Privacy Policy

How we handle personal data

Last updated: 2026-05-08. Operated by NZA Services Pte. Ltd., Singapore.

1. Who we are

NZA Services Pte. Ltd. runs TourRelay. Travel agencies use it to plan group trips and share information with their travellers. In this policy “we” and “us” mean NZA Services Pte. Ltd. “Customer” means the agency with an account.

2. Roles

For admin and group-leader accounts, we decide why and how we process personal data (we are the data controller). For traveller details the agency types into TourRelay, we process that data on the agency’s instructions (we are a data intermediary).

3. What we collect

  • Accounts. Email, name, and sign-in details for agency staff and group leaders.
  • Agency details. Name, country, and optional mobile for the business.
  • Trip content. Names, dates, places, itinerary lines, meeting points, leader contacts, and notes the agency adds.
  • Traveller fields. Name, phone, and optional extras (email, room, seat, meal, notes) as the agency enters them.
  • Updates and photos. Text and images posted to the trip feed.
  • Payments. References from our payment provider (for example transaction ids, amount, status). Card numbers stay with the payment provider. We never see full card details.
  • Logs. Basic server and error logs so we can keep the site running and fix bugs.

4. What we do not collect

We do not ask for passports, NRIC, FIN, or scans of ID. Please do not put that kind of data in TourRelay; we may remove or block it if we find it.

5. Public trip pages

Each trip has a long, hard-to-guess link. The agency shares it with travellers. That page shows trip information the agency publishes (such as name, destination, dates, meeting point, leader contact, itinerary, and updates). It is not a full traveller list with everyone’s private details.

6. How we use data

  • Run the product, fix problems, and keep accounts safe.
  • Take trip-credit payments and update the agency’s balance.
  • Answer support email.
  • Spot abuse or fraud.

7. Sub-processors

We use trusted service providers to run TourRelay, for example:

  • Infrastructure. Hosted database, file storage, and application backend.
  • Payments. Card processing and checkout (we never store full card numbers).
  • Hosting. Serving the web application.
  • Email. Transactional and support email where we use an email provider.
  • Error monitoring if enabled, so we can fix outages and bugs.
  • Product analytics if enabled, to understand usage in aggregate.

8. Retention

We keep trip and account data while the agency stays active. If you delete the account or ask us to delete data, we aim to finish within 30 days, except where the law says we must keep something (for example payment records).

9. Your rights (PDPA)

You can ask what we hold, ask us to fix mistakes, or withdraw consent where consent applies. Write to hello@tourrelay.app.

10. Changes

We will change this page when the policy changes. If the change matters, we will also email agency admins.