Personiti
Home
Support
Personiti
Home
Support
More
  • Home
  • Support
  • Home
  • Support

Traveller Privacy Policy

How we collect, use, and protect your personal data 

Traveller Privacy Policy 

Issued by 

Personiti FZ-LLC, Dubai Internet City Free Zone, UAE 

Last updated

8 June 2026 

Applies to 

All Travellers using the Personiti iOS app, Android app, or web platform 

Primary law 

UAE Federal Law No. 45 of 2021 on Personal Data Protection (PDPL) 

Also applicable 

EU GDPR (2016/679) for EEA-based Travellers 

Controller 

Personiti FZ-LLC, Dubai Internet City Free Zone, Dubai, UAE 

Privacy contact 

privacy@personiti.com 


Protecting your personal data is a priority for us.  We only process your personal data within the scope of applicable legal requirements, in particular UAE Federal Law No. 45 of 2021 on Personal Data Protection (PDPL) and, where applicable, the EU General Data Protection Regulation (GDPR). This policy explains how Personiti collects, uses, and shares your personal data when you use the Personiti Platform, and sets out your rights and how to exercise them. 


If you are a Provider (experience operator or tour guide), please refer to our separate Provider Privacy Policy. This Traveller Privacy Policy applies only to individuals using the Platform to discover and book Experiences. 


This policy has been drafted in the English language. Any translation is for reference only. In the event of inconsistency between the English version and a translated version, the English version prevails. 


I.  Terms 

The following terms are used in this policy: 

“Experience”  refers to the tours, activities, workshops, cultural events, and other travel experiences offered by Providers through the Personiti Platform. 

“Provider”  means the experience provider, tour operator, activity company, or individual guide who offers Experiences on the Platform. 

“Personiti Platform” or “Platform”  refers to the booking platform operated by Personiti FZ-LLC, accessible via www.personiti.com, the Personiti iOS app, the Personiti Android app, and all associated tools and services. 

“OCEAN Data”  means the personality profile data generated by Personiti’s Big Five (OCEAN) personality assessment, comprising your scores across five dimensions: Openness, Conscientiousness, Extraversion, Agreeableness, and Neuroticism. 

Personiti treats OCEAN Data with enhanced privacy protections due to its personal and psychographic nature. OCEAN Data is used solely for personality-based travel matching, profile functionality, and related Platform features described in this policy. 

“Personal Data”  refers to any information relating to an identified or identifiable natural person. 

“PDPL”  refers to UAE Federal Law No. 45 of 2021 on Personal Data Protection and its executive regulations. 

“GDPR”  refers to General Data Protection Regulation (EU) 2016/679. 

“Session Filter Data”  refers to destination, travel dates, budget range, group size, and interest category selections applied by you during a search. This data is temporary and session-specific; it is not stored as part of your permanent profile. 


II.  Controller and Contact 

The Data Controller responsible for processing your personal data when you use the Personiti Platform is: 

Controller 

Personiti FZ-LLC 

Registration 

In5 Tech, Dubai Internet City Free Zone, Dubai, UAE 

Address 

Dubai Internet City, Dubai, United Arab Emirates 

Email 

privacy@personiti.com 

Website 

www.personiti.com/privacy 


Provider data processing is separate.  Any data processing carried out by Providers in connection with a confirmed Experience Booking is outside Personiti’s direct control and is subject to the Provider’s own privacy policy. Providers act as independent Data Controllers for their own processing activities. 


III.  Data Processing Activities 


1.  Automated Data Collection 

When you visit the Personiti Platform, whether on the website, iOS app, or Android app, Personiti automatically collects the following technical data. This data is stored separately from other data you provide to us: 

  • URL of the accessed page or screen 
  • Date, time, and duration of your visit or session 
  • Information about your device and device-specific settings, including operating system, browser type, app version, and language settings 
  • App crash reports and other diagnostic activity data 
  • Information about clicks, screens viewed, and navigation paths 
  • IP address (stored in encrypted form and deleted after 30 days) 

We collect this data to ensure the proper operation and security of the Platform, to prevent fraudulent activities, and to diagnose and resolve technical issues, on the basis of our legitimate interest (PDPL Article 4 / GDPR Article 6(1)(f)). 


