Privacy Policy

Last updated: February 17, 2026

1. Who We Are (Data Controller)

This Privacy Policy explains how we collect, use, share, and protect personal data when you use our B2C transfer booking platform (the "Platform") operated by AirPorter Travel Kft. (the "Company", "we", "us").

• Company name: AirPorter Travel Kft.
• Brand names used: TourIAm, AirPorter Travel
• Company registry number: Cg. 13-09-208959
• Registered address: 2161 Csomád, Kossuth Lajos út 47., Hungary
• VAT No.: HU28841683
• Email: info@airporter.hu
• Phone: +36 70 701 5144
• WhatsApp: +36 30 365 4658

2. Business Model Context

We operate a B2C airport/city transfer booking platform. Our role is an intermediary: we arrange transport between customers and drivers. We are not a public social network and we do not offer customer accounts. Customers book as guests without registration. Internal accounts may exist only for drivers, dispatchers, and admins.

3. What Personal Data We Collect

3.1 Data you provide during booking

When you place a booking, we may collect:

• Full name (required)
• Email address (required)
• Phone number (required)
• Pick-up address (required)
• Destination address (required)
• Date and time (required)
• Number of passengers (required)
• Number of luggage items (required)
• Child seats needed (optional)
• Flight number (optional, for airport pick-ups)
• Notes / special requests (optional)

3.2 Payment data

Payments are processed by Stripe. We do not store your full card details. We may store payment-related identifiers and transaction details needed for verification, refunds, accounting, and dispute handling, such as:

• Stripe session ID
• Stripe payment intent ID
• Transaction amount

3.3 Automatically collected data

• Browser language (from your browser settings) to display the default UI language.
• Consent preferences (your cookie/local storage choices) for compliance and to apply your selections.
• IP address: may be collected by analytics and advertising tools (Google Analytics, Google Ads) when you grant the relevant consent. Google may anonymize or truncate IP addresses depending on configuration.
• Device and browser identifiers: cookies and similar identifiers set by Google Analytics (_ga, _gid) and/or Google Ads (_gcl_au) are stored on your device only after you grant Analytics and/or Marketing consent respectively via our cookie banner.

3.4 Internal users (drivers, staff) — not public

For internal accounts only (drivers/dispatchers/admins), we may process identifiers and contact details needed for access control and operations, such as name, email, phone, authentication identifiers, and operational fields (e.g., license plate) where applicable.

4. How We Use Your Data

We use personal data for the following purposes:

• Booking execution: to create and manage your booking and ensure service delivery.
• Operational communication: to send confirmations and contact you regarding pick-up coordination (email/phone/WhatsApp/SMS where needed).
• Driver coordination: to share the necessary booking details with the assigned driver/service provider.
• Payment processing and accounting: to verify payment, handle refunds, and maintain financial records.
• Price and route calculation: to calculate distance-based pricing and route feasibility using mapping services.
• Support and complaint handling: to respond to inquiries and investigate issues.
• Security and abuse prevention: to protect the Platform, prevent fraud, and maintain system integrity.
• Website analytics (consent-based): to understand how visitors interact with the Platform, measure performance, and improve the user experience — only when Analytics consent is granted.
• Advertising measurement (consent-based): to measure the effectiveness of our advertising campaigns and track conversions — only when Marketing consent is granted. This includes sharing limited, non-financial event data (e.g., purchase confirmation, value, currency) with Meta (Facebook/Instagram) via the Meta Pixel and Conversions API (CAPI) for ad measurement and optimization. Where applicable, hashed identifiers (such as email address or phone number) may be transmitted server-side for improved matching accuracy; we never send payment card data to Meta.
• Optional follow-ups (opt-in only): to send review requests or non-essential communications if you explicitly opt in.

5. Legal Bases for Processing (GDPR Article 6)

We process your data based on the following legal bases:

• Contract performance (Art. 6(1)(b)): booking execution, driver coordination, confirmations, payment processing, route/price calculation.
• Consent (Art. 6(1)(a)): analytics cookies and website measurement (Google Analytics); advertising/conversion measurement (Google Ads); non-essential cookies/local storage (e.g., functional preference storage); and optional opt-in follow-ups. You may withdraw consent at any time via the Cookie Settings in the footer.
• Legitimate interests (Art. 6(1)(f)): internal operations, customer support, complaint handling, fraud prevention, and legal claims defense.
• Legal obligation (Art. 6(1)(c)): accounting and tax compliance where required by applicable law.

6. Who We Share Data With

We share personal data only to the extent necessary to operate the Platform and deliver the booked service. We do not sell personal data.

6.1 Drivers / service providers

To execute your booking, we share relevant details with the assigned driver/service provider, such as: name, phone number, pick-up and destination, booking time, and (if provided) flight number and special notes.

6.2 Stripe (payment processing)

Stripe processes payments and may receive customer identifiers (such as email) and payment details. Card data is handled by Stripe. We store only limited payment identifiers (e.g., session/payment intent IDs) needed for reconciliation and refunds.

6.3 Mapping services (Google Maps / Places)

For address autocomplete and distance/route calculation, the Platform may send address/location inputs and related route information to mapping services. These services may also load scripts that can set cookies or similar identifiers depending on your device and configuration.

6.4 Resend (transactional email delivery)

We use an email delivery provider to send booking confirmations and operational emails. This may involve sharing your email address and booking details required to generate the message content.

6.5 Google Calendar (internal scheduling)

For internal operational scheduling, booking details may be reflected in internal calendars used by our staff and operations. This is not a customer-facing feature and is used to coordinate service delivery.

