Privacy Policy

Safarnama ("we", "us", or "our") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, and how you can exercise your rights. This Policy applies to all users of the Safarnama platform — whether you are a traveler, trip organizer, or visitor. It is compliant with the Digital Personal Data Protection Act, 2023 (DPDPA) and other applicable Indian data protection laws including the Information Technology Act, 2000 and the IT (Amendment) Act, 2008. Under the DPDPA 2023, your consent to process personal data is obtained through a clear affirmative action — specifically, a consent checkbox presented at account registration, before any personal data is collected. You will not be required to consent as a condition of merely browsing the platform. You may withdraw consent at any time as described in Section 7 of this Policy.

We collect the following categories of personal data: 2.1 Account Information • Name, email address, and mobile number (used for login and communications) • Profile photo (if provided) • Role on the platform (Traveler or Organizer) 2.2 Booking Information • Traveler details: name, age, gender, phone number • Emergency contact: name and phone number • Pickup and drop point preferences • Trip history and past bookings 2.3 Organizer Information (KYC) • Business name and registered address • PAN Card and GSTIN number (where applicable) • Government-issued photo ID — any one of: Passport, Voter ID, or Driving Licence. Aadhaar is accepted as a voluntary alternative only; it is not mandatory, in compliance with the Aadhaar Act, 2016 and the Supreme Court's judgment in Justice K.S. Puttaswamy v. Union of India (2018). • Bank account details (for payout processing) • ID verification documents 2.4 Payment Information • Transaction amount and reference IDs • Payment method type (UPI/card/netbanking) • We do NOT store full card numbers, CVV, or UPI PINs — these are handled directly by Razorpay 2.5 Usage Data • Device type, browser, and IP address • Pages visited and interactions with the platform • Search queries and trip comparison history 2.6 Communications • Messages exchanged between travelers and organizers through our platform • Support chat history • Feedback and reviews you submit

We use your personal data for the following purposes: • Account creation and authentication • Processing bookings and managing escrow payments via Razorpay • Sending booking confirmations, trip reminders, and OTP verification messages via SMS and email • Facilitating communication between travelers and organizers • Verifying organizer identity (KYC) and publishing organizer profiles • Displaying your reviews and ratings on the platform • Improving platform features and user experience through aggregated analytics • Preventing fraud, resolving disputes, and enforcing our Terms of Service • Complying with legal obligations, court orders, or government requests under Indian law • Sending marketing communications (only with your consent — you may opt out at any time) We process your data on the following lawful bases under the DPDPA, 2023: • Consent (Section 6): Where you have provided explicit, informed consent via affirmative action at registration or for specific processing activities such as marketing communications. • Certain Legitimate Uses (Section 7): Where processing is necessary for the performance of a contract you are party to (booking a trip, organizer payout processing), for compliance with a legal obligation, or for functions of the State or a court order. We do not rely on "legitimate interest" as a standalone basis — that concept applies under GDPR (EU law), not under the DPDPA, 2023.

We do not sell your personal data to third parties. We share your data only in the following limited circumstances: 4.1 With Trip Organizers When you book a trip, the organizer receives your name, phone number, age, gender, and emergency contact details — only to the extent necessary to manage your participation in their trip. 4.2 With Razorpay Payment-related data (transaction amounts, mobile number for UPI) is shared with Razorpay Payments Private Limited for processing and reconciliation. Razorpay processes your payment data under its own privacy policy in compliance with RBI guidelines. 4.3 With SMS and Email Service Providers Your phone number and email address are shared with our OTP and notification service providers solely for delivering communications. 4.4 Legal Requirements We may disclose your data to law enforcement agencies, courts, or government authorities where required by applicable Indian law, court order, or regulatory mandate. 4.5 Business Transfers In the event of a merger, acquisition, or asset sale, your data may be transferred to the successor entity, subject to equivalent privacy protections. We do not share your data with any third party for advertising or marketing purposes without your explicit consent.