2.  Data Collected in Connection with Your Traveller Account 

2.1  Registration 

Registration is not required to browse the Platform. However, to make Bookings and access personalised matching features, you must create a Traveller Account. When you register, you provide: 

  • Full name 
  • Email address 
  • Password (stored in hashed form; Personiti does not have access to your plaintext password) 
  • Country of residence 

Alternatively, you may register using an existing Apple or Google account. In this case, we receive the following data from Apple or Google to create your Traveller Account: 

  • Name 
  • Email address 
  • An authentication token 

Personiti processes this data to set up and manage your Traveller Account in accordance with our Traveller Terms and Conditions (PDPL contractual necessity / GDPR Article 6(1)(b)). 


2.2  The OCEAN Personality Assessment 

When you complete Personiti’s Big Five (OCEAN) personality assessment during onboarding or at any subsequent time, we collect: 

  • Your responses to the assessment questions 
  • Your OCEAN dimension scores (Openness, Conscientiousness, Extraversion, Agreeableness, Neuroticism) 
  • The date and version of the assessment completed 

Your OCEAN profile is your psychographic identity on Personiti. It is stable by design: it reflects who you are as a traveller and persists across all your sessions on the Platform. It does not change automatically based on your browsing behaviour, filter selections, or booking history. It only changes if you actively choose to retake the assessment. 

OCEAN Data requires enhanced privacy protections. Personiti recognises that psychographic personality data is personal and highly individual in nature. For this reason, Personiti processes OCEAN Data only with your explicit consent and applies enhanced safeguards to its collection, storage, visibility, and use. 

Your explicit consent is obtained immediately before you begin the OCEAN personality assessment through a dedicated consent prompt within the Platform. You may withdraw this consent at any time by contacting privacy@personiti.com. Withdrawal disables personality-based matching features but does not affect the lawfulness of processing that occurred before withdrawal. 

Your OCEAN Data is used for the following purposes: 

  • Matching you to Experiences whose psychographic profiles are compatible with yours. 
  • Surfacing fellow Travellers with complementary personality types, where you have opted in to the social discovery feature. 
  • Improving Personiti’s matching algorithm in anonymised, aggregated form only. 
  • Displaying your OCEAN dimension scores and overall profile on your Traveller profile within the Platform. 
  • Sharing your OCEAN profile with other Platform users or with individuals outside the Platform, where you actively choose to do so using the sharing controls in the Personiti App. 


Profile Visibility and Sharing 

Your Traveller profile, including your OCEAN dimension scores, can be set to Private or Public within the Personiti App. The default is Private. You must actively choose to make your profile Public. 

  • Private (default):  Your OCEAN scores are visible only to you. No other Traveller, Provider, or member of the public can view your profile or scores. 
  • Public:  Your OCEAN scores and profile are visible to other registered Travellers and to Providers whose Experiences you browse or book. Providers may view your profile to understand traveller-to-experience compatibility. Providers may access publicly visible traveller profile information solely within the Personiti Platform for the purpose of understanding traveller compatibility with their Experiences. Providers are not permitted to independently copy, export, sell, profile, or otherwise process OCEAN related information outside the Platform. 


Setting your profile to Public constitutes voluntary disclosure of personal profile information to other users of the Platform. You may change your visibility setting at any time in the App. Changing from Public to Private prevents further access but does not erase historical visibility. Personiti recommends reviewing your privacy settings carefully before making your profile Public.  

Personiti cannot control how other users may interpret, reproduce, share, or otherwise use information that you voluntarily choose to make public through your profile settings. 

You may also share your OCEAN profile directly with specific individuals using the share function within the App. Profile links shared outside the Platform may be viewed by anyone with whom you share them. Personiti is not responsible for how recipients use OCEAN profile information you have voluntarily shared. 

Regardless of your visibility setting, your OCEAN Data is never used for advertising, commercial profiling, insurance underwriting, credit assessment, employment screening, or any purpose other than travel matching and profile display as described above. It is never sold. 


