Privacy Policy

Effective Date: January 1, 2026
Last Updated: January 3, 2026

At BusTicket, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform.

1. Information We Collect

1.1 Personal Information You Provide

Account Registration:

• Full name
• Email address
• Password (encrypted and hashed)
• Phone number (optional)
• Profile picture (optional)

Booking Information:

• Passenger names and ages
• Gender information
• Contact details (email and phone)
• ID document numbers (optional)
• Seat preferences

Payment Information:

• Payment method details (processed by secure payment gateways)
• Billing information
• Transaction history

Review & Feedback:

• Review text and ratings
• Uploaded photos
• Helpfulness votes

Communication:

• Support inquiries
• Email correspondence
• Notification preferences

1.2 Information Collected Automatically

Usage Data:

• Pages visited and features used
• Time spent on platform
• Search queries and preferences
• Booking patterns
• Device information (browser, OS, device type)

Technical Data:

• IP address
• Browser type and version
• Time zone and locale
• Cookies and tracking technologies
• Session information

Location Data:

• Approximate location based on IP address
• GPS data (if you enable location services)

1.3 OAuth Social Login Data

When you sign in with Google:

• Profile information (name, email, profile picture)
• OAuth provider ID
• Connection timestamp

We do not access your social media password or private content.

1.4 Third-Party Data

Bus Operators:

• Trip completion status
• Boarding confirmations
• Service feedback

Payment Gateways (PayOS, MoMo, ZaloPay):

• Transaction confirmations
• Payment status
• Refund information

2. How We Use Your Information

2.1 Service Delivery

• Process bookings and payments
• Send booking confirmations and tickets
• Manage seat reservations and locks
• Facilitate communication with bus operators
• Process refunds and cancellations

2.2 Communication

Transactional Emails:

• Booking confirmations
• Payment receipts
• Trip reminders (24 hours and 2 hours before departure)
• Trip updates or changes
• Cancellation confirmations

SMS Notifications:

• Booking confirmations
• Critical trip updates
• Emergency notifications

Promotional Communications (opt-in):

• Special offers and promotions
• New route announcements
• Newsletter subscriptions

2.3 Platform Improvement

• Analyze usage patterns and trends
• Improve search and booking experience
• Develop new features
• Optimize performance and reliability
• Conduct A/B testing

2.4 Security & Fraud Prevention

• Detect and prevent fraudulent activities
• Monitor for suspicious behavior
• Implement account lockout mechanisms
• Audit logs for security incidents
• Verify user identity

2.5 Legal Compliance

• Comply with legal obligations
• Respond to legal requests
• Enforce our Terms of Service
• Protect our rights and property
• Resolve disputes

2.6 Analytics & Insights

• Popular routes and destinations
• Booking trends and seasonality
• User demographics (aggregated)
• Revenue analytics
• Operator performance metrics

3. Data Sharing & Disclosure

3.1 With Bus Operators

We share necessary information with operators:

• Passenger names and contact details
• Seat numbers and booking references
• Special requirements or requests
• Payment confirmation status

3.2 With Payment Processors

Payment information is shared with:

• PayOS
• Credit card processors
• E-wallet providers (MoMo, ZaloPay)

Note: Payment processors have their own privacy policies. We do not store complete credit card information.

3.3 With Service Providers

We work with trusted service providers:

• Cloud hosting (AWS, Google Cloud)
• Email delivery (SMTP services)
• SMS gateways
• Analytics platforms
• Customer support tools

These providers are contractually obligated to protect your data.

3.4 For Legal Reasons

We may disclose information when required to:

• Comply with legal obligations
• Respond to lawful requests from authorities
• Protect our rights and safety
• Prevent fraud or illegal activities
• Enforce our Terms of Service

3.5 Business Transfers

In case of merger, acquisition, or sale:

• Your information may be transferred to the new entity
• You will be notified of any such change
• Privacy protections will continue to apply

3.6 With Your Consent

We may share information for other purposes with your explicit consent.

4. Data Security

4.1 Technical Safeguards

Encryption:

• SSL/TLS for data in transit
• Bcrypt password hashing (salt rounds: 10)
• Encrypted database fields for sensitive data

Authentication & Access Control:

• JWT tokens (30-minute access, 30-day refresh)
• OAuth2 for social login
• Role-based access control (RBAC)
• Account lockout after 5 failed attempts

Infrastructure Security:

• Secure server configuration
• Regular security patches
• Firewall protection
• DDoS mitigation
• Intrusion detection systems

Data Protection:

• Database backups
• Audit logging
• Session management
• CSRF protection
• SQL injection prevention

4.2 Organizational Safeguards

• Employee training on data protection
• Limited access to personal data
• Non-disclosure agreements
• Regular security audits
• Incident response procedures

4.3 Third-Party Security

• Vetting of all service providers
• Contractual security requirements
• Regular vendor assessments
• Compliance verification

5. Data Retention

5.1 Retention Periods

Account Data:

• Retained while account is active
• 90 days after account deletion request

Booking Data:

• Retained for 7 years (legal requirement)
• Archived after trip completion

Payment Data:

• Transaction records: 7 years
• Payment details: Not stored (handled by processors)

Communication Logs:

• Support inquiries: 2 years
• Marketing communications: Until opt-out

Usage Analytics:

• Aggregated data: Indefinitely
• Individual session data: 90 days

5.2 Data Deletion

You can request data deletion by:

1. Deleting your account in settings
2. Contacting support at talenthive.website@gmail.com

Note: Some data may be retained for legal or security purposes.

