Your Privacy,
Protected by AES-128

Security Deep Dive

01 How AES-128 Encryption Protects Your Data

What is AES? The Advanced Encryption Standard (AES) is a symmetric block cipher adopted by the U.S. National Institute of Standards and Technology (NIST) in 2001 after a multi-year global competition. It replaced the ageing DES (Data Encryption Standard) and has since become the de facto encryption standard worldwide. AES is approved by the U.S. government for protecting classified information up to the TOP SECRET level (using AES-256 for top-secret, AES-128 for secret), and is mandated by the International Organisation for Standardisation (ISO/IEC 18033-3).

How AES-128 works — step by step: AES-128 operates on 128-bit blocks of data using a 128-bit encryption key. The encryption process consists of 10 rounds of four distinct transformations:

• Key Expansion: The original 128-bit key is expanded into 10 separate round keys (one for each round) using the AES key schedule algorithm. Each round key is different, making cryptanalysis exponentially harder.
• AddRoundKey: The input data block is XORed with the first round key. This combines the plaintext with the secret key at the very beginning of the process.
• SubBytes (Substitution): Each byte of the data block is replaced with a corresponding byte from a fixed substitution table (S-box). This non-linear step creates confusion — small changes in input produce dramatically different output.
• ShiftRows (Permutation): Bytes in each row of the 4x4 state matrix are shifted cyclically to the left by different offsets. This creates diffusion — spreading the influence of each byte across the entire block.
• MixColumns (Mixing): Each column of the state matrix is multiplied by a fixed polynomial in the Galois Field GF(2^8). This further mixes bits across columns, ensuring every output bit depends on every input bit.
• Final Round: The 10th round omits MixColumns but includes AddRoundKey, SubBytes, and ShiftRows, producing the final ciphertext output.

Real-world analogy — the locked briefcase: Imagine you place your booking documents inside a briefcase with a combination lock. You set the combination (the encryption key) and send the locked briefcase across the world. Anyone who intercepts it sees only a locked box — they cannot read the documents inside. Only the recipient with the correct combination can open it. AES-128 is like having a combination with 2^128 possible settings — a number so vast (340 undecillion, or 39 digits long) that even the fastest supercomputer on earth, trying one trillion combinations per second, would take billions of years to find the correct one.

Why AES-128 and not AES-256? AES-128 provides an excellent balance of speed and security for web applications. While AES-256 uses a larger key (256 bits) and 14 rounds, AES-128's 128-bit key and 10 rounds offer more than sufficient security for commercial applications. Both are considered unbreakable with current technology. AES-128 is the recommended standard for TLS 1.3 connections and is fully compliant with PCI-DSS, GDPR, SOC 2, and Tanzania's Data Protection Act. The real-world security bottleneck is rarely the cipher strength — it is key management, which is why we invest heavily in our Hardware Security Module (HSM) infrastructure.

How we apply AES-128 across your data:

• Encryption in transit (SSL/TLS): When you submit any form on our website, your browser establishes a 256-bit encrypted tunnel using TLS 1.3. Inside this tunnel, AES-128 encrypts the actual data. You can verify this by looking for the padlock icon in your browser's address bar and the "https://" prefix on our URL. Our SSL certificate is issued by a trusted Certificate Authority and isvalidated quarterly.
• Encryption at rest (database): Once received, your data is written to encrypted database volumes using AES-128 in XTS mode (IEEE 1619 standard for storage encryption). The encryption keys are stored separately in a Hardware Security Module (HSM) — a tamper-resistant physical device designed specifically to protect cryptographic keys. Even if an attacker gained access to our database servers, the encrypted data would be completely unusable without the keys from the HSM.
• Key rotation and access: Encryption keys are rotated every 90 days automatically. Access to the HSM is restricted to a small number of authorised administrators, requires multi-factor authentication, and every access attempt is logged and audited monthly. No single individual has access to both the encrypted database and the decryption keys — this is a security principle called "separation of duties."
• Payment data tokenisation: When you enter credit card information, it is sent directly to our PCI-DSS Level 1 compliant payment processor (Stripe/PayPal) which tokenises it. We never see, store, or have access to your full card number, CVV, or PIN. The token stored in our system cannot be reverse-engineered to recover the original card number.