2.3  Session Filter Data 

When you search for Experiences, you apply session-specific filters: destination, travel dates, budget range, group size, and interest category selections. This data is the intent layer of your search, it tells Personiti what you are looking for on a specific trip. 

Session Filter Data is temporary. It is used to process your specific search request and to rank the filtered pool of Experiences by OCEAN compatibility. It is not stored as part of your permanent Traveller profile. It is not used to modify your OCEAN profile, and it is not retained beyond the active session. Session Filter Data is processed on the basis of contractual necessity (PDPL Article 4 / GDPR Article 6(1)(b)) to provide the search and matching service you have requested. 


2.4  Wishlists and Saved Experiences 

You may save Experiences to a wishlist for later consideration. When you add Experiences to your wishlist, we use this information to improve the personalisation of Experience recommendations. This is processed on the basis of our legitimate interest in enhancing your user experience and improving the Platform’s matching relevance (PDPL Article 4 / GDPR Article 6(1)(f)). 


2.5  Experience Reviews and the Fit for You Score 

After completing a confirmed Booking, you will be invited to submit a review and rating of the Experience. Reviews on Personiti are verified-only: only Travellers who have completed a confirmed Booking for a specific Experience may submit a review for that Experience. Reviews are attributed to your Traveller Account. Personiti does not offer an anonymous review option. 

When you submit a review, we collect: 

  • Your rating (numerical score) 
  • Your written comments 
  • Any photographs you choose to include 
  • Your first name, as displayed on your Traveller Account 
  • Your Fit for You score — your OCEAN compatibility rating with the Experience, calculated at the time of your Booking 


The Fit for You Score 

The Fit for You score is derived from your OCEAN profile. It is a single compatibility indicator reflecting how well your psychographic profile aligned with the Experience’s psychographic profile at the time of booking. It does not display your individual OCEAN dimension scores; it is a compatibility outcome, not a disclosure of raw psychographic data. 

The Fit for You score serves as honest context for other Travellers reading the review. A high Fit score alongside a positive review confirms the OCEAN matching worked. A lower Fit score alongside a mixed review explains the mismatch without reflecting negatively on the Experience’s quality. This feature is core to Personiti’s mission: to show not just whether an Experience is good, but whether it is right for a given personality type. 


Fit for You score as OCEAN-derived data.  By submitting a review, you consent to the display of your Fit for You score alongside your review on the Experience Listing and in any associated Platform content. The Fit for You score is OCEAN-derived data and is treated with the same protections as your OCEAN profile. It is displayed only in the context of your review and is not used for any purpose other than providing compatibility context for that specific Experience. 

Reviews and associated Fit for You scores may appear on publicly accessible Experience pages within the Platform and in Personiti marketing materials. You may request deletion of your review and its associated Fit for You score at any time by contacting privacy@personiti.com. You may opt out of receiving review invitation emails through the Notifications section of your account settings. 

We process review data and Fit for You scores on the basis of your consent (given at the point of review submission) and our legitimate interest in improving Experience quality, assisting other Travellers in making informed decisions, and demonstrating the effectiveness of the OCEAN matching engine (PDPL Article 4 / GDPR Articles 6(1)(a) and 6(1)(f)). 


3.  Customer Service 


3.1  Processing of Enquiries 

If you contact Personiti’s customer support team, by email at hello@personiti.com, through the in-app help feature, or through our website, we collect and process the personal data you provide in your enquiry, including your name, email address, Booking reference, and any other information you share during the interaction. 

We process this data to respond to and resolve your enquiry on the basis of contractual necessity (PDPL Article 4 / GDPR Article 6(1)(b)). 


3.2  Improving Customer Service 

To continuously improve our customer service, Personiti may analyse support enquiries using aggregated parameters and keywords to identify common issues and improve response quality. We may also invite you to participate in customer satisfaction surveys. This processing is based on our legitimate interest in the continuous improvement of our customer service and Platform experience (PDPL Article 4 / GDPR Article 6(1)(f)). 


