1. Who we are
Curv Travel Design Ltd ("Curv", "we", "our") is a travel design and operations firm registered in Dubai, United Arab Emirates. This policy explains how we collect, use, store, and protect personal information when you interact with our website, our messaging channels, or our advisors.
2. What information we collect
When you submit a request, contact us, or speak with an advisor, we may collect: name, email address, phone number, country of residence, travel preferences and history, passport details and travel documents (only when required for booking), dietary and accessibility requirements, and any free-text information you choose to share.
We also collect basic technical information automatically — IP address, browser type, pages viewed, time on site — through privacy-respecting analytics (Plausible, self-hosted) and session-replay tooling (Microsoft Clarity).
3. Why we use your information
We use it strictly to design, book, and operate the trips you request, communicate with you about those trips and related services, comply with legal obligations (tax, anti-money-laundering, supplier requirements), and improve our website and processes. We do not sell your information. We do not use it for unrelated marketing without your explicit opt-in.
4. Who we share it with
To deliver a trip, we must share necessary information with the suppliers operating the components of that trip — airlines, hotels, charter companies, restaurants, event venues, ground partners, and similar. We share only what each supplier needs to perform their part. We do not share information with marketing partners.
We use a small set of vetted technology providers to operate Curv: Cloudflare (hosting, security), Anthropic (AI assistance with explicit context), Postgres database hosting, Resend (transactional email), Stripe (payments). Each is contractually bound to confidentiality and security standards.
5. Where it is stored
Customer records are stored in encrypted databases hosted in the European Union. Backups are encrypted at rest and in transit. Access is restricted to advisors and operations personnel actively working on a relevant trip.
6. How long we keep it
We retain trip records for a period required by tax and supplier-contract obligations (typically 7 years). You may request earlier deletion at any time, subject to legal retention requirements; see Section 8.
7. Your rights
If you are in the European Union, United Kingdom, or California, you have specific rights including access, rectification, deletion, portability, and the right to object to processing. To exercise these, email privacy@curvtravel.com. We respond within 30 days.
8. Data Subject Access Requests (DSAR)
To request a full copy of personal information we hold about you, or to request correction or deletion, send a signed request from the email address on file to privacy@curvtravel.com. We may need to verify identity before fulfilling the request.
9. Cookies and analytics
This website uses a minimal set of cookies necessary for site functionality (session, language preference) and privacy-respecting analytics. No third-party advertising cookies are set. See our Cookies notice for the full list.
10. Children
Curv does not knowingly collect personal information from anyone under 16. Trips for minors are coordinated through a parent or legal guardian, who provides consent on the minor's behalf.
11. Changes to this policy
We may update this policy as our practices evolve. The "last updated" date above reflects the most recent revision. Material changes will be communicated by email to active customers.
12. Contact
For privacy questions, email privacy@curvtravel.com or write to: Curv Travel Design Ltd, Dubai, United Arab Emirates.