6.6 Supabase / hosting infrastructure

We use cloud infrastructure for database hosting, backend functions, and access control. Your booking data and operational records are stored in our managed cloud database.

6.7 Google (Tag Manager + Analytics 4)

We use Google Tag Manager (GTM) to manage tracking tags on the Platform, and Google Analytics 4 (GA4) to collect anonymized website usage statistics. GTM loads for all visitors as part of our Consent Mode v2 integration (see Section 7.3), but analytics data collection (cookies, identifiers, event data) is activated only after you grant Analytics consent via our cookie banner. Data processed by Google may include: page views, click events, session duration, device/browser type, approximate location (derived from IP), and conversion events. Google processes this data as a data processor under our instructions and in accordance with Google's data processing terms.

6.8 Google Ads (conversion tracking)

If Marketing consent is granted, we may use Google Ads conversion tracking to measure the effectiveness of our advertising campaigns. This involves Google setting cookies (such as _gcl_au) and collecting conversion event data (e.g., completed bookings). No advertising cookies or identifiers are set or transmitted without your explicit Marketing consent. Google processes this data in accordance with its data processing terms.

7. Cookies and Similar Technologies

We use cookies and local storage to operate the Platform and to remember your choices. A cookie banner is shown on first visit, allowing you to accept, reject, or customize non-essential categories. You can change your preferences at any time via Cookie Settings in the footer.

7.1 What we store locally (localStorage)

• cookie_consent (Necessary): stores your consent choices (persistent).
• lang (Functional): remembers your language preference (persistent) and is stored only if you allow functional storage.

7.2 Third-party cookies that may be set

• Stripe (Necessary): may set cookies during the checkout process to enable secure payment processing.
• Google Maps (Functional/Necessary): may set cookies when map scripts load to provide mapping/autocomplete functionality.

7.3 Analytics and marketing cookies (Consent Mode v2)

We use Google Consent Mode v2 (Advanced) to manage analytics and advertising tags. This works as follows:

• Google Tag Manager loads for all visitors. On first load, all storage categories (analytics_storage, ad_storage, ad_user_data, ad_personalization, functionality_storage) are set to "denied" by default.
• When you interact with our cookie banner and grant consent for specific categories, the consent state is updated dynamically to "granted" for the relevant categories.
• Analytics cookies (such as _ga, _gid set by Google Analytics 4) are only activated after you grant Analytics consent.
• Advertising/marketing cookies (such as _gcl_au set by Google Ads) are only activated after you grant Marketing consent.
• If you do not grant consent, or if you reject all non-essential cookies, no analytics or marketing cookies are set, and no personally identifiable data is collected for these purposes.

For more details on which cookies are used and their purposes, see our Cookie Policy.

8. International Data Transfers

Some of our service providers may process data outside the European Economic Area (EEA), depending on their infrastructure and configuration. Where international transfers occur, we rely on appropriate safeguards as required by GDPR, such as standard contractual clauses and/or applicable adequacy mechanisms where available. If you want more details about specific safeguards for a given provider, contact us at info@airporter.hu.

9. Data Retention

We retain personal data only as long as necessary for the purposes described in this Policy, including legal and accounting requirements. Our standard retention periods are:

• Booking records (including customer contact details linked to the booking): 5 years.
• Payment references and accounting records linked to bookings: up to 5 years (or longer if required by law in specific cases).
• Consent records (cookie preference history): up to 3 years from the last update (for accountability).
• Analytics data: retained by Google according to our GA4 data retention settings (default: 14 months).
• Complaint and dispute records: for the duration of the case and then retained as necessary to defend legal claims.

If you request deletion, we will comply where possible, but we may need to retain certain data to meet legal obligations or to establish, exercise, or defend legal claims.

10. Your Rights (GDPR)

Depending on your location and applicable law, you may have the right to:

• Access your personal data
• Rectify inaccurate or incomplete data
• Erase your data ("right to be forgotten"), subject to legal limitations
• Restrict processing in certain cases
• Data portability (receive your data in a machine-readable format)
• Object to processing based on legitimate interests
• Withdraw consent at any time for consent-based processing (e.g., analytics cookies, functional storage, optional follow-ups)
• Lodge a complaint with a supervisory authority

To exercise your rights, contact us at info@airporter.hu.

10.1 Supervisory authority (Hungary)

If you are in Hungary or your concern relates to Hungarian processing, you can lodge a complaint with:

• Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)
• Address: 1055 Budapest, Falk Miksa utca 9-11.
• Phone: +36 1 391 1400
• Email: ugyfelszolgalat@naih.hu
• Website: https://naih.hu

11. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

• Access controls: role-based access and authenticated internal users only.
• Database protections: row-level security policies and separation of privileged service roles.
• Secure communications: HTTPS encryption for traffic in transit.
• Payment security: PCI DSS-compliant processing via Stripe; we do not store full card details.
• Authentication security: secure password hashing and session controls for internal accounts.

12. Children's Privacy

Our service is not directed at children under 16, and we do not intentionally collect personal data from children. Bookings should be placed by adults (e.g., a parent/guardian) when minors are traveling.

13. Automated Decision-Making

We use limited automation to operate the Platform:

• Price calculation: automated route-based calculation (no profiling or advertising targeting).
• Booking confirmation: automatic confirmation after successful payment.

We do not use automated decision-making that produces legal effects or similarly significant effects on individuals through profiling.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be published on the Platform with a revised "Last updated" date. If changes are material, we may also provide additional notice where appropriate.

15. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at: info@airporter.hu.