3.3  In-App and Push Communications 

Where you have enabled push notifications on the Personiti App, Personiti may send you the following types of push notifications: 

  • Personiti operational notifications:  Booking confirmations, pre-Experience reminders, account updates, and policy notices. Sent on the basis of contractual necessity (PDPL Article 4 / GDPR Article 6(1)(b)). 
  • Provider broadcast notifications:  Operational announcements sent by a Provider to all Travellers who hold a confirmed Booking for a specific Experience slot. These are triggered by the Provider through the Provider Dashboard and delivered by Personiti’s system. They may include last-minute changes to the Experience, meeting point updates, cancellation notices, or essential logistics information. Personiti delivers these on the Provider’s behalf on the basis of contractual necessity. The Provider does not see your individual contact details; notifications are addressed to the Booking group as a whole. Providers are not permitted to use this tool for marketing or any non-operational purpose. 
  • Marketing notifications:  Personalised Experience recommendations and promotional content. Sent only with your consent (PDPL Article 4 / GDPR Article 6(1)(a)) and only if you have opted in through your account notification settings. 

You may manage all push notification preferences in your device settings or in the Notifications section of your account. Disabling push notifications does not affect your ability to use the Platform but means you may miss important operational updates about a confirmed Booking. 


4.  Technical Service Providers 


4.1  Platform Hosting 

The Personiti Platform is hosted on cloud infrastructure based in the United Arab Emirates. Personal data collected through the Platform is stored on UAE-based servers. Personiti is incorporated in the UAE and the UAE is the primary jurisdiction for all data storage and processing under this policy. 

Authorised Personiti personnel may access Platform data remotely from other locations, including the EEA and the United Kingdom for platform development, operations, and support purposes. All such access is through authenticated, access-controlled channels and is subject to confidentiality obligations. Remote access by Personiti personnel does not change the storage location of your personal data, which remains in the UAE. 


4.2  Email and Notification Services 

For sending transactional emails, including Booking confirmations, password resets, and policy updates, Personiti uses a third-party email service provider. This providerprocesses your email address and the content of Personiti’s emails on our behalf as a data processor. All email service providers are bound by data processing agreements and required to implement appropriate security measures. 


4.3  Fraud and Bot Protection 

To protect the Platform from fraudulent activity, automated bot attacks, and account abuse, Personiti uses fraud detection and bot protection tools. These tools analyse technical signals transmitted by your device, including IP address, device fingerprint, and behavioural patterns, to determine whether interactions originate from legitimate human users. This processing is based on our legitimate interest in protecting the Platform and its users from misuse (PDPL Article 4 / GDPR Article 6(1)(f)). 


5.  Marketing Communications 

5.1  You may subscribe to Personiti’s newsletter or marketing communications through the Platform. By subscribing, you consent to us processing your email address and your interactions with marketing emails for the purpose of sending relevant updates, personalised Experience recommendations, and promotional content (PDPL Article 4 / GDPR Article 6(1)(a)). 

5.2  If you have made a Booking or created a Traveller Account, Personiti may send you communications about Experiences or features that may be of interest to you, based on our legitimate interest in promoting relevant services to existing users (PDPL Article 4 / GDPR Article 6(1)(f)). 

5.3  You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email, or through the Notifications section of your account settings. Opting out of marketing does not affect operational communications required to manage your Bookings and account. 


6.  Booking Experiences 


6.1  Booking Data 

When you book an Experience on the Platform, we collect the data required to facilitate and manage the Booking. This typically includes: 

  • Full name and email address 
  • Number of participants and their age ranges where required by the Experience 
  • Booking date, time, and Experience details 
  • Any additional information required for specific Experiences (for example, dietary requirements, fitness level, or emergency contact details where specified in the Experience Listing) 

We use this data to process and manage your Booking on the basis of contractual necessity (PDPL Article 4 / GDPR Article 6(1)(b)). To the extent necessary to deliver the Experience, we transfer relevant Booking data to the Provider responsible for the Experience. The Provider processes your personal data as an independent Data Controller under their own privacy policy. 


6.2  Booking Confirmations and Reminders 

Following a confirmed Booking, Personiti sends you Booking confirmations, pre-Experience reminders, and relevant updates (such as meeting point changes or Providernotifications) by email or via App push notification. We process this data as necessary to fulfil our obligations to you in connection with your Booking (PDPL Article 4 / GDPR Article 6(1)(b)). You may customise notification preferences in the Notifications section of your account settings. 