What this means for you as a Kizza Adventures client: When you book a Kilimanjaro climb, safari, or Zanzibar tour with us, your personal information — passport data, medical information, dietary preferences, emergency contacts, payment details, and correspondence — is protected by the same encryption technology that secures online banking, government classified communications, and international financial transactions. You can transact with us confidently, knowing that your privacy is protected by world-class security measures.

Scope of Collection

02 Information We Collect

We collect personal information that you voluntarily provide and certain technical data automatically when you browse our website. All data collected is protected by AES-128 encryption during transmission and storage. We follow the data minimisation principle — we collect only what is genuinely necessary to deliver your travel experience and meet legal obligations.

Personal information you provide to us:

• Identity data: Full legal name, date of birth, nationality, passport number, country of residence, emergency contact name and relationship. This data is required for park permits, flight bookings, accommodation reservations, and immigration compliance across Tanzania, Kenya, Uganda, Rwanda, and other East African countries we operate in.
• Contact data: Email address, phone number (including WhatsApp for in-country communication), postal address, and preferred language for communications. We use WhatsApp Business which operates under Meta's privacy framework with end-to-end encryption.
• Travel and booking data: Flight itineraries, arrival/departure times, accommodation preferences (room type, bed configuration), dietary requirements and allergies, medical conditions relevant to high-altitude trekking (if applicable), travel insurance policy details, passport photocopy, passport-sized photographs (for park permits), and any special requests such as anniversary celebrations or accessibility needs.
• Payment data: Credit or debit card information, PayPal account email, or bank transfer reference numbers. All payment transactions are processed through PCI-DSS Level 1 compliant third-party gateways — we never store full card numbers, CVV codes, or PINs on our servers. Card data is tokenised at the gateway level.
• Special category data (with explicit consent): For Kilimanjaro climbs and adventure activities, we collect health information necessary for your safety — pre-existing medical conditions, allergies, current medications, blood type, emergency medical contact, and physical fitness level. This data is protected with additional encryption and access controls, and is deleted within 12 months after your trip.

Information collected automatically when you browse:

• Technical data: IP address (anonymised after 24 hours via Google Analytics IP masking), browser type and version, operating system, device type and screen resolution, referring website URL, and time zone setting.
• Usage data: Pages visited and time spent on each page, interactions with forms and chatbot, referral source, click patterns, and navigation flow — collected via Google Analytics 4 with IP anonymisation enabled and data retention set to 26 months.
• Cookie data: Essential cookies for Google Translate functionality, analytics cookies (with consent), and functional cookies for embedded YouTube videos (via youtube-nocookie.com privacy-enhanced mode).

Collection Methods

03 How We Collect Your Information

We collect personal data through the following channels — all protected by AES-128 encryption at every stage of transmission and storage. We want you to understand exactly where and how your data enters our systems:

• Direct website interactions: Booking enquiry forms, newsletter subscription forms, chatbot conversations, travel guide downloads, and contact forms. Every form on our website submits data over an encrypted HTTPS connection (TLS 1.3) with AES-128 encryption. Your data is encrypted before it leaves your browser and remains encrypted until it reaches our secure servers.
• Direct communications: Emails sent to [email protected] (protected by AES-256 encryption at rest on Google Workspace servers), WhatsApp messages (protected by end-to-end encryption via the Signal Protocol, integrated with Meta's infrastructure), phone calls (recorded for quality assurance with your consent), and social media direct messages on Facebook, Instagram, and LinkedIn.
• Third-party referrals: When you are referred to us by a travel agent, hotel concierge, or partner agency, we receive only your basic contact information (name, email, phone) and booking preferences — solely with your authorisation. We require all referral partners to confirm that they have obtained your consent before sharing your data with us.
• In-person collection: During your pre-trek briefing at our Moshi office (located in Kilimanjaro Region, Tanzania), we may collect additional information required for same-day park registrations, emergency contact updates, or equipment fitting records. This data is entered directly into our encrypted systems via secure terminals.
• Public sources: We may occasionally supplement your profile with publicly available information such as social media handles or travel reviews, but only if you have chosen to make this information public and it is relevant to improving your experience with us.

