Flights to Iran
Active routes · typical schedules
🇹🇷
Istanbul
IST/SAW
✈ Direct2h 30m
Turkish Airlines · Pegasus · AJet
TehranMashhadShirazTabrizIsfahan
🗓 Multiple dailySearch flights ↗
🇦🇪
Dubai
DXB
✈ Direct1h 30m
Emirates · flydubai
TehranMashhadIsfahanShirazTabrizAhvaz
🗓 Multiple dailySearch flights ↗
🇬🇧
London
LHR
✈ Direct6h 30m
Mahan Air · Iran Air
Tehran
🗓 2× / weekSearch flights ↗
🇩🇪
Frankfurt
FRA
✈ Direct5h 30m
Mahan Air · Iran Air
Tehran
🗓 3× / weekSearch flights ↗
🇨🇦
Toronto
YYZ
↪ Indirect~16h
via: Istanbul or Dubai
Air Canada · Turkish Airlines · Emirates
Tehran
🗓 Daily via hubSearch flights ↗
🇺🇸
Los Angeles
LAX
↪ Indirect~22h
via: Istanbul / Dubai / Doha
Turkish Airlines · Emirates · Qatar Airways
Tehran
🗓 Daily via hubSearch flights ↗
🇦🇺
Sydney
SYD
↪ Indirect~18h
via: Dubai / Doha / Istanbul
Emirates · Qatar Airways · Turkish Airlines
Tehran
🗓 Daily via hubSearch flights ↗
🇳🇱
Amsterdam
AMS
✈ Direct6h 15m
Mahan Air · Iran Air
Tehran
🗓 2× / weekSearch flights ↗

* Based on typical airline schedules — verify before travel

Privacy Policy

Last updated: 30 April 2026

This privacy policy is available in English only. The English version is the legally binding version.

این سیاست حریم خصوصی فقط به زبان انگلیسی در دسترس است. نسخه انگلیسی از نظر قانونی الزام‌آور است.

Bu gizlilik politikası yalnızca İngilizce olarak mevcuttur. İngilizce sürüm yasal olarak bağlayıcıdır.

This policy is provided in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Data Controller

The data controller responsible for your personal data is:

Inambebar

Germany

Email: privacy@inambebar.com

We do not have a designated Data Protection Officer (DPO) as we do not meet the thresholds requiring mandatory DPO appointment under Art. 37 GDPR.

2. What Data We Collect and Why

Account Data

Data: Full name, email address, phone number, date of account creation.

Purpose: Creating and managing your account; communicating with you about your account and transactions.

Legal basis: Art. 6(1)(b) GDPR — processing is necessary for the performance of a contract (our Terms of Service) to which you are a party.

Retention: For the duration of your account, plus 90 days after account deletion.

Identity Verification (KYC) Data

Data: Government-issued photo ID (passport, national ID card, or driver's licence) and a selfie photograph.

Purpose: Verifying your identity before you may post trips or shipment requests. This protects all platform users from fraud and impersonation, and allows us to fulfil obligations to report verified identities to law enforcement in cases of suspected criminal activity.

Legal basis: Art. 6(1)(b) GDPR — processing is necessary to perform the contract (identity verification is a mandatory condition of platform use). Secondarily Art. 6(1)(f) — our legitimate interests in preventing fraud and ensuring platform safety.

Retention: KYC documents are retained for 3 years after account deletion, after which they are permanently deleted. This retention period reflects our legal obligation to be able to cooperate with law enforcement in respect of transactions that may be under investigation.

Note on biometric data: Your selfie is used only for manual visual comparison against your ID photograph by our review team. We do not use automated facial recognition software. Your selfie photograph is therefore not processed as biometric data within the meaning of Art. 9 GDPR.

Storage: Stored on Supabase (Supabase Inc.), EU data centre (Frankfurt, Germany). A Data Processing Agreement is in place with Supabase.

Trip and Shipment Listing Data

Data: Origin and destination cities, travel dates, available weight/space, package descriptions, declared item categories and values.

Purpose: Operating the platform; matching Senders with Travelers; maintaining records of transactions for dispute resolution.

Legal basis: Art. 6(1)(b) GDPR — contract performance.

Retention: 3 years after the listing is closed or the account is deleted, whichever is later.

Messages

Data: All messages sent through the Inambebar in-platform chat, including timestamps.

Purpose: Facilitating communication between users; preserving evidence for dispute resolution; fraud prevention; compliance with legal requests from law enforcement.

Legal basis: Art. 6(1)(b) GDPR — contract performance; Art. 6(1)(f) — legitimate interests in fraud prevention and platform safety.

Retention: 3 years from the date the message was sent.

Usage and Security Data

Data: IP address, browser type, pages visited, timestamps of login events.

Purpose: Security monitoring, fraud detection, debugging.

Legal basis: Art. 6(1)(f) GDPR — legitimate interests in platform security.

Retention: 90 days.

3. Data Processors (Third Parties)

We use the following third-party data processors. Each is bound by a Data Processing Agreement with us and may only process your data on our documented instructions.

ProcessorPurposeLocation
Supabase Inc.Database, authentication, and file storage hostingEU (Frankfurt, Germany)
Resend Inc.Transactional email deliveryUSA (SCCs in place)
Vercel Inc.Website hosting and deploymentUSA (SCCs in place)

SCCs = EU Standard Contractual Clauses, an approved mechanism for lawful data transfer outside the EEA under Art. 46 GDPR.

4. Disclosure to Authorities

We may disclose your personal data — including your verified identity documents, message history, and transaction records — to law enforcement, courts, or regulatory authorities when required to do so by applicable law, or where we have a good-faith belief that disclosure is necessary to prevent or report a crime. We do not proactively share your data with any government authority outside of these circumstances.

5. Cookies

We use only technically necessary cookies required for authentication and security (session tokens). We do not use advertising, analytics tracking, or third-party cookies. No cookie consent banner is required as we rely solely on necessary cookies.

6. Your Rights Under GDPR

You have the following rights regarding your personal data. To exercise any of them, contact privacy@inambebar.com. We will respond within 30 days.

Right of access (Art. 15)
Request a copy of all personal data we hold about you.
Right to rectification (Art. 16)
Request correction of inaccurate or incomplete data.
Right to erasure (Art. 17)
Request deletion of your data. Note: KYC documents may be retained for up to 3 years after account deletion as described in Section 2. Other data will be deleted promptly.
Right to restriction (Art. 18)
Request that we restrict processing of your data in certain circumstances.
Right to data portability (Art. 20)
Receive your account data in a machine-readable format.
Right to object (Art. 21)
Object to processing based on our legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.

7. Right to Lodge a Complaint

If you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the competent data protection supervisory authority.

For users in Germany, the competent authority is the supervisory authority of the German federal state in which we are established. A directory of all German supervisory authorities is available at bfdi.bund.de.

Users in other EU member states may contact the supervisory authority of their country of habitual residence.

8. Automated Decision-Making

We do not make any decisions about you solely by automated means that produce legal or similarly significant effects. Identity verification involves manual review by our team.

9. Changes to This Policy

We may update this policy. If we make material changes, we will notify you by email or via a prominent notice on the platform at least 14 days before the change takes effect. The "Last updated" date at the top of this page reflects the most recent revision.

10. Contact

For any privacy-related questions or to exercise your rights: privacy@inambebar.com