Menoufia Access Systems runs e-Pass Museum, and this page sets out how we handle your personal data and your payment. Because we take money and issue an entry credential, we owe you a clear account of exactly what happens to your information. We hold little, we keep it briefly, and we do not make a business of it. This notice was last updated in April 2026 and is written to be understood, not to satisfy a lawyer.
The data controller is Menoufia Access Systems S.A.E., 24 Sharia al-Galaa, Shibin el-Kom 32511, Monufia Governorate, Egypt, VAT (ETA) 732-518-046. For any data question, write to [email protected] and a person will handle it.
To issue a pass we need your email (to send the pass and your confirmation) and, for group and student passes, the names or count of those covered and proof of student status where the student rate applies. When you contact us we hold the name, email and message you send. That is the whole list. We do not ask for, or want, anything we do not need to deliver the pass and support it.
Payment is handled by a regulated third-party payment processor. Your full card number is entered into the processor's secure system, not ours, and we never see or store it. What we receive back is a confirmation that the payment succeeded and a reference, which is all we need to issue your pass. This is the single most important thing to understand about our data handling: the sensitive payment data does not live on our systems at all.
We process your data to perform the contract you enter when you buy a pass — we cannot deliver a pass without an email to send it to. For support messages, the basis is your consent (the box you tick) and our legitimate interest in answering you. We never process your data for advertising, because we run none.
Pass and purchase records are kept for as long as needed to support the pass and meet Egyptian tax-record requirements, then deleted. Support messages unrelated to a purchase are kept for one year and then deleted. Student-status proof is checked at purchase and not retained beyond confirming eligibility. We do not keep data "just in case".
Inside the company, only the people who need your data to issue your pass or support you can see it. Outside, the only parties who touch it are the payment processor (for the transaction) and our email provider (to deliver your pass). At a museum door, the scan confirms your pass is valid — it does not transmit your personal details to the museum. We do not sell, rent or share your data with anyone for their own use.
This site runs no advertising network, no third-party analytics that identify you, no social-media trackers and no profiling. It sets no non-essential cookies, which is why there is no cookie banner — there is nothing to consent to. The only data the site transmits is what you type into a form and submit.
Your pass is a QR code you store on your own device. We do not access your phone, your location or your photos; saving the pass offline is something your phone does locally, not something we monitor. When the pass is scanned at a door, our system records that a valid entry occurred — it does not track where you then go inside or how long you stay.
You can ask what data we hold about you, ask us to correct it, ask us to delete it (except records we must keep for tax law), and withdraw consent for support correspondence at any time. Email us and we will respond within thirty days at no charge. Because we hold so little, most such requests are simple and quick to satisfy.
The service is bought by adults, though the museums it covers welcome all ages. We do not knowingly collect data directly from children; a parent or guardian buys a family or group pass that covers them. If you believe a child has submitted data through our form, tell us and we will delete it.
We protect what we hold with access controls and encryption in transit, and by the simple fact that we hold so little of value to an attacker — no card numbers, no sensitive categories, no large profile database. The pass system itself is designed so a single QR cannot be cloned into many valid entries.
When an organiser buys a group pass, they provide the names or the count of those covered so we can issue an individual pass to each. We hold those details only to issue and support the passes, and the organiser is responsible for sharing each pass with the right person. For a student pass, the enrolment proof you show is checked at purchase to confirm eligibility and is not retained afterwards — we keep the fact that a valid student rate was applied, not a copy of your student document.
We send you transactional emails only — your pass, your purchase confirmation, and replies to messages you send us. We do not run a newsletter, we do not add you to a marketing list, and there is nothing to unsubscribe from because there is nothing promotional to receive. If you ask a support question we may email you back about it; that is the extent of our contact, and it ends when your question is resolved.
We use a small number of service providers to operate: a regulated payment processor for transactions, an email provider to deliver passes and replies, and hosting for the website itself. Each is bound by its own data-protection obligations and may only use your data to provide its service to us, never for its own purposes. We do not use advertising networks, data brokers, or analytics providers that build a profile of you, so the list of third parties touching your data is deliberately short.
It is worth stating the philosophy behind all of the above, because it is unusual enough to be worth understanding. Many online services collect far more data than they need, on the theory that data is valuable and might be useful later. We take the opposite view: data we do not hold cannot be lost, leaked, subpoenaed, or misused, so the safest data is the data we never collected. We hold what is strictly required to issue your pass, support it and meet tax law — and nothing else. There is no profile of your interests, no record of your movements between museums, no browsing history tied to you, and no dormant marketing database waiting to be breached. This is not only good for you; it is good for us, because it means a security incident, however unwelcome, could expose very little of consequence. Minimalism is our main security control, and it is deliberate.
To be concrete about the timeframes mentioned above: purchase and pass records are kept while needed to support the pass and for the period Egyptian tax law requires of business records, then deleted. Support messages with no purchase attached are deleted after one year. Student enrolment proof is not retained past the moment of eligibility check. If you ask us to delete data we are not legally required to keep, we do it promptly. These are short periods by the standards of online services, and that is on purpose.
If we change how we handle data, we will update this page and its date. If you are unhappy with how we have treated your data, please raise it with us first so we can fix it; you also keep the right to complain to the data-protection authority in your country. Reach us any time through the contact page.