At SummitX Adventures, we understand that booking an outdoor adventure requires sharing sensitive personal information, from passport details to emergency medical records. We are committed to protecting your data with industry-leading security measures.
Zero Breaches Since 2018
Our security infrastructure has maintained a 100% uptime with zero unauthorized data incidents over the past six years.
How We Protect Your Data
We employ a multi-layered security approach to ensure your information remains confidential, integrity-protected, and available only to authorized personnel.
End-to-End Encryption
All data in transit is encrypted using TLS 1.3. Sensitive data at rest is encrypted using AES-256 standards.
Regular Security Audits
We conduct quarterly penetration testing and annual third-party security audits to identify and remediate vulnerabilities.
Strict Access Controls
Employee access to customer data is role-based and limited. Multi-factor authentication (MFA) is mandatory for all staff.
Secure Cloud Infrastructure
Data is hosted on AWS SOC 2 Type II compliant infrastructure with redundant backups and geo-redundancy.
Data Minimization
We only collect data absolutely necessary for your trip. Unnecessary data is never stored or processed.
Incident Response Plan
We maintain a 24/7 incident response team ready to act within 1 hour of any detected security anomaly.
Emergency Medical Data Handling
For high-altitude and remote expeditions, we require detailed medical information to ensure your safety. This data is handled with the highest level of care:
- Isolated Storage: Medical records are stored in a separate, encrypted database with enhanced access controls.
- Need-to-Know Access: Only your assigned guide and the safety officer can access your medical data during the trip.
- Auto-Deletion: Medical data is permanently purged 12 months after trip completion unless you opt for retention.
- Offline Security: For remote areas without connectivity, guides use encrypted mobile devices with remote wipe capabilities.
Why We Need Medical Data
Altitude sickness, allergic reactions, and pre-existing conditions require immediate, informed response. Your medical data could save your life in a remote environment.
What Data We Collect
We are transparent about the data we collect and why. Below is a summary of data categories:
| Data Type | Purpose | Retention |
|---|---|---|
| Identity & Passport | Visas, insurance, customs | 2 years |
| Payment Information | Booking & transactions | Not stored (PCI DSS) |
| Medical Records | Emergency response | 12 months (opt-in 5y) |
| GPS & Location | Live tracking & safety | 30 days |
| Communication Logs | Support & coordination | 1 year |
Your Rights & Control
You have full control over your personal data. Under GDPR, CCPA, and applicable international laws, you may:
Request a copy of all data we hold about you.
Update inaccurate or outdated information.
Request erasure of your data where legally permissible.
Export your data in a machine-readable format.
Legal Retention Notice
We are required by law to retain financial and booking records for up to 7 years. Deletion requests for this data will be honored within legal constraints.
Third-Party Partners
We work with trusted third-party service providers to deliver your adventure. All partners undergo rigorous security vetting and are bound by strict data processing agreements:
- Payment Processor: Stripe (PCI DSS Level 1 certified)
- Cloud Hosting: Amazon Web Services (SOC 2, ISO 27001)
- Insurance Provider: World Nomads (GDPR compliant)
- Communication: SatPhone Services (encrypted channels)
๐ง Have Security Questions?
Our Data Protection Officer is available to answer any questions about how we handle your information.