6.3  Sharing Booking Details 

You may share your Booking confirmation with co-participants by providing their email address through the Platform. Personiti will send them the Booking confirmation and relevant communications. By providing another person’s email address, you confirm that you have obtained that person’s consent to share their contact details with Personiti for this purpose. 


7.  Payments 

7.1  All payments on the Personiti Platform are processed through Stripe. When you make a payment, your payment details, including card number, expiry date, and CVV are submitted directly to Stripe and are never transmitted to or stored by Personiti. Personiti receives only a payment confirmation from Stripe and, where applicable, the last four digits of your card for reference purposes. Stripe processes your payment data as an independent Data Controller; please refer to Stripe’s Privacy Policy at stripe.com/privacy for information on how Stripe handles your payment data. 

7.2  We process payment-related data on the basis of contractual necessity to fulfil your Booking (PDPL Article 4 / GDPR Article 6(1)(b)). 

7.3  Chargebacks. In the event of a chargeback on a payment you have made, Personiti will use the relevant Booking and transaction data to contest the chargeback with Stripe on your behalf where appropriate. This processing is based on our legitimate interest in managing payment disputes and protecting the integrity of the Platform (PDPL Article 4 / GDPR Article 6(1)(f)). 


8.  Personalisation of Platform Content 

Personiti personalises your Experience feed, recommendations, and Platform content based on your OCEAN profile, your search and booking history, and your stated preferences. The OCEAN layer provides the stable psychographic foundation; your session filters and booking history inform what is contextually relevant to you now. This personalisation is based on our legitimate interest in showing you Experiences that are genuinely relevant to you (PDPL Article 4 / GDPR Article 6(1)(f)), supplemented by your explicit consent for OCEAN Data processing. 


9.  Cookies and Tracking Technologies 

We use cookies and similar tracking technologies to operate Platform features, maintain your session, collect usage analytics, and, where you have consented, personalise content and measure marketing effectiveness. 

We use the following categories of cookies and tracking technologies: 


Category 

Purpose and basis 


Strictly necessary 

Required for the Platform to function: session management, login state, security. These cannot be disabled and do not require consent. 


Functional 

Remember your preferences such as language, currency, and notification settings. Disabled by default unless you enable them. 


Analytics 

Collect aggregated data about how Travellers use the Platform to improve features and user experience. Processed on the basis ofconsent (PDPL / GDPR Article 6(1)(a)). 


Marketing 

Used to measure the effectiveness of Personiti’s marketing campaigns and, where consented, to show relevant Personiticontent on third-party platforms. Processed on the basis ofconsent (PDPL / GDPR Article 6(1)(a)). 


Security / fraud detection 

Detect and prevent fraudulent login attempts and suspicious activity. Based on legitimate interest. 

You may manage cookie preferences through the Cookie Preferences link in the website footer, or through the Privacy Settings section of the Personiti App. You may withdraw consent to non-essential cookies at any time; this will not affect the lawfulness of any processing that occurred before your withdrawal. 

The Personiti App uses Software Development Kits (SDKs) in addition to cookies. These SDKs are part of the App source code and store data in App storage rather than your browser. They are used to analyse App usage, send operational push notifications, and enable the App to function correctly. Personiti does not use SDKs for advertising purposes without your explicit consent. 


10.  Social Media 

Personiti maintains accounts on the following social media platforms: Instagram (@personiti.app), TikTok (@personiti.app), Facebook, and LinkedIn. If you interact with Personiti’s social media accounts by following, liking, commenting, or messaging, the relevant social media platform collects and processes your personal data in accordance with its own privacy policy. 


