Privacy Policy
Last updated: May 2, 2026
Overview
We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services.
Scope of this Policy
This Privacy Policy applies to the Ziyara website (ziyara.io), the Ziyara mobile application available on Google Play and the Apple App Store, and any related services (collectively, the "Services"). By using our Services you agree to the collection and use of information as described in this policy.
Information we collect
We may collect the following types of information:
- Account information – name, email address, phone number, and organization details provided during registration.
- Pilgrim data – personal details, passport information, travel documents, and related data entered by authorized agency users.
- Camera & photos – images captured or selected when you use in-app features such as passport scanning or profile photo uploads (see "Mobile Application & Device Permissions" below).
- Usage data – device type, operating system, browser, IP address, and interaction logs collected automatically.
- Payment data – processed securely by our payment provider (see below); we do not store full card details.
Mobile application & device permissions
Our mobile application may request the following device permissions:
- Camera (android.permission.CAMERA) – Used to scan QR Code within the app. Images are uploaded to our secure servers over an encrypted connection and stored privately on AWS S3. The camera is activated only when you explicitly choose to scan or take a photo; we do not access the camera in the background.
- Storage / Media – Used to allow you to select existing photos or documents from your device for upload.
- Internet – Required to communicate with our servers and synchronize data.
You can revoke any permission at any time through your device's settings. Revoking the camera permission will disable passport-scanning and photo-capture features but will not affect other functionality.
How we use your information
We use collected information to provide and improve our Services, process bookings and payments, communicate with you, ensure security, and comply with legal obligations. We do not sell your personal information to third parties.
Payment processing
We use Paddle for payment processing. Paddle handles billing, invoices and payment authorization on our behalf. We do not store full payment card details on our servers. For more information, see Paddle's Privacy Policy and Paddle's Terms.
Where we store your data
Uploaded files and backups are stored on Amazon Web Services (AWS). We use AWS S3 for file storage and related services. Access to stored files is restricted and signed URLs are used for secure temporary access when necessary.
Data retention
We retain personal data as long as necessary to provide our services or as required by law. If you wish to request deletion of your data, contact us at info@ziyara.io.
Your rights
You have rights to access, correct, or request deletion of your personal data. To exercise these rights contact us at info@ziyara.io.
International transfers & processors
We use third-party processors such as Paddle (payments), AWS (storage), and Tawk.to (live chat support). These providers may transfer or store data outside the EEA/UK/Türkiye. Where transfers occur, we rely on appropriate safeguards such as Standard Contractual Clauses, EU/UK adequacy decisions where applicable, or other lawful transfer mechanisms. Please consult the providers' privacy pages for details.
GDPR / UK GDPR (EU & UK residents)
If you are located in the EU or the UK, you have the rights listed above and the right to lodge a complaint with your local supervisory authority. The legal bases for processing personal data include contract performance, legitimate interests, and consent where required (for example for non-essential cookies).
CCPA / CPRA (California residents)
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), including the right to request disclosure of categories of personal information collected, the purposes for which it is used, and the right to request deletion. We do not sell personal information. To exercise your rights under CCPA/CPRA, contact info@ziyara.io and specify your request.
KVKK (Türkiye)
If you are a resident of Türkiye, you have rights under the Turkish Data Protection Law (KVKK) including access, correction, deletion, and objection. To exercise those rights, contact info@ziyara.io. For international transfers from Türkiye, we will rely on appropriate safeguards and provide information upon request.
Security measures
We implement reasonable organizational and technical measures to protect personal data, including encrypted storage for files (AWS S3), restricted access, and signed URLs for temporary file downloads.
Data Protection Officer / Contact
If you have data protection concerns you may contact info@ziyara.io. If required by law we will provide DPO contact details; otherwise contact the address above for privacy requests.
This policy references third-party services we use (Paddle for payments, AWS for storage, Tawk.to for live chat). Please review their policies for details about how they handle data.
Contact
If you have questions about this policy, please contact: info@ziyara.io
This policy references third-party services we use (Paddle for payments, AWS for storage, Tawk.to for live chat). Please review their policies for details about how they handle data.