Privacy Policy

1. Introduction

GodopeTZA Labs Company Limited ("we," "our," or "us") operates TourNest CRM, a comprehensive tourism customer relationship management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at https://tournestcrm.com and our related services.

We are committed to protecting your privacy and ensuring the security of your personal information. By using our services, you consent to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

• Account Information: Name, email address, phone number, company details
• Contact Information: Business address, billing address, emergency contact details (optional)
• Identification Documents: KYC information including passport details, ID numbers for booking verification purposes
• Travel Information: Booking preferences, travel history, destination preferences, accommodation needs
• Location Data: Geographic location (optional, with your consent)

2.2 Payment Information

We collect billing information necessary for subscription processing. Payment data is processed by third-party payment providers including Stripe (for card payments) and Pawapay (for mobile payments in Tanzania). We do not store complete payment card details on our servers.

2.3 Technical Information

• Cookies and Tracking: We use functional cookies essential for platform operation
• Usage Data: Information about how you use our platform, features accessed, and performance metrics
• Device Information: Device type, operating system, browser information

3. Third-Party Integrations

3.1 WhatsApp Business API

We integrate with WhatsApp Business API to provide enhanced communication services. This integration allows us to:

• Send booking confirmations and updates
• Provide customer support through WhatsApp messaging
• Send promotional messages and travel offers (with your consent)
• Facilitate real-time communication between you and travel service providers

Your WhatsApp number and message content are processed according to both our privacy policy and WhatsApp's Business Policy. You can opt out of promotional messages at any time.

3.2 Google Mail API

We integrate with Google Mail API with full scope permissions to:

• Send booking confirmations and itineraries via email
• Read and organize travel-related emails
• Modify email labels and organization for better CRM integration
• Send automated follow-up emails and travel updates
• Manage email communications between you and travel partners

Access to your Gmail account is governed by Google's Privacy Policy and requires your explicit consent. You can revoke access at any time through your Google Account settings.

3.3 Payment Processors

• Stripe: For international card payments and subscriptions
• Pawapay: For mobile money payments in Tanzania

4. How We Use Your Information

We use collected information for the following purposes:

• Providing and maintaining our CRM platform services
• Processing bookings and managing customer relationships
• Facilitating communication between tourists and service providers
• Sending service-related notifications and updates
• Processing payments and managing subscriptions
• Improving our platform functionality and user experience
• Ensuring platform security and preventing fraud
• Complying with legal obligations and regulations
• Providing customer support and technical assistance

5. Data Sharing and Disclosure

5.1 No Third-Party Data Sharing

We do not sell, rent, or share your personal data with third parties for their marketing purposes. Each company using our platform maintains complete control over their own data.

5.2 Future Public Applications

In the future, we may develop public applications where data sharing may be optional. Any such sharing will require your explicit consent and will be clearly communicated before implementation.

5.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication mechanisms
• Secure backup procedures (optional for enhanced data protection)
• Employee training on data protection practices

7. Data Retention

We retain your personal information for 30 days after account deletion or service termination, unless a longer retention period is required by law. You may request immediate data deletion, which we will process within a reasonable timeframe.

Backup copies of data may be retained for additional security purposes but will be deleted according to our backup retention schedule.

8. Your Rights

You have the following rights regarding your personal information:

• Access: Request copies of your personal data
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data through our platform or website
• Data Portability: Request transfer of your data to another service
• Opt-out: Unsubscribe from marketing communications
• Revoke Consent: Withdraw consent for data processing where applicable

To exercise these rights, contact us at benard@flutterai.dev or use the data management features available in your account settings.

9. International Data Transfers

Our primary operations are based in Tanzania. As we expand internationally, we may transfer your data to other countries. When such transfers occur, we will ensure appropriate safeguards are in place to protect your personal information in accordance with applicable data protection laws.

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us immediately.

11. Cookies Policy

We use essential cookies that are necessary for the proper functioning of our platform. These cookies enable core functionality such as security, authentication, and accessibility features. You can control cookie settings through your browser, but disabling essential cookies may affect platform functionality.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Your continued use of our services after any modifications indicates your acceptance of the updated Privacy Policy.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

14. Regulatory Compliance

While primarily operating in Tanzania, we are committed to meeting international privacy standards. As we expand our services globally, we will implement additional compliance measures for GDPR (European Union), CCPA (California), and other applicable data protection regulations.