Privacy Policy

Placeholder copy. Final wording is owned by Zmootz Legal Counsel and will be supplied before launch. This page exists to confirm the placement, structure, and link wiring is correct.

1. What we collect

• Account info: name, email, phone number, password hash (managed by Firebase Auth)
• Booking info: itinerary selections, travel dates, traveler details, payment card token (Stripe holds the card; we never see the full number)
• Usage info: cookies for session continuity and basic analytics (see Cookie Policy)

2. How we use it

To create your account, fulfil your bookings, send transactional emails (confirmation, receipt, status updates), provide customer support, and meet our legal obligations under Thai law.

3. Who we share with

• Hotel and service suppliers — only what's needed to fulfil your booking
• Payment processor (Stripe) for the actual charge
• Email provider (Resend / Postmark) for transactional email delivery
• Government authorities when legally compelled

4. Your rights under PDPA

You may request access to, correction of, or deletion of your personal data. Submit a request via the support form at /support; we respond within 30 days.

5. Data retention

Booking records are retained for 5 years for tax and audit purposes; account data is retained while your account is active.

6. Contact

Data controller: Zmootz operator. Contact: support@zmootz.com.