Platform 

Privacy policy 


Instagram / Facebook 

Meta Platforms Ireland Limited — www.facebook.com/privacy/policy 


TikTok 

TikTok Technology Limited — www.tiktok.com/legal/privacy-policy 


LinkedIn 

LinkedIn Ireland Unlimited Company — www.linkedin.com/legal/privacy-policy 

Where Personiti’s social media activity generates platform analytics (such as Instagram Insights or TikTok Analytics), Personiti and the respective platform may act as joint Data Controllers for that analytics data. In such cases, the platform assumes primary responsibility for compliance with applicable data protection law. Personiti processes social media analytics data on the basis of its legitimate interest in understanding the reach and effectiveness of its content (PDPL Article 4 / GDPR Article 6(1)(f)). 


11.  Further Sharing of Data 

Beyond the cases described above, your personal data will only be shared with third parties in the following circumstances: 

  • Legal and regulatory authorities.  Personiti may be required to disclose personal data to UAE authorities, Dubai Courts, law enforcement agencies, or other competent governmental or regulatory bodies where required by Applicable Law, court order, or regulatory obligation. Personiti will notify you of such disclosure in advance where legally permissible. 
  • Professional advisors.  Personiti’s legal advisors, auditors, and accountants may access personal data on a confidential basis where necessary for the provision of professional services. All advisors are bound by professional confidentiality obligations. 
  • Service providers (processors).  Personiti uses carefully selected third-party service providers to operate the Platform, including hosting providers, email services, analytics tools, and fraud detection providers. These providers act as data processors under Personiti’s instruction and are contractually required to process your data only for the purposes specified by Personiti and in accordance with this policy. Where processors are located outside the UAE or EEA, appropriate transfer safeguards are in place. 
  • Corporate transactions.  In the event of a merger, acquisition, or sale of Personiti’s business or assets, personal data may be transferred to the acquiring entity. Personiti will notify youbefore any such transfer and ensure the acquiring entity is bound by privacy obligations equivalent to this policy. 
  • No sale of personal data.  Personiti does not sell, rent, or otherwise commercially transfer your personal data to any third party for their own commercial purposes. Your OCEAN Data is never sold under any circumstances. 


12.  Automated Decision-Making and Profiling 

12.1  Personiti uses automated processing to personalise your Platform experience, including: 

  • Ranking Experience search results based on OCEAN compatibility scores and Provider performance metrics 
  • Displaying your OCEAN profile to Providers where you have set your profile visibility to Public, enabling Providers to understand the psychographic types of Travellers interested in their Experience 
  • Generating personalised Experience recommendations based on your OCEAN profile, booking history, and wishlist activity 
  • Automated fraud and security screening of account activity and Booking requests 

12.2  The automated ranking of Experience search results is based on your OCEAN profile combined with your session-specific filters. It does not produce legal effects or similarly significant decisions about you. It is designed to surface Experiences more likely to be compatible with your personality and current trip intent. 

12.2A  Matching Disclaimer 

Personiti’s matching system is designed to provide indicative compatibility recommendations only. 

Compatibility scores, Fit for You scores, and personality-based recommendations do not guarantee:
• satisfaction with an Experience
• interpersonal compatibility
• emotional outcomes
• social compatibility with other Travellers
• the quality, safety, or suitability of an Experience 

Traveller decisions should always be based on their own judgement and review of the relevant Experience details. 

12.3  Where automated fraud screening results in a restriction of your account or a Booking being declined, you have the right to request human review of that decision by contacting hello@personiti.com. Personiti will respond within ten (10) Business Days. 

12.4  EEA Travellers. Under GDPR Article 22, you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects. Where any automated processing has such an effect, you may contact privacy@personiti.com to request human review. 


13.  International Data Transfers 

Personiti is incorporated in the UAE and stores all personal data on UAE-based cloud infrastructure. Your personal data is held in the UAE regardless of the country from which you access the Platform. Personiti’s authorised personnel may access this data remotely from the EEA, UK, and Egypt for operational purposes; such access does not constitute a change of data storage location. 

