Sub-processors

Frameworks

Encryption

Uptime

Safari Portal offers a Data Processing Agreement for customers that require one under GDPR, UK GDPR, or other applicable data protection laws.

Our DPA describes:

• the subject matter and duration of processing

• the categories of personal data and data subjects processed through Safari Portal

• Safari Portal’s obligations as processor

• customer obligations as controller

• technical and organizational security measures

• sub-processor authorization and notification

• international transfer safeguards

• data deletion, return, export, and retention

• personal data breach notification commitments

• assistance with data subject rights requests

Download our DPA or request a copy: privacy@safariportal.app

Safari Portal uses carefully selected third-party providers to host, secure, maintain, support, and operate the Services.

A sub-processor is a third party that processes customer personal data on Safari Portal’s behalf in connection with the Services. Safari Portal remains responsible for its sub-processors as required by our DPA and applicable data protection laws.

Safari Portal maintains a current list of authorized sub-processors below.

Customers may subscribe to receive notice of material changes to Safari Portal’s sub-processor list.

Safari Portal LLC is based in the United States. Depending on how a customer uses the Services, personal data may be processed in the United States or other countries where Safari Portal, its personnel, or its approved sub-processors operate.

Where personal data subject to GDPR, UK GDPR, Swiss data protection law, or other applicable data protection laws is transferred internationally, Safari Portal uses appropriate transfer safeguards where required. These may include:

• the European Commission Standard Contractual Clauses

• the UK Addendum to the EU Standard Contractual Clauses

• the UK International Data Transfer Agreement

• adequacy decisions or adequacy regulations

• valid Data Privacy Framework certifications, where applicable

• contractual, technical, and organizational supplementary measures

Safari Portal does not claim reliance on any transfer mechanism unless the relevant transfer is covered by that mechanism.

Safari Portal maintains administrative, technical, and organizational safeguards designed to protect the confidentiality, integrity, availability, and resilience of the Services and personal data.

These safeguards include:

• encryption in transit using HTTPS/TLS

• encryption at rest for applicable cloud storage and database services

• role-based access controls

• least-privilege access

• multi-factor authentication for administrative and cloud access

• unique user accounts for accountability

• access review and offboarding procedures

• cloud infrastructure monitoring and logging

• backup and disaster recovery practices

• secure software development practices

• confidentiality obligations for personnel and approved contractors

• vendor and sub-processor review

• incident escalation and breach notification procedures

Safari Portal is a remote-first company and relies on AWS and other approved providers for physical security of production hosting infrastructure.

Security & privacy contact: privacy@safariportal.app

Safari Portal may allow customers to enable third-party integrations, connectors, payment providers, insurance providers, automation tools, or other external services.

Where a customer chooses to enable or connect a third-party service, that provider may process personal data under its own terms, privacy policy, and data protection terms. Depending on the integration, the provider may act as:

• an independent controller

• a processor engaged by the customer

• a customer-enabled third-party provider

• a sub-processor, depending on configuration

Customers are responsible for reviewing and approving the third-party integrations they enable and ensuring their use complies with applicable law.

Examples of customer-enabled or customer-directed integrations may include payment providers, automation tools, Google services, insurance providers, supplier payment providers, and other services selected by the customer.

Safari Portal uses Amazon Web Services for primary cloud infrastructure, including hosting, database services, object storage, backups, monitoring, logging, and related infrastructure services.

Customer data may include account data, itinerary data, traveler and guest information, uploaded files, travel documents, media files, transaction records, system metadata, and logs.

Data residency commitment: Unless expressly agreed in writing, Safari Portal does not guarantee that customer personal data will remain exclusively within a specific country or region.

Customers may access, export, or retrieve personal data through available Safari Portal functionality or by contacting Safari Portal support.

Upon termination or expiration of the Services, Safari Portal will delete or return customer personal data in accordance with the applicable agreement, DPA, customer instructions, and legal requirements.

Some data may be retained for a limited period where required for legal, tax, accounting, billing, security, fraud prevention, backup, dispute resolution, or compliance purposes.

Backup data may remain in encrypted backups or disaster recovery systems until the applicable backup retention cycle expires

Deletion requests: privacy@safariportal.app

Safari Portal’s Privacy Policy explains how we collect, use, disclose, and protect personal data when we act as a controller and when we process customer personal data as a processor.

Safari Portal’s Terms of Service govern use of the Safari Portal platform.

Our Cookie Settings allow website visitors to manage non-essential cookies, including analytics and advertising cookies where applicable.