Privacy Policy
Last updated: March 30, 2026
This Privacy Policy explains how ActivGate (“we”, “us”, “our”) collects, uses, shares, and protects your personal information when you use our website, mobile application, and related services (the “Platform”). Please read it carefully.
1. Data We Collect
Account & Profile Data
When you create an account we collect your name, email address, and password (hashed). You may optionally provide a profile photo, bio, and social links. If you sign in via Google or another social provider, we receive the data that provider shares with us (typically name, email, and profile picture).
Booking Data
We collect data related to bookings you make: service type, provider, dates, number of participants, pricing, booking status, and cancellation or refund events.
Payment Data
Payment data is handled by our gateway partners (Stripe, HyperPay, Tap Payments). We store only tokenised references to your saved payment methods — never raw card numbers, CVVs, or full account numbers. See Section 4 for details.
User Content
We store content you create: reels, stories (until they expire after 24 hours), photos, posts, comments, community contributions, and direct messages.
Usage & Device Data
We collect information about how you use the Platform: pages and screens visited, features used, interactions (likes, reactions, shares), search queries, and session durations. We also collect device information including device type, operating system, browser, language, and timezone.
Visitor Statistics (Country & City)
When another user views your profile, we record the country and city derived from the visitor's IP address to display in your visitor statistics. We never expose raw IP addresses to other users. Administrators may view IP addresses for security and fraud prevention purposes only.
2. How We Use Your Data
- Service Delivery: To process bookings, manage payments, send booking confirmations, and facilitate communications between travellers and providers.
- Personalisation: To recommend activities, destinations, communities, and content based on your preferences and interactions.
- Notifications: To send booking updates, social activity notifications, and platform announcements via in-app, push, email, or web push (subject to your preferences).
- Globe & AI Features: To power AI trip planning, reachability calculations, and route suggestions in Globe Premium.
- Analytics: To understand how the Platform is used, identify bugs, and improve features.
- Fraud Prevention & Security: To detect, investigate, and prevent fraudulent transactions, account abuse, and security incidents.
- Legal Compliance: To comply with applicable laws, respond to lawful requests from authorities, and enforce our Terms.
3. Music & Audio Data
When you upload a reel or story with audio, or when you use the “Use This Sound” feature, we collect and store the following:
- An audio fingerprint of the content for copyright detection purposes
- Metadata about which sound or track was applied and by whom
- Usage counts and trend data for original sounds and Jamendo tracks
Audio fingerprints are used solely for rights management and moderation. They are not sold or shared with third parties other than as necessary for copyright enforcement.
4. Payment Data
ActivGate processes payments through PCI-DSS compliant third-party gateways: Stripe, HyperPay, and Tap Payments. Each gateway handles the collection, transmission, and storage of raw card data.
- We store only the token (a non-reversible reference) provided by the gateway after a successful authorisation.
- Tokens are used for recurring subscription billing and saved-card checkout — not for any other purpose.
- We store transaction IDs, amounts, currencies, statuses, and timestamps for accounting, dispute resolution, and legal compliance.
- We retain financial records for 7 years as required by tax and accounting regulations.
5. Location Data
We derive your approximate country and city from your IP address to:
- Pre-fill your currency and language preferences on first visit
- Display country and city (not IP) in the profile visitor statistics of users whose profiles you view
- Help detect suspicious login activity
Your raw IP address is visible to ActivGate administrators only and is never shared with other users, advertisers, or third parties except where required by law.
The Globe feature may request permission to access your device's GPS location for precise routing and reachability features. This is optional. We do not share your precise GPS location with other users or third parties.
7. Third-Party Services
We share data with the following third-party service providers to the minimum extent necessary:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Card data, billing details, transaction amounts |
| HyperPay | Payment processing (MENA) | Card data, billing details, transaction amounts |
| Tap Payments | Payment processing (Gulf) | Card data, billing details, transaction amounts |
| Jamendo | Royalty-free music library | Track usage metadata |
| Google Maps / Mapbox | Map rendering & geocoding | Location queries (anonymised) |
| Gemini AI (Google) | AI trip planning chatbot | Anonymised trip planning prompts |
| Google Cloud Storage | Media file storage | Uploaded photos, videos, audio |
We do not sell your personal data to third parties. We do not share your data with advertisers beyond the anonymised, contextual signals described in our Advertising Policy.
8. Notifications
We may send you notifications via the following channels, subject to your preferences:
- In-app: Real-time alerts for social interactions, booking status changes, and platform updates.
- Web Push: Browser push notifications (requires opt-in).
- Mobile Push: Notifications to your mobile device (requires opt-in via device settings).
- Email: Booking confirmations, receipts, password resets, security alerts, and optional marketing emails (opt-in).
You can manage your notification preferences by category (Social, Booking, Payment, Community, Provider, Subscription), set quiet hours, and opt into a daily digest in Settings > Notifications. Transactional notifications (e.g. booking confirmations, security alerts) cannot be disabled.
9. Data Retention
| Data Type | Retention Period |
|---|---|
| Account & profile data | Until account deletion, then 30 days before permanent erasure |
| Stories | Automatically deleted 24 hours after posting |
| Booking & financial records | 7 years from transaction date (tax/legal requirement) |
| Notifications | 90 days, then automatically pruned |
| Audit logs (admin actions) | 2 years |
| Anonymised analytics | Indefinite (no personal identifiers retained) |
When you delete your account, we begin the erasure process within 30 days. Financial records are retained for the 7-year period for legal compliance.
10. Your Rights
Depending on your jurisdiction (including GDPR, UK GDPR, CCPA), you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request erasure of your personal data (right to be forgotten), subject to legal retention requirements.
- Data Portability: Receive your personal data in a structured, machine-readable format.
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Objection: Object to processing based on legitimate interests, including profiling.
- Withdraw Consent: Where processing is based on consent (e.g. marketing emails), withdraw that consent at any time.
To exercise any of these rights, email us at info@activgate.com with the subject line 'Privacy Request'. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
11. Children's Privacy
The Platform is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a person under 18 without verified parental consent, we will delete that account and data promptly. If you believe a child has created an account, please contact us at info@activgate.com.
12. International Data Transfers
ActivGate operates globally. Your data may be transferred to and processed in countries outside your own, including countries that may not have the same data protection laws. Where we transfer data internationally, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or equivalent mechanisms recognised by applicable law.
13. Security
We implement a range of technical and organisational security measures to protect your personal data:
- TLS/HTTPS encryption for all data in transit
- Encrypted storage for sensitive data at rest
- Password hashing using industry-standard algorithms (bcrypt/PBKDF2)
- Two-factor authentication (2FA) support
- Session management with automatic expiry and device tracking
- Role-based access controls limiting staff access to personal data
- Regular security reviews and dependency audits
No security system is impenetrable. If you discover a security vulnerability, please disclose it responsibly to info@activgate.com.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes we will notify you by email and/or display a prominent notice on the Platform. The updated policy will be effective from the date shown at the top of this page.
15. Contact
For any privacy-related questions, requests, or concerns:
Email: info@activgate.com
Subject line: 'Privacy Request'. We aim to respond within 30 days.
Last updated: March 30, 2026.