Privacy at QuickPass — we collect almost nothing, and we sell none of it.

1. Who runs the guide

QuickPass Heritage Guide is operated by a registered Egyptian non-profit cultural association, registration 503-271-948, based at 12 Mahmoud Bassiouny Street, Downtown, Cairo 11511, Egypt. The association is run by unpaid volunteers, named on the about page. For any data-protection question — access, correction, deletion, or a complaint — write to the desk at [email protected] or by post at the address above. We are too small to be required to appoint a Data Protection Officer under the Egyptian PDPL, but any of the volunteers will handle a data request.

2. What we collect

The complete list, in plain language:

• Messages you send the desk: your name, email, optional phone number and the content of your message, when you use the contact form or email us directly. Legal basis: legitimate interest in answering reader correspondence.
• Update-note email: your email address, only if you ask to join the free monthly update note. Legal basis: your consent, which you can withdraw any time with one click.
• Server logs: standard web-server logs recording IP address, page requested, time, browser type and referrer. Kept 30 days for security and to see roughly how many people use the guide, then deleted. Legal basis: legitimate interest in running a secure website.

That is everything. We do not collect demographic data, we do not profile your reading, we do not track you across other websites, we do not fingerprint your device, we do not collect location beyond the rough country the server log shows, and we do not handle any payment data because there is nothing to pay for. We have no account system, so there are no passwords or login records either.

3. What we do not do

It is worth stating the negatives plainly, because "free" sites so often hide their data practices. QuickPass does not use Google Analytics or any equivalent profiling analytics. It does not embed Facebook, Instagram, X or any other social-media tracking pixel. It does not run advertising of any kind, so there are no advertising cookies or ad-network identifiers. It does not use A/B testing tools, heatmap recorders or session-replay scripts. It does not sell, rent, swap, license or otherwise share any reader data with any third party for any purpose. There is no commercial incentive for us to do any of this, and we do none of it.

4. Cookies

QuickPass sets no cookies at all in normal use. There is no account to log into, no advertising to target, and no analytics profile to maintain, so there is nothing a cookie would do. Because we set no non-essential cookies, this site shows no cookie-consent banner — the law (the EU ePrivacy Directive and the equivalent provisions of the Egyptian PDPL) requires consent only for non-essential cookies, and we use none. We also use no local storage, indexedDB or other persistent client-side storage.

5. Who sees your data

Inside the project, the volunteers who run the desk read the messages you send and the update-note list. Outside the project, two service providers are involved, each for a narrow technical purpose: the company that hosts the website (which sees the standard server logs described above) and the email provider that delivers our replies and the monthly update note (which sees the email address and the message content needed to deliver the email). Neither has any other access, and we have the standard data-processing arrangements with both. We share data with no one else — no marketing partner, no analytics company, no advertising network, no government body outside the boundaries of a lawful Egyptian or court-issued request.

6. How long we keep it

Messages you send the desk are kept for as long as the conversation is useful — typically up to three years after the last message — and then deleted, unless they have been folded anonymously into a note correction. Update-note email addresses are kept until you unsubscribe, after which they are deleted within thirty days. Server logs are kept for thirty days and then deleted. If you ask us to delete your data sooner, we will do so promptly — we have no legal retention obligation on any of it, because we hold no financial or transactional records (there are no transactions).

7. Your rights

Under the Egyptian PDPL and the GDPR you can ask us to: show you the data we hold about you; correct it if it is wrong; delete it; restrict how we use it; give it to you in a portable form; or stop processing it. Because we hold so little, most of these requests are simple for us to honour — usually it is just your message history and, if applicable, your update-note subscription. You can also withdraw consent for the update note at any time using the unsubscribe link, and you can complain to the Egyptian Personal Data Protection Centre or, if you are an EU resident, to your home-country supervisory authority. To exercise any right, write to [email protected].

8. Children

QuickPass is written for adults planning travel, though there is nothing on the site unsuitable for any age. We do not knowingly collect data from children under 16. If a parent or guardian believes we hold data from a child, write to the desk and we will delete it within 48 hours.

9. Security

The site is served over HTTPS only. The small amount of data we hold — the desk inbox and the update-note list — is held in the email provider's secure systems with access limited to the volunteers who run the desk, protected by strong unique passwords and two-factor authentication. Because we hold no payment data, no account passwords and no sensitive personal data, the consequences of any breach would be limited to email addresses and message content, which we treat carefully but which carry low risk.

10. Changes to this notice

If we ever change this notice in a way that matters, we will note the change here and update the date below; if the change affects update-note subscribers, we will mention it in the monthly note. Given how little we collect, we do not expect this notice to change often. The current version is always the one shown on this page.

11. The update note and how we treat your email

Because the only ongoing data relationship most readers have with us is the optional monthly update note, it is worth spelling out exactly how we treat that email address. When you ask to join, we add your address to a single list held in our email provider's system. We use it for one thing: sending the monthly update note and the occasional seasonal heads-up. We do not use it to profile you, we do not append other data to it, we do not segment the list by behaviour, and we never pass it to anyone. There is an unsubscribe link at the foot of every email; one click removes you, and we delete the address within thirty days of an unsubscribe. We do not run win-back campaigns or re-add unsubscribed addresses, ever.

We also do not track whether you opened an email or clicked a link in it. Many newsletters embed an invisible tracking pixel that reports your opens and clicks back to the sender; we have turned that off. The result is that we genuinely do not know who reads the update note, which is a small loss for us and a clean piece of privacy for you. The trade is worth it — the whole project runs on trust, and tracking readers quietly would undermine exactly the thing that makes a free guide worth following.

12. Contact

For anything to do with privacy — a question, a data request, a complaint — write to the volunteer desk at [email protected] or by post at 12 Mahmoud Bassiouny Street, Downtown, Cairo 11511, Egypt. The supervisory authority in Egypt is the Personal Data Protection Centre under PDPL Law 151 of 2020; EU residents may also approach their home-country authority. We aim to answer any data request within thirty days, and usually far sooner, because there is so little data involved that most requests take only a few minutes to honour.

Last updated: 1 June 2026. Issued by QuickPass Heritage Guide (non-profit cultural association, registration 503-271-948), Cairo, Egypt, on the basis of Egyptian PDPL Law 151 of 2020 and the GDPR (Regulation EU 2016/679) for European Union readers.