Privacy Policy

See Dates

Effective Date: January 18, 2026

Dubai by Foot and Abu Dhabi by Foot value your privacy and are committed to protecting your personal information. This Privacy Policy explains what information we collect, how and why we use it, how we protect it, and the rights available to you under applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA).

Scope of This Privacy Policy

This Privacy Policy applies to personal information collected by Dubai by Foot and Abu Dhabi by Foot (collectively, “we,” “our,” or “us”) through your use of our websites, booking platforms, communications, and tour-related services (collectively, the “Services”).

Information We Collect

We collect information that you voluntarily provide to us and limited information that is automatically collected when you use our Services.

Information You Provide Directly

When you interact with us, you may provide personal information such as your name, email address, phone number, and other contact details. If you purchase a tour or service, payment-related information is collected and processed by our payment service providers. We do not store full payment card details.

If you contact us by email or submit enquiries, we may retain the contents of those communications.

Transaction Information

When you purchase a tour or service, we process transaction-related information including your contact details, purchase details, and payment confirmation data. Payments are processed securely by our third-party payment processor, Stripe. We do not store full payment card numbers or sensitive payment credentials.

Stripe may collect and process personal information necessary to complete the transaction, prevent fraud, and comply with legal obligations. Stripe’s use of personal information is governed by its own privacy policy, which you can review at:
https://stripe.com/privacy

We share transaction-related information with Stripe only to the extent necessary to process payments, issue refunds, and handle payment-related enquiries.

Automatically Collected Information

When you visit our websites, limited technical information may be automatically collected, including browser type, operating system, approximate location derived from IP address, date and time of access, and pages viewed. This information is used for security, performance monitoring, and service improvement.

Analytics

We use Fathom Analytics, a privacy-focused analytics service, to understand how visitors use our websites. Fathom Analytics does not use cookies to track users across sites, does not collect personal identifiers, does not store IP addresses, and does not create user profiles. Analytics data is aggregated and cannot be used to identify individual users.

How We Use Your Information

We use personal information for the following purposes:

  • To provide and manage tours and related services
  • To process bookings, payments, refunds, and confirmations
  • To communicate with you regarding tour logistics, updates, or customer support
  • To maintain website functionality, security, and performance
  • To analyse aggregated website usage and improve our Services
  • To comply with legal obligations and enforce our terms

We do not use personal information for behavioural advertising, profiling, or cross-context tracking.

Legal Bases for Processing (GDPR)

For individuals located in the European Economic Area, the United Kingdom, or other jurisdictions with similar data protection frameworks, we process personal data under the following legal bases:

  • Performance of a contract, when processing is necessary to provide tours or services
  • Legitimate interests, such as operating, securing, and improving our websites
  • Consent, where required (for example, optional marketing emails)
  • Legal obligation, where processing is required by law

Marketing Communications

We may send informational or transactional emails related to bookings and tour operations. Promotional emails are only sent where permitted by law, and you may opt out of non-essential communications at any time using the unsubscribe link in our emails.

For users in the EEA and UK, we only send marketing communications with prior consent, which may be withdrawn at any time.

Cookies and Similar Technologies

We use only essential cookies and privacy-friendly analytics. We do not use advertising cookies or third-party marketing trackers. For more details, please review our Cookie Policy.

Sharing and Disclosure of Information

We do not sell or share personal information for advertising purposes.

We may disclose personal information to trusted service providers who assist us in operating our Services (such as payment processors, email providers, and website hosting services), subject to contractual obligations requiring confidentiality and appropriate data protection.

We may also disclose information where required to comply with legal obligations, protect rights or safety, investigate fraud, or in connection with a business transaction such as a merger or asset transfer.

Aggregated or anonymised data that does not identify individuals may be shared publicly or with partners.

Data Retention

We retain personal information only for as long as reasonably necessary to fulfil the purposes described in this Policy, including providing services, complying with legal and accounting obligations, resolving disputes, and enforcing agreements. Retention periods vary depending on the type of information and the nature of the relationship.

Data Security

We implement reasonable technical and organisational measures to protect personal information, including encryption in transit (TLS/SSL) and access controls. While no method of transmission over the internet is completely secure, we work to protect your data using industry-standard practices.

International Data Transfers

Personal information may be processed and stored in the United Arab Emirates, the United States, or other countries where our service providers operate. Where required, we rely on appropriate safeguards to protect international data transfers.

Your Privacy Rights

California Residents (CCPA/CPRA)

California residents have the right to:

  • Know what personal information we collect, use, and disclose
  • Request access to or deletion of personal information
  • Request correction of inaccurate personal information
  • Opt out of the sale or sharing of personal information (we do not sell or share personal information)
  • Limit the use of sensitive personal information (where applicable)
  • Not be discriminated against for exercising privacy rights

We honour Global Privacy Control (GPC) signals as required by California law.

EEA and UK Residents (GDPR)

Individuals in the EEA and UK have the right to:

  • Access their personal data
  • Correct or delete personal data
  • Restrict or object to certain processing
  • Receive a copy of their data in a portable format
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with a supervisory authority

Exercising Your Rights

To exercise privacy rights or submit a request, please contact us at [email protected]. We may request additional information to verify your identity before responding.