Where your personal data is collected in the EEA or UK and stored in the UAE, this constitutes a cross-border transfer to a non-adequate third country. Personiti applies the following transfer safeguards: 

  • EEA Travellers.  The collection and storage of personal data of EEA-based Travellers in the UAE is governed by GDPR Chapter V. Personiti implements the EU Standard Contractual Clauses (SCCs) as the applicable transfer mechanism. Copies of the applicable SCCs are available on request at privacy@personiti.com. 
  • UK Travellers.  The collection and storage of personal data of UK-based Travellers in the UAE is governed by UK GDPR Chapter V. Personiti implements the UK International Data Transfer Agreement (IDTA) as the applicable transfer mechanism. 
  • UAE and other Travellers.  Personal data of Travellers based in the UAE or other jurisdictions is stored in the UAE under the primary governance of the PDPL. Where Personititransfers any personal data outside the UAE, such transfers are made only to countries recognised as providing adequate protection, or using appropriate contractual safeguards approved by the UAE Data Office. 


14.  Retention of Your Data 

Personiti retains personal data for as long as necessary to manage your Traveller Account, to provide the Platform’s services, to comply with legal obligations, and to resolve disputes and claims. The following retention periods apply: 


Data category 

Retention period 

Account registration data 

Duration of active Traveller Account, plus 5 years following closure or termination. 

OCEAN profile and assessment data 

Duration of active Traveller Account. Deleted within 30 days of account closure, unless a longer legal retention period applies. Only changes if you retake the assessment. Where your profile is set to Public, visibility ceases immediately upon changing to Private or upon account closure. Personiti does not retain copies of publicly displayed OCEAN scores beyond the period of active display. 

Session Filter Data (destination, dates, budget, interests) 

Not retained beyond the active session. Temporary and not stored as part of your permanent profile. 

Booking and transaction records 

7 years from the Booking date, as required by UAE VAT law and applicable commercial records legislation. 

Payment references 

As required by Stripe’s retention policies and applicable financial regulation. 

Review, rating, and Fit for You score data 

Until you request deletion, after which the review and associated Fit for You score are removed from publicdisplay within 10 Business Days. 

Customer support records 

2 years from the date of the last interaction, extended where the matter is subject to ongoing dispute or legal proceedings. 

Marketing preference records 

Until you withdraw consent or opt out, after which your preference is retained for 3 years to honour the opt-out. 

Technical / automated logs 

IP address: 30 days (encrypted). Other automated logs: 12 months, then aggregated or anonymised. 

Upon expiry of the applicable retention period, Personiti securely deletes or anonymises your personal data. Anonymised data (from which no individual can be identified) may be retained indefinitely for analytics and Platform improvement purposes. Deleted personal data may remain temporarily stored in secure encrypted backup systems for a limited retention cycle before permanent deletion. 


15.  Your Data Protection Rights 

You have the following rights with respect to your personal data. To exercise any of these rights, please contact privacy@personiti.com. We will respond within thirty (30) days of receipt of your request. Complex or multiple requests may take up to sixty (60) days; we will notify you if an extension is needed. 


15.1  Right of Access 

You have the right to obtain confirmation as to whether or not Personiti holds personal data about you and, if so, to receive a copy of that data, including information about the purposes of processing, the categories of data held, and any recipients. 


15.2  Right to Rectification 

You have the right to have inaccurate personal data corrected and incomplete personal data completed. You may update many account details directly through your TravellerAccount settings. 


15.3  Right to Erasure 

You have the right to request that Personiti delete your personal data where: (i) the data is no longer necessary for its original purpose; (ii) you have withdrawn consent and there is no other lawful basis; (iii) you have objected to processing based on legitimate interests and there are no overriding grounds; or (iv) the data has been unlawfully processed. 


Limitations on erasure.  The right to erasure is not absolute. Personiti may retain personal data where required by law, including Booking and VAT records (7 years), or where the data is necessary for the establishment, exercise, or defence of legal claims. We will explain any applicable limitations when responding to your erasure request. 


15.4  Right to Restriction of Processing 

You have the right to request that Personiti restrict the processing of your personal data where you contest its accuracy, where processing is unlawful but you prefer restriction to erasure, or where Personiti no longer needs the data but you require it for legal claims. 


15.5  Right to Data Portability 

Where processing is based on your consent or on contractual necessity and is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format, and to transmit it to another controller. 


