Privacy Policy

Welcome to TravelYog

At TravelYog, accessible from https://travelyog.com/, the privacy of our visitors is of paramount importance. This Privacy Policy document outlines the types of personal information that is received, collected, and recorded by TravelYog, and how we use, store, share, and protect that information.

By using our website and availing yourself of our tour and travel services, including but not limited to domestic and international travel packages, hotel bookings, flight reservations, cruise packages, adventure tours, corporate travel management, visa assistance, travel insurance, and customized itinerary planning, you hereby consent to the data practices described in this Privacy Policy. If you do not agree with any part of this policy, we kindly request that you discontinue the use of our website and services immediately.

TravelYog is committed to complying with all applicable data protection laws, including the General Data Protection Regulation (GDPR) for our European users, the California Consumer Privacy Act (CCPA) for California residents, and the Information Technology Act, 2000 and its associated rules for our Indian users. We continuously review and update our privacy practices to ensure the highest level of compliance and protection for all our customers worldwide.

1. Information We Collect

When you interact with TravelYog—whether by browsing our website, creating an account, subscribing to our newsletter, filling out a contact form, making a booking, or leaving a review—we may collect several types of information from and about you. The collection is always done transparently and with your knowledge, unless otherwise stated.

1.1 Personal Identification Information (PII)

This refers to information that can be used to identify you personally, including but not limited to:

• Full Name – First name, middle name, and last name as per your government-issued identification.
• Email Address – Primary and secondary email addresses for booking confirmations and communication.
• Phone Number – Mobile and/or landline numbers, including country codes for international travelers.
• Date of Birth – Required for age verification, insurance purposes, and special discounts.
• Gender – For accommodation arrangements and statistical purposes (optional).
• Nationality & Passport Details – Passport number, issuing country, date of issue, and expiry date for international bookings and visa processing.
• Residential Address – Complete street address, city, state/province, postal code, and country.
• Emergency Contact Information – Name, relationship, and phone number of a person to contact in case of emergency during travel.

1.2 Travel & Booking Information

• Travel Preferences – Dietary restrictions, seat preferences, room type preferences, special assistance requirements, and preferred airline or hotel chains.
• Travel History – Previous destinations visited, past bookings with TravelYog, and feedback provided on completed trips.
• Co-Traveler Information – Names, ages, and relationship details of fellow travelers included in the same booking.
• Loyalty Program Details – Frequent flyer numbers, hotel loyalty membership IDs, and other reward program information.
• Visa & Documentation – Scanned copies of passports, photographs, and supporting documents required for visa applications.

1.3 Financial & Payment Information

We do not store full credit card or debit card numbers on our servers. All payment transactions are processed through PCI-DSS compliant third-party payment gateways. However, we may collect and retain:

• Partial card details (last four digits and card type) for transaction verification.
• Billing address associated with the payment method.
• Transaction IDs and payment confirmation references.
• Invoice and GST details for corporate and Indian customers.

1.4 Automatically Collected Information

When you visit our website, we automatically collect certain information through server logs and other technologies:

• IP Address – Used for geolocation, fraud detection, and analytics.
• Browser Type & Version – Chrome, Firefox, Safari, Edge, etc.
• Operating System – Windows, macOS, Android, iOS, etc.
• Device Type – Desktop, tablet, or mobile device.
• Referring URL – The website from which you arrived at TravelYog.
• Pages Visited & Time Spent – Navigation patterns and engagement metrics.
• Clickstream Data – Mouse movements, clicks, and scrolling behavior.

