Privacy Policy
AloSurf
AI Travel Assistant - Your Privacy Matters
π Your Privacy is Our Priority
At AloSurf, we are committed to protecting your personal information and being transparent about how we collect, use, and safeguard your data. This policy explains your rights and our responsibilities.
1. Introduction
Welcome to AloSurf's Privacy Policy. This document explains how we collect, use, store, and protect your personal information when you use our AI-powered travel services for surf packages in Taghazout, Morocco.
1.1 Who We Are
AloSurf is an AI-powered travel assistant service that specializes in surf packages and travel experiences in Taghazout, Morocco. We connect travelers with local surf schools, accommodations, and authentic experiences.
1.2 Contact Information
- Service Name: AloSurf
- Location: Taghazout, Morocco
- Email: adilelmkissi.me@gmail.com
- WhatsApp: +212 624 123 566
2. Information We Collect
2.1 Personal Information You Provide
| Information Type | Examples | Purpose |
|---|---|---|
| Contact Details | Name, email, phone, WhatsApp | Communication & booking |
| Travel Information | Travel dates, preferences, group size | Package customization |
| Payment Details | Billing address, payment method | Processing payments |
| Health & Safety | Medical conditions, swimming ability | Safety & risk management |
| Emergency Contacts | Name, phone number, relationship | Emergency situations |
2.2 Information We Collect Automatically
- Website Analytics: Pages visited, time spent, device information
- Communication Data: WhatsApp conversations, email exchanges
- Location Data: General location for service customization (with consent)
- Usage Patterns: How you interact with our AI assistant
2.3 Information from Third Parties
- Social Media: Basic profile information when you contact us via Instagram
- Partners: Information from surf schools, accommodations, or activity providers
- Payment Processors: Transaction confirmations and payment status
3. How We Use Your Information
3.1 Primary Uses
- Service Delivery: Planning and delivering your surf package experience
- Communication: Responding to inquiries, sending confirmations, updates
- Payment Processing: Handling bookings, deposits, and final payments
- Safety & Security: Ensuring participant safety during activities
- Customer Support: Providing assistance before, during, and after your trip
3.2 AI Enhancement
- Personalization: Improving recommendations based on preferences
- Service Optimization: Enhancing our AI assistant's responses
- Trend Analysis: Understanding travel patterns (anonymized data only)
3.3 Marketing Communications (with consent)
- Sending information about new packages and offers
- Sharing surf conditions and local updates
- Inviting feedback and reviews
4. Legal Basis for Processing (GDPR Compliance)
We process your personal data based on the following legal grounds:
| Processing Activity | Legal Basis |
|---|---|
| Booking management & service delivery | Contract Performance - Necessary to fulfill our agreement with you |
| Safety monitoring & emergency response | Vital Interests - Protecting health and safety |
| Marketing communications | Consent - You can withdraw anytime |
| Service improvement & analytics | Legitimate Interest - Improving our services |
| Financial records & tax compliance | Legal Obligation - Required by law |
5. Information Sharing & Disclosure
5.1 Service Partners
We share necessary information with trusted partners to deliver your experience:
- Surf Schools: Name, skill level, medical conditions (safety-related only)
- Accommodations: Name, contact details, special requirements
- Transport Providers: Name, pickup location, flight details
- Activity Providers: Name, group size, preferences
5.2 Payment Processors
Financial information is securely processed by trusted payment providers (PayPal, banks) following PCI DSS standards.
5.3 Legal Requirements
We may disclose information if required by law, such as:
- Response to legal subpoenas or court orders
- Compliance with tax or regulatory authorities
- Protection of our rights, property, or safety
- Emergency situations requiring immediate action
β οΈ We Never Sell Your Data
We do not sell, rent, or trade your personal information to third parties for marketing purposes. Your data is only shared as necessary to provide our services.