Children’s Privacy

We do not knowingly collect personal information from children under the age of 13. Our Services are intended for individuals aged 13 and older.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we do, we will update the effective date and post the revised Policy on our websites.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]
Mail:
Dubai by Foot / Abu Dhabi by Foot
[Mailing Address Placeholder]

Privacy Notice for California Consumers

Effective Date: January 1, 2026

This Privacy Notice for California Consumers (“Notice”) supplements the information contained in our general Privacy Policy and applies solely to California residents (“consumers”) with respect to their personal information, in accordance with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (“CCPA/CPRA”) (Cal. Civ. Code §§ 1798.100 et seq.) and other applicable California privacy laws. Terms used in this Notice, including “consumer,” “personal information,” and “sensitive personal information,” have the meanings given to them under the CCPA/CPRA.

Our Relationship With You Under California Law

Dubai by Foot and Abu Dhabi by Foot operate as either a “business” or a “service provider,” as those terms are defined under the CCPA/CPRA, depending on the context of your interaction with us. For example, when you visit our websites or purchase a tour or service directly from us, we act as a business with respect to your personal information. When we process personal information on behalf of another entity pursuant to a written agreement, we may act as a service provider.

Regardless of our role, we process, retain, use, and disclose personal information only as reasonably necessary and proportionate to provide the services requested or to fulfil our legal and operational obligations. We do not sell personal information and do not process personal information for any purpose other than those disclosed in this Notice.

Collection of Personal Information

Over the preceding twelve (12) months, we have collected the following categories of personal information, depending on the nature of a consumer’s interaction with us:

  • Identifiers, including name, postal address, email address, telephone number, online identifiers, IP address, or similar identifiers.
  • Personal information described in Cal. Civ. Code § 1798.80(e), such as contact and payment-related information.
  • Commercial information, including records of products or services purchased, obtained, or considered.
  • Internet or other electronic network activity information, such as interactions with our websites, applications, or advertisements.

We may also collect sensitive personal information as defined by the CCPA/CPRA, such as payment account information or precise geolocation, where necessary to provide our services.

The categories of personal information applicable to you depend on how you interact with us. Payment information is collected only when necessary to complete a transaction, and employment-related information is collected only in the context of job applications or employment.

We collect personal information from the following sources: information you provide directly; information collected automatically through your interactions with our websites or communications; information provided by customers, partners, service providers, and vendors; information from public records; and inferences drawn from the information described above.

Use and Disclosure of Personal Information

We use and may disclose personal information to service providers or contractors for the following business purposes:

  • To provide, operate, and maintain our tours, websites, and services
  • To process registrations, purchases, transactions, and payments and prevent fraud
  • To communicate with you, including confirmations, updates, customer support, and responses to enquiries
  • To personalise content, improve user experience, and develop or enhance our services
  • To conduct analytics, testing, research, and internal business operations
  • To maintain the safety, security, and integrity of our systems and services
  • To comply with legal obligations, law enforcement requests, or court orders
  • To evaluate or carry out a business transaction such as a merger, acquisition, or asset sale

When personal information is disclosed for a business purpose, we enter into contracts requiring recipients to keep such information confidential and to use it solely for the specified purpose.

We do not sell personal information and do not share personal information for cross-context behavioural advertising.

Data Retention

We retain personal information only for as long as reasonably necessary to fulfil the purposes for which it was collected, including providing services, meeting legal or accounting requirements, resolving disputes, and enforcing agreements. Retention periods vary depending on the category of information and the nature of the relationship.

Your California Privacy Rights

Subject to certain exceptions, California consumers have the following rights under the CCPA/CPRA:

  • Right to Know / Access information about the categories and specific pieces of personal information collected, used, disclosed, or shared
  • Right to Delete personal information collected from you
  • Right to Correct inaccurate personal information
  • Right to Limit the Use and Disclosure of Sensitive Personal Information, where applicable
  • Right to Opt Out of the Sale or Sharing of Personal Information (we do not sell or share personal information)
  • Right to Non-Discrimination for exercising your privacy rights

We honour valid Global Privacy Control (GPC) signals as required by California law.

Exercising Your Rights

To exercise your privacy rights, submit a verifiable consumer request by emailing [email protected]. Only you or an authorised agent may submit a request on your behalf. Requests must provide sufficient information to allow us to verify your identity and understand your request. We will use information provided in a request solely for verification purposes.

You may submit up to two access or data portability requests within a twelve (12) month period.

Response Timing and Format

We will respond to verifiable consumer requests within forty-five (45) days of receipt, unless an extension is required, in which case we will notify you. Disclosures will cover the twelve (12) months preceding the request. Responses will be provided in a readily usable format where required.

Other California Privacy Rights

California’s “Shine the Light” law (Cal. Civ. Code § 1798.83) permits California residents to request certain information regarding disclosures of personal information for direct marketing purposes. Requests may be submitted to [email protected].

Changes to This Notice

We reserve the right to amend this Notice at any time. When updates are made, we will post the revised Notice on our websites and update the effective date. Continued use of our services following such changes constitutes acceptance of the updated Notice.