6. Your Rights & Choices

6.1 Access & Portability

You have the right to:

• Access your personal data
• Request a copy of your data
• Export booking history
• Download account information

6.2 Correction & Update

You can:

• Update profile information in account settings
• Correct inaccurate data
• Request assistance from support

6.3 Deletion

You can:

• Delete your account
• Request data deletion
• Remove specific information (where applicable)

Note: Some information must be retained for legal compliance.

6.4 Opt-Out Rights

Marketing Communications:

• Unsubscribe from promotional emails (link in email footer)
• Opt out of SMS marketing
• Adjust preferences in account settings

Cookies:

• Adjust browser settings to block cookies
• Use cookie consent manager

Location Tracking:

• Disable location services in device settings

6.5 Complaint Rights

You have the right to:

• File a complaint with data protection authorities
• Contact us with privacy concerns
• Request investigation of privacy violations

7. Cookies & Tracking

7.1 Types of Cookies

Essential Cookies:

• Authentication (JWT tokens)
• Session management
• Security features

Functional Cookies:

• Language preferences
• User preferences
• Shopping cart state

Analytics Cookies:

• Usage statistics
• Performance monitoring
• User behavior analysis

Marketing Cookies (opt-in):

• Personalized advertising
• Retargeting campaigns
• Conversion tracking

7.2 Cookie Management

You can manage cookies through:

• Browser settings
• Our cookie consent manager
• Opt-out links for specific services

Note: Disabling essential cookies may affect platform functionality.

7.3 Third-Party Cookies

We may use third-party services that set their own cookies:

• Google Analytics
• Payment processors
• Social media plugins

Refer to their privacy policies for details.

8. Children's Privacy

BusTicket is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Your data may be transferred to and processed in countries outside Vietnam. We ensure adequate protection through:

• Standard contractual clauses
• Privacy Shield frameworks (where applicable)
• Service provider compliance with data protection laws

10. Notification Preferences

10.1 Email Notifications

Always Sent (cannot opt-out):

• Booking confirmations
• Payment receipts
• Trip reminders
• Critical updates
• Security alerts

Optional (can opt-out):

• Promotional offers
• Newsletter
• New features
• Partner promotions

10.2 SMS Notifications

Configure SMS preferences in account settings:

• Booking confirmations
• Trip reminders
• Emergency notifications

10.3 Push Notifications

If you enable browser push notifications:

• Real-time booking updates
• Trip reminders
• Special offers

Disable anytime through browser settings.

11. User Statistics & Analytics

11.1 Personal Statistics

We track your:

• Total bookings
• Completed trips
• Cancelled bookings
• Total amount spent

This helps provide personalized recommendations and loyalty benefits.

11.2 Aggregated Analytics

We analyze aggregated data for:

• Popular routes
• Booking trends
• Revenue analytics
• Platform performance

Aggregated data does not identify individuals.

12. Review & Rating Privacy

12.1 Public Reviews

When you submit a review:

• Your name and profile picture are visible (if registered user)
• Review content is public
• Operator responses are public
• Helpful votes are anonymized

12.2 Review Moderation

We may:

• Remove inappropriate reviews
• Verify review authenticity
• Hide offensive content
• Respond to review reports

13. Security Breach Notification

In the event of a data breach:

• We will notify affected users within 72 hours
• Notification via email and platform alert
• Details of the breach and affected data
• Steps we're taking to address it
• Recommended actions for users

14. Changes to Privacy Policy

14.1 Policy Updates

We may update this Privacy Policy:

• Changes posted on this page
• "Last Updated" date reflects changes
• Significant changes communicated via email
• Continued use implies acceptance

14.2 Review Responsibility

Please review this policy periodically for updates.

15. Contact Us

For privacy-related questions or requests:

Privacy Officer
Email: talenthive.website@gmail.com
Phone: 0762685089
Address: Ho Chi Minh City, Vietnam

Response Time: Within 5 business days

15.1 Data Subject Requests

To exercise your rights:

1. Email us with your request
2. Provide account verification information
3. Specify the nature of your request
4. We'll respond within 30 days

15.2 Privacy Concerns

If you have privacy concerns:

1. Contact us at talenthive.website@gmail.com
2. Provide detailed description
3. Include relevant documentation
4. We'll investigate and respond promptly

16. Legal Basis for Processing

We process your data based on:

• Contractual Necessity: To fulfill booking services
• Consent: For marketing communications and optional features
• Legitimate Interest: For platform improvement and security
• Legal Obligation: For compliance with laws

17. Data Protection Officer

For serious privacy concerns or complaints:

Data Protection Officer
Email: talenthive.website@gmail.com
Response within 10 business days

18. Compliance

We comply with:

• Vietnam's Personal Data Protection regulations
• Industry best practices
• PCI DSS for payment security
• ISO 27001 standards (in progress)

Your privacy is important to us. We are committed to protecting your personal information and providing transparency about our data practices.

Last Updated: January 3, 2026

For questions or concerns, contact us at talenthive.website@gmail.com