Privacy Policy

Tabi is operated by Kube Tech Pte. Ltd. (UEN: 202345103C), a company incorporated in Singapore. References to “Tabi”, “we”, “us”, or “our” in this policy refer to Kube Tech Pte. Ltd..

We take your privacy seriously. This policy explains what personal data we collect, why we collect it, how we use it, and your rights over it.

We collect the following categories of personal data:

• Account data — your name, email address, and phone number when you create an account or sign in.
• Travel data — itineraries, destinations, dates, and travel preferences you enter or save within the platform.
• Booking data — booking references, passenger details, and transaction records for purchases made through the platform.
• Usage data — pages visited, features used, session duration, device type, and browser type, collected to improve the service.
• Communications — messages you send to our support team.

We do not collect or store payment card details. Payment processing is handled entirely by regulated third-party processors.

We use your personal data to:

• Provide, operate, and improve the Tabi platform and services.
• Generate personalised travel itineraries based on your inputs.
• Process and manage travel bookings you make through the platform.
• Send booking confirmations, updates, and essential service communications.
• Respond to support requests and resolve issues.
• Detect and prevent fraud, abuse, and security incidents.
• Comply with legal obligations.

We do not sell your personal data to third parties. We do not use your data for targeted advertising.

We share personal data only where necessary to deliver the service:

• Service providers — we use third-party providers for hosting, authentication, payment processing, booking fulfilment, and operational monitoring. These providers process data on our behalf under strict contractual obligations and are not permitted to use your data for their own purposes.
• Travel suppliers — when you make a booking, relevant details (passenger name, contact information) are shared with the airline, hotel, or experience provider to fulfil the booking.
• Legal requirements — we may disclose data if required by law, court order, or to protect the rights and safety of our users.

Trip itineraries are generated using artificial intelligence. To produce personalised suggestions, details you provide — such as destination, travel dates, budget, and preferences — are processed by AI services. No data that directly identifies you (such as your name or email) is included in these requests.

AI-generated content is processed in accordance with the applicable terms of our AI service providers. We do not authorise the use of your travel inputs to train third-party AI models.

• Account and travel data — retained for as long as your account is active. If you delete your account, your data is deleted within 30 days, subject to legal hold obligations.
• Booking records — retained for 7 years for financial and legal compliance purposes.
• Usage and analytics data — retained for 13 months on a rolling basis.
• Support communications — retained for 2 years after ticket resolution.

We use strictly necessary cookies to maintain your session and keep you signed in. We also use functional cookies to remember your preferences. We do not use advertising or tracking cookies.

Performance and error data is collected to monitor platform reliability. This data is aggregated and does not identify individual users.

All data is encrypted in transit (TLS 1.2+) and at rest. Access to personal data is restricted to authorised personnel on a need-to-know basis. We conduct regular security reviews and maintain incident response procedures.

Despite our measures, no system is completely secure. If you believe your account has been compromised, contact us immediately at privacy@tabitour.com.

Under applicable data protection law, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Request deletion of your data (“right to be forgotten”).
• Object to or restrict certain processing.
• Receive a copy of your data in a portable format.
• Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, email us at privacy@tabitour.com. We will respond within 30 days.

Your data may be processed by our service providers in countries other than Singapore. Where data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent protections.

The Tabi platform is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

We may update this policy from time to time. If changes are material, we will notify you by email or by displaying a prominent notice in the platform before the changes take effect. The effective date at the top of this page indicates when the policy was last revised.

For privacy-related questions, requests, or complaints, contact our data protection team:

Singapore residents may also refer concerns to the Personal Data Protection Commission at pdpc.gov.sg.