Purpose of Processing

04 How We Use Your Information

Your personal data is used solely for the following legitimate purposes directly related to our travel services. We do not use your data for purposes incompatible with these. Each processing activity is mapped to a lawful basis under GDPR:

• Booking management and service delivery (Contractual necessity): Confirming reservations with lodges, tented camps, hotels, and airlines; coordinating with guides, porters, drivers, and support staff; issuing invoices, receipts, and travel documents; managing group allocations and room assignments; processing special requests (dietary, accessibility, celebrations).
• Safety and emergency response (Legitimate interest / Vital interest): Sharing relevant medical and contact information with your assigned guide, expedition leader, and support team; maintaining emergency contact protocols with our 24/7 operations centre; coordinating with medical evacuation providers (including helicopter rescue), insurance companies, embassies, and your designated emergency contacts in the event of an accident or medical emergency during your tour.
• Communication and customer support (Legitimate interest): Sending pre-departure information, travel updates, weather and route condition alerts, post-trip follow-up surveys, and responding promptly to your enquiries via email, phone, or WhatsApp. Promotional materials (newsletters, special offers) are sent only to clients who have explicitly opted in — you can unsubscribe at any time.
• Regulatory compliance (Legal obligation): Transmitting required client data to Tanzania National Parks (TANAPA), Ngorongoro Conservation Area Authority (NCAA), Tanzania Wildlife Authority (TAWA), Kilimanjaro National Park (KINAPA), immigration authorities for visa support letters, and other regulatory bodies as mandated by Tanzanian law. This data is transmitted via secure government portals with encryption.
• Service improvement (Legitimate interest): Analysing aggregated, fully anonymised data to improve our tour packages, refine our website experience, optimise our customer service processes, and train our staff. Individual clients are never identifiable in these analytics.

Third-Party Disclosure

05 How We Share Your Information

We share your personal data only with carefully vetted partners who are essential to delivering your travel experience. Every third party is contractually bound to maintain the same AES-128 encryption standards, data protection controls, and confidentiality obligations that we uphold ourselves. We never sell, rent, or trade your personal information under any circumstances — this is a non-negotiable principle of our business:

• Accommodation and ground operators: Lodges, tented camps, eco-lodges, hotels, and local guiding companies receive your name, dietary requirements, room preferences, and any special requests necessary to fulfil your booking. They are prohibited from using this data for any other purpose.
• Transport and logistics: Airlines (domestic and international), transfer companies, vehicle hire services, and domestic charter flight operators receive passenger names, flight times, and luggage requirements for route coordination and safety manifest compliance.
• Park and conservation authorities: TANAPA, NCAA, TAWA, and KINAPA receive client passport data and park entry details as legally required for permit processing, conservation fee collection, and park safety records. This is a legal requirement for operating in Tanzanian national parks and conservation areas.
• Payment processors: Stripe and PayPal handle all credit/debit card transactions under their own PCI-DSS Level 1 compliant infrastructure. Bank transfer references are processed through our commercial banking partners. We recommend reviewing their privacy policies for complete details on their data handling practices.
• Insurance and emergency services: Travel insurance providers, medical evacuation companies, and helicopter rescue services (e.g., Kilimanjaro Search and Rescue) receive relevant medical and contact information only in the event of a claim or emergency situation requiring their services.
• Legal and regulatory bodies: When required by Tanzanian law, court order, or government regulation — including but not limited to immigration reporting, tax compliance with the Tanzania Revenue Authority (TRA), and tourism regulatory reporting to the Tanzania Tourist Board (TTB).

Cross-Border Data

06 International Data Transfers

As a Tanzania-based tour operator serving a global clientele from over 40 countries, your personal data may be transferred to and processed in countries outside your country of residence — including Tanzania (our primary operating country), Kenya, Uganda, Rwanda, Democratic Republic of Congo (for multi-country itineraries), and the United States (for cloud-based services including Google Workspace, Stripe, and PayPal). We ensure robust legal and technical safeguards are in place:

• Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers of EEA residents' data to third countries. These clauses impose contractual obligations on data recipients to provide equivalent levels of protection.
• Data Processing Agreements (DPAs): Signed with all third-party service providers (cloud hosts, payment processors, email services) who handle personal data on our behalf. These agreements define scope, limitations, security requirements, and audit rights.
• Adequacy decisions: Where applicable, we rely on the European Commission's adequacy decisions for transfers to countries with equivalent data protection standards.
• AES-128 encryption across borders: Regardless of where your data is geographically processed, AES-128 encryption is maintained at all times. Your data remains encrypted whether it is stored on a server in Tanzania, the United States, or Europe — the encryption does not depend on location.
• Data localisation: Where possible, we prioritise data storage within East African servers to reduce cross-border transfer volumes. Tanzanian client data is preferentially stored within Tanzania.

By booking with Kizza Adventures, you acknowledge that your data may be transferred across international borders for the purposes described in this policy. We will always ensure your data receives at least the same level of protection as it would within your home country.

Security

07 Data Protection and Security Measures

We implement multiple layers of protection — technical, administrative, and physical — working together in a defence-in-depth architecture. AES-128 encryption is a critical component, but it is part of a comprehensive framework with overlapping controls designed to protect your data from every angle:

• AES-128 encryption (in transit and at rest): Every form submission, payment transaction, email, and API call is encrypted end-to-end. Database volumes use AES-128 XTS mode with separate key management via HSM.
• 256-bit SSL/TLS certificates: Our website is secured with an Extended Validation (EV) SSL certificate, displaying the green padlock and verified organisation name in modern browsers. All connections enforce TLS 1.2 or higher — TLS 1.0 and 1.1 are disabled.
• PCI-DSS Level 1 compliance: All payment card processing is handled by Stripe and PayPal, both certified PCI-DSS Level 1 Service Providers — the highest level of payment security certification. We never touch or store card numbers directly.
• Access controls and authentication: Only authorised Kizza Adventures staff have access to personal data, granted on a strict need-to-know basis. Access requires multi-factor authentication (MFA) using time-based one-time passwords (TOTP). All staff complete mandatory annual data protection and security awareness training. Access logs are reviewed monthly and any anomalous access is investigated.
• Infrastructure security: Our website and databases are hosted on secured infrastructure with enterprise-grade firewall protection, distributed denial-of-service (DDoS) mitigation, intrusion detection and prevention systems (IDS/IPS), 24/7 server monitoring, automated security patching, and regular vulnerability scanning.
• Security testing and audits: We conduct quarterly automated vulnerability scans using industry-standard tools, annual penetration tests by independent third-party security firms, and internal security audits every 6 months. Remediation of any identified vulnerabilities is prioritised based on severity.
• Incident response plan: We maintain a documented incident response plan aligned with NIST SP 800-61 guidelines. In the unlikely event of a data breach, we will notify affected clients within 72 hours (as required by GDPR), notify relevant supervisory authorities, conduct a full forensic investigation, implement corrective measures, and provide affected clients with guidance on protective steps.

Retention

08 Data Retention and Deletion

We retain your personal data only as long as necessary to fulfil the purposes for which it was collected and in accordance with legal, tax, regulatory, and legitimate business requirements. Throughout its lifecycle, your data remains AES-128 encrypted. Our retention schedule is as follows:

• Booking and financial records: Retained for 7 years after the completion of your tour to comply with Tanzanian tax and accounting laws (Tanzania Revenue Authority requirements). After 7 years, records are securely deleted or fully anonymised.
• Medical and health data: Deleted within 12 months after your trip concludes, unless required for an active insurance claim, legal proceeding, or ongoing medical treatment related to your tour. Clients can request earlier deletion at any time.
• Newsletter subscriptions: Retained until you unsubscribe. We refresh consent every 2 years by sending a reconfirmation request. If no response is received within 30 days, the subscription is automatically cancelled.
• Enquiry correspondence (non-booking): Retained for 3 years after the last communication, after which it is securely purged.
• Website analytics: Anonymised aggregate data retained indefinitely for trend analysis; personally identifiable analytics data is retained for a maximum of 26 months (Google Analytics 4 default setting).
• Chatbot conversation logs: Retained for 12 months for quality improvement purposes, after which they are anonymised. Identifiable chatbot logs are deleted upon client request.

After the applicable retention period, your data is securely destroyed using methods compliant with NIST SP 800-88 Rev. 1 guidelines for media sanitisation — including cryptographic erasure (encrypting data and destroying the encryption keys), overwriting, and physical destruction where applicable. Once destroyed, data cannot be recovered.

Your Rights

09 Your Rights and Choices

Under applicable data protection laws — including the General Data Protection Regulation (GDPR), UK GDPR, and the Tanzania Data Protection Act — you have the following rights regarding your personal data. These rights are designed to give you control over your information. We will respond to all legitimate requests within 30 days, free of charge, unless the request is manifestly unfounded or excessive:

• Right of access (Article 15 GDPR): Request a complete copy of the personal data we hold about you, including the purposes of processing, categories of data, recipients, and retention periods. First copy is free.
• Right to rectification (Article 16 GDPR): Correct any inaccurate, incomplete, or outdated personal data we hold about you. Please keep your contact details up to date.
• Right to erasure — "right to be forgotten" (Article 17 GDPR): Request deletion of your personal data where it is no longer needed for the original purpose, where you withdraw consent, or where you object and there are no overriding legitimate grounds.
• Right to restriction (Article 18 GDPR): Limit how we process your data in specific circumstances — for example, while a rectification request is pending or while a complaint is being investigated.
• Right to data portability (Article 20 GDPR): Receive your data in a structured, commonly used, machine-readable format (CSV, JSON) and request direct transfer to another controller where technically feasible.
• Right to object (Article 21 GDPR): Object to processing based on legitimate interests (including profiling) or for direct marketing purposes. We will stop processing unless we demonstrate compelling legitimate grounds.
• Right to withdraw consent (Article 7 GDPR): Withdraw your consent at any time where we rely on consent as the legal basis for processing. Withdrawal does not affect the lawfulness of processing before withdrawal.
• Right to lodge a complaint (Article 77 GDPR): File a complaint with your local data protection supervisory authority if you believe we have not processed your data lawfully. We will cooperate fully with any investigation.

To exercise any of these rights, contact our Data Protection Officer using the details at the bottom of this page. We may need to verify your identity before processing your request — this is a security measure to ensure your data is not disclosed to unauthorised persons.

Cookies

10 Cookies and Tracking Policy

Our website uses cookies and similar tracking technologies sparingly and transparently. We believe in minimal, privacy-respecting data collection. Here is a complete inventory of every cookie and tracking technology used on our site:

• Essential / strictly necessary cookies: Google Translate preference cookie (remembers your language selection across pages), session management cookie (maintains your session state during a visit). These cookies are required for the website to function correctly and cannot be disabled. No prior consent is required under ePrivacy Directive.
• Analytics / performance cookies: Google Analytics 4 with IP anonymisation enabled (masking the last octet of your IP address). We use aggregated, non-identifiable data to understand which pages are most popular, how users navigate our site, and where improvements can be made. Consent is obtained via a cookie banner on your first visit.
• Functional cookies: YouTube embedded videos use the youtube-nocookie.com domain (privacy-enhanced mode) which sets minimal cookies required for video playback. No tracking or personalisation cookies are set by these embeds.
• Third-party cookies (minimal): Font Awesome icon CDN and Google Fonts may set strictly limited cookies as documented in their respective privacy policies. These are considered exempt under applicable cookie rules as they are essential for rendering the website.

We do not use any advertising cookies, targeting cookies, cross-site tracking cookies, behavioural tracking cookies, social media pixel tracking, or remarketing cookies of any kind. You can manage or disable cookies at any time through your browser settings. Note that blocking essential cookies may impact the functionality of the Google Translate feature and general site performance.

Children

11 Children's Privacy

Our adventure travel services are designed for individuals aged 18 years and over. We do not knowingly collect, use, process, or store personal information from children under the age of 13. If you are a parent or guardian and believe that your child under 13 has provided us with personal data without your consent, please contact our Data Protection Officer immediately at [email protected]. Upon verification, we will promptly and securely delete all such information from our records within 30 days. Minors aged 13 to 17 who wish to travel with us on family safaris, Kilimanjaro climbs (minimum age 10 years for Marangu Route, 12 years for other routes), or other tours require signed parental or guardian consent and must be accompanied by a parent, legal guardian, or authorised adult throughout the entire duration of the tour.

External Services

12 Third-Party Links and Services

Our website may contain links to external third-party websites, platforms, and services that are not operated by us. These include but are not limited to partner lodge websites, airline booking portals, payment processor pages (Stripe, PayPal), social media platforms (Facebook, Instagram, Pinterest, LinkedIn, YouTube, TikTok, Dribbble, Skype), and independent review sites (TripAdvisor, Google Reviews, Trustpilot). This Privacy Policy applies exclusively to Kizza Adventures' website and services. When you click on a third-party link and leave our site, you are subject to that third party's own privacy policies, terms of service, and data handling practices. We strongly encourage you to review their privacy policies before providing them with your personal information. We do not accept any responsibility or liability for the content, privacy practices, or security of any third-party websites or services.

Legal

13 Legal Compliance and Disclosures

Kizza Adventures operates in full compliance with the laws and regulations of the United Republic of Tanzania. We are a licensed and accredited tour operator holding the following registrations and memberships:

• Tanzania Tourist Board (TTB): Registered Tour Operator — License #TTB/LIC/2024/0456. The TTB is the primary regulatory body for all tourism businesses operating in Tanzania, responsible for licensing, quality standards, and consumer protection.
• Tanzania Association of Tour Operators (TATO): Full Member — Membership #TATO/M/2024/089. TATO is the leading industry body representing professional tour operators in Tanzania, setting standards for ethical and sustainable tourism.
• Kilimanjaro National Park (KINAPA): Authorised Climbing Concession Holder — Permit #KINAPA/CON/2024/112. We hold an active concession licence to operate Kilimanjaro climbs, complying with all park regulations, porter welfare standards, and environmental protection requirements.
• Ngorongoro Conservation Area Authority (NCAA): Registered Safari Service Provider — Permit #NCAA/SAF/2024/078. We are authorised to operate game drives, crater tours, and cultural visits within the Ngorongoro Conservation Area.
• Serengeti National Park: Licensed Tour Operator with valid park entry permits and game drive vehicle licences.

We may disclose your personal data if required to do so by Tanzanian law, regulation, legal process served upon us, or valid government request. This includes compliance with immigration reporting, tax obligations to the Tanzania Revenue Authority (TRA), tourism regulatory reporting, and any other legal obligations binding on Tanzanian tour operators.

Updates

14 Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our data processing practices, legal or regulatory requirements (including GDPR updates, Tanzanian data protection law amendments), operational needs, or improvements in our security infrastructure. When we make material changes, we commit to the following:

• Update the "Last updated" date at the top of this policy immediately.
• Post a prominent notice on our website homepage for a minimum of 30 days following the change.
• Notify all clients with active or outstanding bookings via email within 7 days of the change taking effect.
• Maintain an archived version of the previous policy for 12 months for reference.

We encourage you to review this policy periodically. Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree with a material change, you may request deletion of your data as outlined in your rights above.

Get in Touch

15 Contact Us About Your Privacy

If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or how we handle your personal data — including but not limited to requests to access, correct, delete, or export your information, or to withdraw consent — please reach out to our dedicated Data Protection Officer (DPO) using any of the following channels. We aim to acknowledge all requests within 48 hours and respond fully within 30 calendar days.