6. Data Security & Protection
6.1 Security Measures
- Encryption: All data transmission uses SSL/TLS encryption
- Access Controls: Limited access on a need-to-know basis
- Secure Storage: Data stored on secure, password-protected systems
- Regular Updates: Security measures reviewed and updated regularly
- Staff Training: Team members trained on data protection practices
6.2 WhatsApp Security
WhatsApp conversations are end-to-end encrypted. We use business WhatsApp accounts with additional security features.
6.3 Data Breach Response
In the unlikely event of a data breach:
- We will notify relevant authorities within 72 hours (GDPR requirement)
- Affected individuals will be informed promptly
- Immediate steps will be taken to secure the breach
- Full investigation and remediation measures implemented
7. Data Retention & Deletion
7.1 Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Booking & travel records | 3 years after trip completion | Customer service, legal compliance |
| Financial records | 7 years | Tax and legal requirements |
| Communication history | 2 years after last contact | Customer service reference |
| Marketing preferences | Until consent withdrawn | Honoring your preferences |
| Safety incident reports | 10 years | Legal and insurance requirements |
7.2 Automatic Deletion
Data is automatically deleted when retention periods expire, unless legal obligations require longer retention.
π‘οΈ Your Privacy Rights
Under GDPR and other privacy laws, you have the following rights:
β Right to Access
Request a copy of your personal data we hold
βοΈ Right to Rectification
Correct inaccurate or incomplete information
ποΈ Right to Erasure
Request deletion of your personal data
βΈοΈ Right to Restrict Processing
Limit how we use your information
π¦ Right to Data Portability
Receive your data in a portable format
π« Right to Object
Object to certain types of processing
How to Exercise Your Rights:
- β’ Email us at: adilelmkissi.me@gmail.com
- β’ WhatsApp: +212 624 123 566
- β’ We will respond within 30 days
- β’ No fee required for most requests
9. Cookies & Online Tracking
9.1 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Website functionality, security | Session only |
| Analytics Cookies | Understanding website usage | Up to 2 years |
| Preference Cookies | Remembering your settings | Up to 1 year |
9.2 Managing Cookies
You can control cookies through your browser settings. Note that disabling certain cookies may affect website functionality.
10. International Data Transfers
As we serve international travelers visiting Morocco, your data may be transferred internationally. We ensure protection through:
- Adequacy Decisions: Transfers to countries with adequate protection
- Standard Contractual Clauses: EU-approved contract terms
- Encryption: All international transfers are encrypted
- Partner Agreements: Data protection clauses with all partners
11. Children's Privacy
Our services are designed for adults and families. For participants under 18:
- Parental consent is required for all bookings
- We may collect limited information for safety purposes
- Parents/guardians can request access or deletion of their child's data
- We do not knowingly collect data from children under 13 without parental consent
12. Updates to This Privacy Policy
We may update this privacy policy to reflect:
- Changes in our services or business practices
- New legal requirements or regulations
- Enhanced security measures
- User feedback and suggestions
π’ We'll Notify You of Changes
For significant changes, we'll notify you via email or WhatsApp at least 30 days before the changes take effect. Continued use of our services indicates acceptance of the updated policy.
13. Complaints & Supervisory Authority
13.1 Contact Us First
If you have concerns about how we handle your personal data, please contact us first:
- Email: adilelmkissi.me@gmail.com
- WhatsApp: +212 624 123 566
- We aim to resolve all complaints within 30 days
13.2 Regulatory Complaints
You also have the right to lodge a complaint with your local data protection authority if you're not satisfied with our response.
π Privacy Contact Information
Quick Response Time:
β’ Email: Within 24-48 hours
β’ WhatsApp: Usually within a few hours
β’ Data requests: Within 30 days
Made with β€οΈ in Taghazout Β· Powered by AloSurf
This Privacy Policy is effective as of the last updated date and supersedes all previous versions.
π Protecting your privacy while you chase the perfect wave πββοΈ