Privacy Policy

Effective date: 1 May 2026

Tripzo Technologies Pvt Ltd ("we") is committed to protecting the privacy of users and the customers of our travel-agency clients. This policy is aligned with India's Digital Personal Data Protection Act 2023 (DPDP) and explains our practices.

Data we collect

From the agency owner / staff (account holders)

• Name, email, phone, role
• Login activity (IP, browser, session timestamps)
• Pages visited within the agency panel (anonymised analytics)

From the agency's own customers (data the agency uploads)

• Name, email, phone, address (optional), passport / ID (optional)
• Booking history, payment records, GSTIN (for B2B invoicing)
• Travel preferences entered by the agent

Why we process it

• Provide the Service (the primary purpose)
• Send transactional notifications (booking confirmations, reminders)
• Bill and collect subscription fees
• Improve product quality (anonymised aggregate analytics only)
• Comply with legal obligations (GST e-invoicing, tax records)

Data sharing

We do not sell your data. We share data only with:

• Sub-processors required to operate the Service: AWS (hosting), Razorpay (payment processing), Postmark/SES (email delivery), Anthropic (AI Quote Mode — only the agent's prompt text is sent)
• Indian tax authorities when legally compelled (GST e-invoice filings)

Your rights (DPDP Act 2023)

You may, at any time:

• Access your data — exportable as JSON from your agency panel
• Correct inaccurate data via the agency panel
• Erase your data — request via email; we comply within 30 days
• Withdraw consent for non-essential processing
• Lodge a complaint with the Data Protection Board of India

Data retention

Active accounts: data retained for the life of the subscription. After account closure: 30 days for export, then permanent deletion within 90 days (excluding records we are legally required to keep, e.g. GST invoices for 8 years).

Cross-border transfers

Tripzo data is hosted in Mumbai, India (AWS ap-south-1). Some sub-processors (e.g. Anthropic for AI features, Postmark for email) may process data outside India under appropriate contractual safeguards (Standard Contractual Clauses).

Security

• Encryption in transit (TLS 1.2+) and at rest (AES-256)
• Per-tenant database isolation (Postgres)
• Audit log of all data accesses
• TOTP 2FA available for all users

Contact our Data Protection Officer

For privacy-related queries: dpo@tripzo.com

Changes

Material changes notified by email at least 30 days in advance.