Privacy Policy

This Privacy Policy is effective from 29 April 2026. It applies to visitors, agents, operators, administrators, business contacts, and other individuals whose personal data is processed through Everything Uganda services.

Everything Uganda Ltd. is responsible for the personal data it collects and determines how to use. Some payment, identity, hosting, communication, authentication, and analytics providers may also process data under their own terms or as processors acting on our instructions.

We may collect account data, business profile data, identity and verification details, contact information, billing and payout information, booking records, guest details supplied for bookings, communications, support requests, usage events, device data, security logs, preferences, and consent records.

We collect data directly from users, from organizations that invite or administer users, from operators and agents involved in bookings, from payment and identity providers, from browser and device interactions, and from operational records generated by the portal.

We use personal data to provide the portal, verify accounts, manage marketplace access, process bookings, support payments and settlement, prevent fraud, secure the service, provide customer support, send operational communications, maintain audit records, improve product performance, and comply with legal obligations.

Where permitted, we may also use business contact information for relevant B2B communications about portal features, supplier onboarding, partnership opportunities, marketplace updates, or service changes. You can opt out of non-essential marketing communications.

Where GDPR, UK GDPR, or similar laws apply, we rely on legal bases including contract performance, legitimate interests, legal obligations, consent, and, where necessary, protection of vital interests or establishment, exercise, or defense of legal claims.

Legitimate interests may include platform security, fraud prevention, product improvement, B2B customer support, network integrity, business administration, and relevant trade communications, balanced against individual privacy rights.

We use necessary cookies and local storage to support security, authentication, consent records, and core portal functionality. These are required for the service to work and cannot be disabled through the cookie banner.

Analytics cookies and similar technologies are optional. We do not enable analytics tracking unless you accept analytics cookies through the consent banner or a cookie settings control. You can withdraw consent at any time by changing cookie preferences.

We may share data with service providers that support hosting, authentication, database infrastructure, payment processing, email delivery, analytics, monitoring, customer support, fraud prevention, and professional services. We require appropriate contractual, security, and confidentiality controls where processors handle personal data for us.

Booking-related data may be shared between agents, operators, and operational partners where needed to quote, confirm, deliver, amend, cancel, refund, or support a travel experience. We may also disclose data if required by law, regulators, courts, auditors, payment networks, sanctions screening, or to protect rights, safety, and security.

Because Everything Uganda serves international travel partners, personal data may be processed in Uganda, the European Economic Area, the United Kingdom, the United States, and other locations where our providers or partners operate.

Where legally required, we use appropriate safeguards for international transfers, such as contractual protections, data processing agreements, transfer impact assessments, or other lawful transfer mechanisms.

We keep personal data for as long as needed to provide services, maintain business and booking records, resolve disputes, comply with accounting, tax, legal, regulatory, fraud-prevention, and audit obligations, and enforce agreements.

Retention periods vary by data type. Account and booking records may be retained after account closure where required for legal, operational, financial, security, or dispute-resolution purposes.

Depending on your location and applicable law, you may have rights to access, correct, delete, restrict, object to, or port your personal data. You may also have the right to withdraw consent, object to direct marketing, or lodge a complaint with a supervisory authority.

To exercise privacy rights, email [email protected]. We may need to verify your identity and authority before acting on a request, especially where account, booking, payment, or business-confidential information is involved.

We use administrative, technical, and organizational safeguards designed to protect personal data, including access controls, authentication, logging, provider security controls, and operational review processes.

No online service can guarantee absolute security. Users must protect their credentials, use appropriate organization access controls, and notify us promptly of suspected unauthorized access or data incidents.

We may update this policy to reflect changes in law, providers, features, data practices, or operational requirements. Material updates will be communicated through reasonable channels.

For privacy questions, consent withdrawal, data protection requests, or processor inquiries, contact [email protected].