We retain your personal data for as long as your account is active or as needed to provide services. Specifically: • Account data: Retained for the duration of your account and for 3 years after account closure. • Booking and transaction records: Retained for 7 years as required under Indian financial and tax laws. • KYC documents (organizers): Retained for the duration of organizer status and 5 years after. • Support communications: Retained for 2 years. • Marketing preferences: Until you withdraw consent. You may request deletion of your account and associated data by emailing support@safarnama.in. Some data may be retained longer if required by law or to resolve ongoing disputes.

We use cookies and similar technologies to: • Keep you logged in securely • Remember your trip comparison selections and search preferences • Measure platform performance and identify issues • Understand how users navigate the platform (aggregated analytics only) Types of cookies we use: • Essential cookies: Required for the platform to function (login sessions, booking form data, comparison queue) • Preference cookies: Remember your display settings across visits (list/grid view, sort order) • Analytics cookies: Help us understand usage patterns — anonymised and aggregated, no PII collected • Third-party cookies (Razorpay): Set during the payment flow only, governed by Razorpay's privacy policy We do not use advertising cookies, tracking pixels, or sell data to ad networks. You can manage all non-essential cookies through your browser settings without affecting your ability to book trips.

Under the Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal: • Right to Access: Request a summary of the personal data we hold about you. • Right to Correction: Request correction of inaccurate or incomplete personal data. • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements. • Right to Grievance Redressal: File a complaint with our Grievance Officer (see Section 9). • Right to Nominate: Nominate an individual to exercise these rights on your behalf in the event of your death or incapacity. • Right to Withdraw Consent: Withdraw your consent to data processing at any time (withdrawal will not affect the lawfulness of processing before withdrawal). To exercise any of these rights, email us at support@safarnama.in with the subject line "Data Rights Request". We will respond within 30 days.

We implement appropriate technical and organisational security measures to protect your personal data, including: • HTTPS encryption for all data in transit • Password hashing and secure session management • Access controls limiting employee access to personal data • Regular security audits and vulnerability assessments • Razorpay's PCI DSS-compliant payment infrastructure for all financial data Despite these measures, no internet transmission is 100% secure. In the event of a data breach that poses a risk to your rights, we will notify you and the relevant authorities as required under Indian law, within the prescribed timelines.

As required under the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (Rule 3(2)(b)) and the DPDPA, 2023, we have appointed a Grievance Officer: Name: Mandeep Mourya Designation: Grievance Officer, Safarnama Email: grievance@safarnama.in Address: Pune, Maharashtra, India Response Time: Acknowledged within 48 hours; resolved within 30 days as required by applicable law. If you are not satisfied with the resolution provided by our Grievance Officer, you may escalate your complaint to the Data Protection Board of India under the DPDPA, 2023.

Safarnama is not intended for use by persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data without parental consent, please contact us at support@safarnama.in and we will delete such data promptly.

Safarnama primarily stores and processes your personal data in India. However, some of our third-party service providers and infrastructure partners may process data on servers located outside India. These include: • Vercel (hosting and analytics) — servers in the United States and European Union • Cloudinary (image hosting) — global CDN infrastructure • Email and SMS delivery services — may route data internationally Under the DPDPA, 2023, cross-border transfers of personal data are permitted to countries or territories notified by the Central Government. We ensure that any cross-border transfer is made only where such permission exists and is subject to equivalent data protection safeguards. We do not transfer your financial data, KYC documents, or payment information internationally — these remain within Razorpay's India-based infrastructure, which is regulated by the Reserve Bank of India.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the platform at least 7 days before they take effect. The "Last Updated" date at the top of this page reflects the most recent revision. Continued use of the platform after the updated Policy takes effect constitutes your acceptance.

For privacy-related queries, requests, or complaints: Email: support@safarnama.in Grievance Email: grievance@safarnama.in Address: Pune, Maharashtra, India