legal conditions and exemptions, you may have the right to:

  • Access, correct, or request deletion of your personal data
  • Restrict or object to certain processing
  • Receive a copy of certain data in portable format
  • Withdraw consent to marketing at any time

You may also lodge a complaint with the UK Information Commissioner's Office (ICO). We encourage you to contact us first so we can try to resolve the issue promptly.

How to make a privacy request

Use the Contact page and choose the privacy option if shown, or clearly describe your request (for example access, correction, or deletion). We may ask for limited information to verify your identity and, where relevant, your booking before actioning the request.

Children

Our services are intended for adults making travel arrangements. We process child passenger or guest data only where it is provided by an adult for a legitimate booking or where required by airlines, hotels, accommodation providers, or border formalities.

Updates

We may update this policy from time to time. Material changes will be posted on this page together with an updated effective date.

We search fares from many airlines including Emirates, Qatar Airways, Etihad, Turkish Airlines, British Airways, Lufthansa, Air France, KLM, Swiss, Iberia, Virgin Atlantic, American Airlines, Delta Air Lines, United Airlines, Air Canada, Qantas, Singapore Airlines, Cathay Pacific, ANA, Japan Airlines, Saudia, Ethiopian Airlines, Air India and over two hundred more.