بسم الله الرحمن الرحيم
KAABAPASS

YOUR COMPLETE SACRED JOURNEY

Legal

Privacy Policy

Last updated: March 1, 2026

Your passport data, contact details, and payment information are used only to book your Umrah journey. We never sell your data. Here is exactly what we collect and why.

1. Introduction

KaabaPass ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect when you use our platform, how we use it, how we share it, and your rights under applicable law including the GDPR (for EU/EEA users) and US state privacy laws.

2. Data We Collect

When you use KaabaPass we collect: (a) Identity data — full legal name, gender, nationality, passport number, and passport expiry date, as required for visa processing. (b) Contact data — email address and phone number. (c) Payment data — billing address and last 4 digits of card; raw card numbers are handled solely by our PCI-DSS compliant payment processor and never stored on our servers. (d) Usage data — pages visited, search queries, browser/device type, and IP address (collected automatically via cookies and server logs). (e) Communications — any messages you send us via the contact form or WhatsApp.

3. How We Use Your Data

We use your data to: process and manage your Umrah booking; facilitate visa applications with authorized Saudi Ministry of Hajj partners; send confirmation emails, itinerary updates, and visa status alerts; respond to support inquiries; improve the platform through anonymized usage analytics; comply with legal obligations including AML/KYC and Saudi visa requirements.

4. Data Sharing

We share your personal data only with: (a) Licensed Umrah travel partners and visa processing agencies, strictly for completing your booking; (b) Payment processors (Stripe or equivalent) under their own privacy policies; (c) Cloud infrastructure providers (AWS/GCP) operating under data processing agreements; (d) Government authorities when legally required. We do not sell your personal data to advertisers or data brokers.

5. Data Retention

We retain booking records (including traveler data) for 7 years to comply with travel agent licensing and tax laws. Contact form submissions are retained for 2 years. You may request deletion of marketing data at any time; identity data required for regulatory compliance will be retained for the minimum legally required period.

6. Cookies

We use essential cookies for session management (e.g., booking state), and optional analytics cookies (anonymized). No advertising or behavioral tracking cookies are used. You can disable non-essential cookies through your browser settings without affecting core functionality.

7. Your Rights

You have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of data we are not legally required to retain; object to or restrict certain processing; data portability (receive your data in a structured format); withdraw consent at any time where processing is consent-based. To exercise any right, email privacy@kaabapass.com. We respond within 30 days.

8. Security

We implement TLS encryption for all data in transit, AES-256 encryption for sensitive data at rest, role-based access controls, and regular security audits. Despite these measures, no internet transmission is 100% secure. In the event of a data breach affecting your rights, we will notify you within 72 hours as required by law.

9. Minors

KaabaPass does not knowingly collect personal data from children under 13. Travelers under 18 must have a parent or legal guardian complete the booking. If you believe a minor's data was submitted without consent, contact us immediately.

10. Contact & Complaints

Privacy questions or complaints: privacy@kaabapass.com. EU residents may also lodge a complaint with their local Data Protection Authority. We are registered as a data controller under reference KP-2026-DPA.

Terms of ServiceContact UsHome