Privacy Policy

Effective: June 11, 2026

This Privacy Policy explains how Unmatched Journeys ("we", "us", "our"), trading as Unmatched Journeys, collects, uses and protects your personal data when you use our website (umjourneys.com), our AI concierge Aria, our WhatsApp channels, and any related services (together, the "Services").

We comply with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Who we are

Company: Unmatched Journeys
Trading name: Unmatched Journeys
Registered address: Dubai, United Arab Emirates (full registered address available upon request)
DTCM / DED licence: available upon request
Contact for privacy questions: [email protected]

2. What data we collect

We collect the following categories of personal data:

• Identity and contact data: name, email, phone number, WhatsApp number, country of residence, language preference.
• Travel preference data: destinations, dates, party size, traveller names and ages, dietary or accessibility requirements, occasion (e.g. honeymoon, anniversary, corporate), preferred vehicles and services.
• Communication data: messages exchanged with our concierge team and our AI concierge Aria via the website, WhatsApp, email, or phone.
• Technical data: IP address, browser type, device type, referrer URL, pages visited, session duration. Collected via Google Analytics 4 and Microsoft Clarity (including anonymised session recordings and heatmaps).
• Booking and payment data: when you confirm a booking, additional information required by suppliers (airlines, hotels, transport providers). Payment card details are processed by our payment provider and are not stored on our servers.

3. How we use your data

We use your data to:

• Respond to your enquiries via Aria, WhatsApp, email or phone.
• Plan, price and confirm your bookings with third-party suppliers.
• Improve our services using aggregated, anonymised analytics from GA4 and Clarity.
• Send you transactional messages (booking confirmations, itinerary changes, payment receipts).
• Send marketing communications, only with your explicit consent and only until you withdraw consent.
• Comply with our legal obligations, including UAE travel-agency regulations.

4. Our legal basis for processing

We process your personal data under the following legal bases:

• Contract: to provide the Services you have requested.
• Consent: for analytics, session recording, and marketing communications.
• Legitimate interest: to operate, secure and improve our Services.
• Legal obligation: to retain records as required by UAE travel and tax law.

5. Sharing your data

We share data only with:

• Travel suppliers (airlines, hotels, transport, experience operators) — only the data necessary to fulfil your booking.
• Technology providers we use to deliver the Services: ElevenLabs (powers Aria), HubSpot (CRM), Make.com (workflow automation), Google (Analytics, search), Microsoft (Clarity), Meta (WhatsApp Business), Cloudflare (hosting). Each provider has its own contractual obligations to protect your data.
• Authorities, where required by UAE law or court order.

We do not sell your data to third parties.

6. International transfers

Some of our technology providers are based outside the UAE (including the US, EU and UK). Where data is transferred internationally, we rely on the legal mechanisms permitted under UAE PDPL and GDPR (including Standard Contractual Clauses).

7. How long we keep your data

We keep personal data only as long as necessary for the purposes described above. As a guide:

• Enquiry-only data (no booking made): up to 24 months from last contact.
• Booking data: 7 years after the journey concludes, as required by UAE tax and travel-agency record-keeping rules.
• Marketing consent: until you withdraw it.
• Analytics data: retention period configured per provider — see Section 8.

8. Cookies and analytics

We use cookies and similar technologies for:

• Essential cookies — required for the site to function.
• Analytics cookies (Google Analytics 4): measure traffic and engagement. Identifier: G-P1088DKGNZ. Retention: 14 months.
• Session-recording cookies (Microsoft Clarity): anonymised heatmaps and session replays. Identifier: wq5iee0kjw. Personal data such as input field values is automatically masked.

You can decline non-essential cookies via our consent banner, or by adjusting your browser settings.

9. Your rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your data, subject to our legal record-keeping obligations.
• Object to or restrict certain processing.
• Withdraw consent for marketing communications at any time.
• Lodge a complaint with the UAE Data Office or, if you are in the EU/UK, your local supervisory authority.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. Security

We use industry-standard technical and organisational measures, including TLS encryption, access controls, and least-privilege internal access. No system is perfectly secure, but we work to keep your data safe and will notify you and the relevant authorities of any data breach where required by law.

11. Children

Our Services are intended for adults aged 18 and over. We do not knowingly collect data from children under 18. If you believe a child has provided us with data, please contact us and we will delete it.

12. Changes to this Policy

We may update this Policy from time to time. The "Effective" date at the top reflects the most recent version. Material changes will be announced on this page and, where appropriate, by direct notice to you.

13. Contact

For questions about this Policy or your personal data, contact:
[email protected]
or write to us at Dubai, United Arab Emirates.