← Back to TravelMaya
Privacy Policy
Last updated: May 2025 | Effective date: May 2025
This Privacy Policy describes how TravelMaya ("we", "us", or "our") collects, uses, and protects your personal data when you use travelmaya.in (the "Service"). By using the Service you agree to the practices described in this Policy.
TravelMaya is operated as an individual / sole proprietorship based in India and complies with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000.
1. What data we collect
- Phone number — collected when you sign in via OTP. Used solely to identify your account and link saved plans to you.
- Name, email address, WhatsApp number — collected only if you voluntarily submit an enquiry via the contact form (Step 7). These are never collected automatically.
- Trip plan data — destinations, dates, travel preferences, and selected activities you choose while using the planner. Stored in your account only if you choose to save a plan.
- Usage data — we do not currently run analytics or tracking scripts. We do not use cookies beyond what Firebase Authentication requires for session management.
2. How we use your data
- To save and restore your travel plans across sessions
- To allow you to share plan links with others
- To respond to enquiries you submit via the contact form
- To improve our destination data and recommendations (aggregated, never individual)
We do not sell, rent, or trade your personal data to any third party.
3. Data sharing
- Firebase (Google LLC) — our backend infrastructure. Your data is stored in Google's Firestore database and processed under Google's standard data processing terms. Firebase is ISO 27001 certified.
- Booking.com — when you click a "Book on Booking.com" link, you leave TravelMaya and are subject to Booking.com's own privacy policy. We may receive a referral commission.
- No other third parties receive your personal data.
4. Data retention
Your account data and saved plans are retained for as long as your account is active. Enquiry (lead) data is retained for up to 2 years for business correspondence purposes. You may request deletion at any time (see Section 6).
5. Your rights (DPDP Act 2023)
As a Data Principal under the DPDP Act, you have the right to:
- Access — request a summary of personal data we hold about you
- Correction — request correction of inaccurate data
- Erasure — request deletion of your account and all associated data
- Grievance redressal — raise a complaint with our Grievance Officer
- Nominate — nominate another individual to exercise your rights in the event of death or incapacity
To exercise any of these rights, email: grievance@travelmaya.in. We will respond within 48 hours.
6. Account and data deletion
You may delete your TravelMaya account and all associated data at any time by emailing grievance@travelmaya.in with the subject line "Delete My Account". We will complete deletion within 7 business days and confirm via email.
7. Children's data
TravelMaya is intended for users aged 18 and above. We do not knowingly collect personal data from individuals under 18. If you believe a minor has submitted data, please contact us immediately and we will delete it.
8. Security
We use Firebase's industry-standard security infrastructure including encrypted data in transit (TLS/HTTPS) and at rest. Access to Firestore is governed by security rules that restrict each user to their own data only.
9. Changes to this Policy
We may update this policy from time to time. Material changes will be announced on the website with an updated effective date. Continued use of the Service after changes constitutes acceptance.
10. Contact & Grievance Officer
As required under the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the DPDP Act 2023:
- Grievance Officer: TravelMaya Team
- Email: grievance@travelmaya.in
- Response time: Within 24 hours of receipt
- Resolution time: Within 15 days
© 2025 TravelMaya | Terms of Use | Home