Privacy Policy

Last updated: March 31, 2026  •  Effective date: March 31, 2026

1. Introduction

Capusc is committed to protecting your personal data. This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and what rights you have in relation to it. It applies to all users of the Capusc website at capusc.com and related services (the "Service").

Please read this Policy carefully. By using the Service you acknowledge that you have read and understood this Policy. If you do not agree, please discontinue use of the Service.

2. Data Controller

The data controller responsible for your personal data is Capusc. For all privacy-related enquiries, please contact our Privacy team at:

Email:[email protected]

3. Data We Collect

We may collect and process the following categories of personal data:

  • Account information: name, email address, phone number, password (stored as a cryptographic hash), and preferred language or currency.
  • Booking details: passenger names, travel documents (passport or ID number, nationality, date of birth), itinerary details, and booking reference numbers.
  • Payment information: billing address and the last four digits of your card number. Full payment card details are processed directly by our PCI-DSS-certified payment processor; we do not store complete card numbers on our systems.
  • Usage data: IP address, browser type, operating system, pages visited, search queries, click-stream data, and session duration, collected automatically when you use the Service.
  • Cookies and similar technologies: see Section 9 (Cookies) below.
  • Communications: messages you send to our support team, feedback, or survey responses.

4. Legal Basis for Processing (GDPR Art. 6)

Where the General Data Protection Regulation (GDPR) applies, we process your personal data under the following legal bases:

  • Contract (Art. 6(1)(b)): Processing is necessary to fulfil a booking or to take steps at your request before entering into a booking contract.
  • Legitimate interests (Art. 6(1)(f)): We process usage data and conduct analytics to improve the Service, prevent fraud, and ensure security, where our interests are not overridden by your rights.
  • Consent (Art. 6(1)(a)): We rely on your consent for non-essential cookies and direct marketing communications. You may withdraw consent at any time.
  • Legal obligation (Art. 6(1)(c)): We process data where required by applicable law, such as financial record-keeping or fraud prevention obligations.

5. How We Use Your Data

We use your personal data for the following purposes:

  • Processing and managing your bookings and issuing booking confirmations.
  • Creating and managing your account.
  • Sending transactional communications (booking confirmations, reminders, itinerary changes).
  • Providing customer support and responding to your enquiries.
  • Improving the Service through analytics and user research (using aggregated or pseudonymised data where possible).
  • Detecting and preventing fraud, abuse, and other unlawful activity.
  • Complying with legal and regulatory obligations.
  • Sending marketing communications where you have opted in to receive them.

6. Data Sharing

We share your personal data only as described below:

  • Transport Providers: We share your name, travel document details, and contact information with the relevant Provider to fulfil your booking.
  • Payment processors: We share billing information with our payment processor to complete your transaction.
  • Service providers: We engage trusted third-party companies (e.g., cloud hosting, email delivery, analytics) that process data on our behalf under appropriate data processing agreements.
  • Legal authorities: We may disclose data when required by law, court order, or to protect the rights, property, or safety of Capusc, our users, or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same protections as this Policy.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: retained for the duration of your account and deleted within 30 days of account closure, unless a longer retention period is required by law.
  • Booking records: retained for 5 years from the date of travel to comply with financial and tax regulations.
  • Usage and analytics data: retained for up to 24 months in pseudonymised form.
  • Support communications: retained for 2 years after the matter is resolved.

8. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: request correction of inaccurate or incomplete data.
  • Erasure: request deletion of your data where we no longer have a lawful basis to retain it ("right to be forgotten").
  • Data portability: receive your data in a structured, machine-readable format and transmit it to another controller.
  • Restriction: request that we restrict processing of your data in certain circumstances.
  • Objection: object to processing based on legitimate interests or for direct marketing purposes.
  • Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

9. Cookies

We use cookies and similar tracking technologies to operate and improve the Service. Cookies fall into the following categories:

  • Necessary cookies: essential for the Service to function (e.g., session management, security tokens). These cannot be disabled.
  • Analytics cookies: help us understand how visitors use the Service so we can improve it (e.g., page popularity, error rates). Enabled only with your consent.
  • Marketing cookies: used to deliver personalised advertising and measure its effectiveness. Enabled only with your consent.

You can manage your cookie preferences at any time using the cookie settings link in the footer of our website.

10. California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: you may request details about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: you may request deletion of your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: we do not sell your personal information. No opt-out is therefore necessary, but you may submit a request to confirm this at [email protected].
  • Right to Non-Discrimination: we will not discriminate against you for exercising any of your CCPA rights.

To submit a CCPA request, please contact us at [email protected] with the subject line "CCPA Request." We will verify your identity before processing the request.

11. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not provide the same level of data protection as your home jurisdiction. Where such transfers occur, we implement appropriate safeguards, such as the European Commission's Standard Contractual Clauses (SCCs) or other approved transfer mechanisms, to ensure that your data remains protected in accordance with this Policy and applicable law.

12. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit using TLS (HTTPS).
  • Encryption of sensitive data at rest.
  • Role-based access controls limiting data access to authorised personnel only.
  • Regular security assessments and penetration testing.

No method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but will notify you and relevant authorities of any data breach as required by law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes we will make reasonable efforts to notify registered users (e.g., via email or an in-app notice). We encourage you to review this Policy periodically. Continued use of the Service after changes become effective constitutes your acceptance of the revised Policy.

14. Contact

For any questions, requests, or concerns about this Privacy Policy or our data practices, please contact us at:
Email:[email protected]