15.6  Right to Object 

You have the right to object at any time, on grounds relating to your particular situation, to processing based on legitimate interests. Personiti will cease processing unless it can demonstrate compelling legitimate grounds that override your interests, or where processing is necessary for legal claims. You have an absolute right to object to the use of your personal data for direct marketing at any time. 


15.7  Right to Withdraw Consent 

Where processing is based on your consent, including for OCEAN Data and marketing communications, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal. For OCEAN Data, withdrawal disables personality-based matching features. To withdraw consent, contact privacy@personiti.com or use the account settings in the App. 


15.8  Right to Lodge a Complaint 

You have the right to lodge a complaint with the relevant data protection supervisory authority: 

Jurisdiction 

Supervisory Authority 

UAE 

UAE Data Office — www.uaedataoffice.gov.ae 

EU 

The competent lead supervisory authority in the EU member state of your habitual residence or place of work. 

UK 

Information Commissioner’s Office (ICO) — ico.org.uk 

We encourage you to contact us at privacy@personiti.com before lodging a supervisory authority complaint. We will endeavour to resolve any concerns promptly and transparently. 


15.9  PDPL-Specific Rights 

Under the UAE PDPL, you also have the right to: (i) be notified of the categories of personal data held about you and the purposes of processing; (ii) receive information about the recipients to whom your data has been disclosed; and (iii) request correction or deletion of your data. These rights can be exercised by contacting privacy@personiti.com. 


16.  Security 

Personiti implements and maintains technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include: 

  • Encryption of personal data at rest and in transit 
  • Role-based access controls for Personiti employees and contractors 
  • Access controls and authentication safeguards for Traveller Accounts  
  • Regular security assessments and penetration testing 
  • A documented incident response and breach notification process 

While Personiti takes reasonable and appropriate steps to protect your personal data, no system is completely secure. You are responsible for maintaining the confidentiality of your Traveller Account credentials. If you believe your account has been compromised, please notify us immediately at privacy@personiti.com. 


17.  Children 

The Personiti Platform is not directed at individuals under the age of eighteen (18). Personiti does not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe that a person under 18 has created a Traveller Account or provided personal data to Personiti, please contact privacy@personiti.com and we will promptly delete that data. 


18.  Deletion of Your Account 

If you delete your Traveller Account — through the account settings or by contacting privacy@personiti.com — your profile and personal data will be deleted or anonymised in accordance with the retention periods in Section 14. OCEAN Data will be deleted within 30 days of account closure. Booking records and transaction data will be retained for the periods required by applicable law. You will receive confirmation when your account has been closed and your data has been processed for deletion. 


19.  Changes to This Policy 

Personiti may update this Traveller Privacy Policy from time to time to reflect changes in law, Platform functionality, or data processing practices. Where we make material changes, particularly any change affecting how we process OCEAN Data, we will notify you by email to your registered account address and by in-app notification at least thirty (30) days before the change takes effect. The current version of this policy is always available on the Personiti Platform and supersedes all previous versions. 


20.  Contact Us 

If you have any questions about this Traveller Privacy Policy, wish to exercise your data protection rights, or have a concern about how we handle your personal data, please contact us: 


Method 

Details 

Email 

privacy@personiti.com (subject line: Traveller Privacy Enquiry) 

General 

hello@personiti.com 

Website 

www.personiti.com/privacy 

Address 

Personiti FZ-LLC, Dubai Internet City Free Zone, Dubai, United Arab Emirates 

Personiti has not appointed a formal Data Protection Officer at this stage. Privacy enquiries should be directed to privacy@personiti.com. 


If you are a Provider (experience operator or tour guide), this policy does not apply to you. Please refer to Personiti’s Provider Privacy Policy, available at hello@personiti.com on request. 


Personiti FZ-LLC  |  in5 Tech Dubai Internet City Free Zone  |  Dubai, United Arab Emirates 

privacy@personiti.com  |  www.personiti.com/privacy  

Primary framework: UAE Federal Law No. 45 of 2021 (PDPL). EU GDPR applies additionally for EEA-based Travellers. 

Copyright © 2026 Personiti - All Rights Reserved.

  • Support
  • Traveller Terms
  • Traveller Privacy
  • Provider Terms
  • Provider Privacy

Powered by

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept