Data Deletion
Effective date: July 10, 2026
We keep as little data as possible. This page explains what we store, how to ask us to delete it, and what we cannot delete.
1. What we store
- Inquiry and booking records: name, email, phone, trip interest, optional message, and any booking specifics you sent us.
- Emails: replies and forward correspondence with our email provider.
- Anonymous analytics: aggregated Umami metrics (page views, referrers, device class, country-level geography).
- Instagram OAuth data, only if you connect an account: the encrypted long-lived access token, the server-side OAuth state, single-use admin-issued invite hashes, and a cached copy of the most recent 12 posts (id, caption, media type, CDN URL, permalink, timestamp). See Privacy → Meta / Instagram for the full inventory.
- Blog drafts: images and text you send us for the blog and gallery publication workflow (Telegram bot driven).
2. How to request deletion
Email us at sahara.wonders@gmail.com or send a WhatsApp to +212 620924808. Tell us which data you want deleted. We complete deletions within 30 days.
If you are the account owner who connected the Professional Instagram account, you can delete all Instagram data immediately yourself: sign in to /admin/instagram and click Disconnect. That deletes the encrypted token, the cached profile, and the cached posts in one click.
3. What gets deleted when you ask
Once we receive your verified request, we delete:
- The named inquiry or booking records on our server.
- Back-and-forth emails referencing your request, after we've closed the thread.
- If applicable: the encrypted Instagram connection, the cached profile and posts, the cached CDN URLs, the OAuth state, and the single-use invite hashes. The in-app Disconnect button on /admin/instagram covers the same set.
- Blog draft files created while you were authoring the post.
4. What we cannot delete
- Anonymous, aggregated analytics. We can't tie these to you individually, and rotating backups mean some slices may live on for up to 30 days after their window closes.
- Where we are required by law to keep records (for example, basic invoice information for tax authorities), we retain only what the law requires, for the period the law requires, and we will tell you exactly what we kept and why when we respond to your request.
- Encrypted copies of state file backup snapshots rotate independently of the running application within ~30 days; these are not browseable or searchable once rotated.
5. Confirming your identity
For deletions initiated by email, we may ask you to confirm one or two specific details from your existing record (such as the email address on file) to make sure we are acting on your request and not someone else's. We do not request information we don't already have.
6. Meta's data deletion
The data we receive from Meta (Instagram OAuth data, cached posts) is covered by our deletion process above. If you want Meta to delete data it has tied to your Instagram account, use Instagram's own data-deletion tools; we do not act as a Meta processor for that.