What we collect, why we collect it, who else sees it, and how to ask us to forget. Plain language, no dark patterns.
We collect only what we need to plan your trip and run the site:
To plan and deliver your trip. To improve our suggestions. To send you the Journal if you’ve opted in. To meet our legal and regulatory obligations as a licensed tour operator in the Republic of Maldives.
We do not sell your data. We do not share it with advertisers. We do not build behavioural profiles for marketing purposes.
To deliver your trip, we share necessary details with the properties you’re staying at, the transfer providers, and our internal team. Each receives only what they need.
We use a small number of third-party services to run the site: a payment processor (PCI-compliant), an email provider, a hosting provider, and a basic analytics tool. None of these have permission to use your data for their own purposes.
Account data is kept for as long as your account is active. Booking records are retained for seven years as required by Maldivian tax and tourism regulations. Inquiry-only data (no booking) is deleted after two years. You can ask us to delete your data at any time — see § VI.
Our servers are based in Singapore. We use AES-256 encryption at rest and TLS 1.3 in transit. We do not store cardholder data.
You can ask us to:
Write to privacy@undertropics.com. We’ll respond within 30 days.
We use a small set of essential cookies (sign-in session, basic preferences) and one analytics cookie. No advertising cookies, no third-party tracking cookies. You can decline analytics at first visit and at any time afterwards.
The site is not intended for children under 16. We don’t knowingly collect data from children; if you believe we have, please tell us.
We may update this policy from time to time. The current version is always linked in the footer. Material changes will be notified by email.
Effective 01 January MMXXV · v. 2.0