Skip to main content

Privacy Policy

Last updated: March 2026

HajjPath ("we", "our", or "us") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the HajjPath platform, including our web application, APIs, and related services (collectively, the "Service"). Please read this policy carefully. By accessing or using the Service, you agree to the terms of this Privacy Policy.

Information We Collect

Personal Data

When you register for an account or use the Service, we may collect the following personal information:

  • Full name, email address, phone number, and job title
  • Organization name, role, and country of operation
  • Billing and payment information (processed securely by our payment partners)

Pilgrim Records

If you are a Hajj authority or tour operator using HajjPath, you may input pilgrim data into the platform. This data may include:

  • Pilgrim names, passport numbers, and national identification details
  • Travel itineraries, flight manifests, and accommodation assignments
  • Medical records and vaccination status (where required by regulatory authorities)
  • Emergency contact information

You, as the data controller, are responsible for ensuring you have the lawful basis to collect and process pilgrim data. HajjPath acts as a data processor on your behalf.

Usage Data

We automatically collect certain information when you interact with the Service:

  • IP address, browser type, device information, and operating system
  • Pages visited, features used, and time spent on the platform
  • Referral source and search terms used to find HajjPath
  • Error logs and performance metrics

How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery

  • Providing, maintaining, and improving the HajjPath platform
  • Processing transactions and sending related notices
  • Managing user accounts and providing customer support
  • Enabling multi-tenant functionality for Hajj authorities and operators

Compliance & Legal Obligations

  • Meeting regulatory requirements of Hajj management authorities
  • Generating reports required by government bodies
  • Fulfilling our obligations under GDPR and other applicable data protection laws

Analytics & Improvement

  • Understanding how users interact with the platform to improve functionality
  • Conducting anonymized, aggregated analytics to guide product development
  • Monitoring platform performance and detecting security threats

Data Sharing & Third Parties

We do not sell, rent, or trade your personal data to third parties. We may share information only in the following circumstances:

  • Government Authorities: Where required by law or to fulfil Hajj regulatory obligations, we may share data with relevant government bodies (e.g., national Hajj commissions, immigration authorities, Saudi Arabian Hajj authorities).
  • Payment Processors: We share billing information with PCI-DSS-compliant payment processors to handle subscription payments and refunds. We do not store full credit card numbers on our servers.
  • Infrastructure Providers: We use trusted cloud hosting and infrastructure partners to operate the Service. These providers are bound by data processing agreements.
  • Legal Requirements: We may disclose information if required to do so by law, court order, or in response to a valid legal request from a government authority.

Data Storage & Security

We take the security of your data seriously and implement industry-standard measures:

  • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256 encryption)
  • Our infrastructure is hosted in a cloud environment aligned with GDPR and most national data protection regulations
  • We perform regular security audits, penetration testing, and vulnerability assessments
  • Access to personal data is restricted to authorized personnel on a need-to-know basis
  • We maintain comprehensive access logs and monitoring systems
  • Automated backups are performed daily with encrypted off-site storage

While we employ robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any breaches in accordance with applicable laws.

International Data Transfers

HajjPath supports Hajj organizations working across multiple jurisdictions. Your data may be transferred to and processed in countries outside your country of residence, including locations where our cloud infrastructure providers maintain their data centres.

When data is transferred internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by relevant data protection authorities
  • Data processing agreements with all sub-processors
  • Adequacy assessments for recipient jurisdictions where applicable

Your Rights

Depending on your location, you may have certain rights under the General Data Protection Regulation (GDPR) and other applicable privacy legislation. These rights include:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
  • Right to Object: Object to the processing of your data for specific purposes, including direct marketing.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or sooner if required by applicable law).

Cookies & Tracking

HajjPath uses cookies and similar tracking technologies for the following purposes:

  • Essential Cookies: Required for the platform to function correctly (e.g., session management, authentication).
  • Analytics Cookies: Help us understand how users interact with the Service so we can improve the experience.
  • Preference Cookies: Store your settings and preferences (e.g., language, timezone).

You can manage your cookie preferences through the cookie consent banner displayed when you first visit our site. Most browsers also allow you to control cookies through their settings. Note that disabling essential cookies may impair the functionality of the Service.

Children's Privacy

HajjPath is a business-to-business (B2B) platform designed for use by Hajj authorities, tour operators, and their authorized personnel. The marketing site and account experience are not directed at children. In some customer workflows, the Service may process records relating to minors when customers lawfully manage pilgrim travel. In those cases, the customer remains responsible for establishing a lawful basis, providing any required notices, and handling the data in line with applicable law.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we may also send a notification to your registered email address.

We encourage you to review this page periodically to stay informed about how we protect your data.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.