2. How We Use Your Information

TravelYog uses the collected information for various legitimate business purposes, always striving to enhance your travel experience and provide personalized service. We outline these purposes transparently below:

• Booking Processing & Fulfillment: To process your travel bookings, confirm reservations with airlines, hotels, tour operators, and other service providers, issue tickets and vouchers, and ensure seamless delivery of all travel services you have purchased.
• Personalized Customer Experience: To tailor our website content, travel recommendations, promotional offers, and special deals based on your preferences, browsing history, and past travel patterns.
• Communication & Customer Support: To respond to your inquiries, provide booking updates, send itinerary reminders, deliver important travel alerts (flight changes, weather advisories, etc.), and offer 24/7 customer support before, during, and after your trip.
• Visa & Documentation Assistance: To prepare and submit visa applications, travel insurance documents, and other required travel documentation on your behalf as per your explicit consent.
• Marketing & Promotional Communications: To send you newsletters, exclusive deals, seasonal offers, and travel inspiration content via email or SMS, only if you have opted in to receive such communications. You may opt out at any time.
• Improvement of Services: To analyze website usage patterns and customer feedback to improve our website functionality, user interface, service quality, and overall customer satisfaction.
• Legal & Regulatory Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests, including tax reporting, fraud prevention, and anti-money laundering obligations.

3. Cookies & Tracking Technologies

TravelYog uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and understand where our visitors are coming from. Cookies are small text files stored on your device by your web browser.

3.1 Types of Cookies We Use

3.2 Managing Your Cookie Preferences

You have full control over cookie settings. Most web browsers allow you to block, delete, or limit cookies through their settings. You can also use our cookie preference manager (accessible via the cookie icon at the bottom of our website) to customize which non-essential cookies you accept. Please note that disabling essential cookies may affect the functionality of certain parts of our website.

4. Third-Party Services & Integrations

To deliver a comprehensive travel experience, TravelYog partners with and integrates various third-party services. These entities may have access to some of your information as necessary to perform their functions, but they are contractually bound to use it solely for the specified purposes.

• Airlines & GDS Systems: Amadeus, Sabre, Travelport – for flight bookings and real-time availability.
• Hotel Aggregators: Booking.com API, Expedia Partner Solutions, Agoda – for accommodation reservations.
• Payment Gateways: Razorpay, Stripe, PayPal, CCAvenue – for secure payment processing (PCI-DSS Level 1 compliant).
• Visa & Insurance Partners: VFS Global authorized agents, ICICI Lombard, HDFC Ergo – for visa processing and travel insurance.
• Analytics & CRM: Google Analytics 4, Meta Pixel, HubSpot – for website analytics and customer relationship management.
• Email Marketing: Mailchimp, SendGrid – for newsletter delivery and transactional emails.
• Cloud Hosting: AWS (Amazon Web Services), Cloudflare – for secure and fast website hosting with global CDN.

We encourage you to review the privacy policies of these third-party services to understand their data handling practices. TravelYog is not responsible for the privacy practices of external websites linked from our platform.

5. Data Sharing & Disclosure

TravelYog does not sell, rent, or trade your personal information to third parties for their independent marketing purposes. We only share your data under the following circumstances:

• With Service Providers: As necessary to fulfill your travel bookings (airlines, hotels, tour operators).
• With Legal Authorities: When required by law, court order, or to protect our legal rights, the safety of our customers, or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of all or part of our assets, your data may be transferred as a business asset, subject to the same privacy protections.
• With Your Consent: For any other purpose not listed here, we will seek your explicit consent before sharing your information.

6. Data Retention Policy

We retain your personal information only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, or as required by applicable law. Our retention periods are as follows:

• Active Account Holders: Data retained as long as your account remains active. You may request deletion at any time.
• Completed Bookings: Travel and transaction records retained for 7 years to comply with tax and accounting regulations under Indian law (Income Tax Act, 1961).
• Marketing Consent: Retained until you withdraw consent or unsubscribe.
• Website Analytics Data: Anonymized after 26 months as per Google Analytics default settings.
• Cookie Data: Retained as per the durations specified in the Cookie section above.

7. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data. TravelYog respects and facilitates all applicable rights:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Correct any inaccurate or incomplete information.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to legal retention obligations.
• Right to Restrict Processing: Limit how we use your data under certain conditions.
• Right to Data Portability: Receive your data in a structured, machine-readable format and transfer it to another controller.
• Right to Object: Object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent: Withdraw previously given consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Non-Discrimination (CCPA): Exercise your CCPA rights without facing discriminatory treatment.

To exercise any of these rights, please contact us at privacy@travelyog.com with the subject line "Privacy Rights Request." We will respond within 30 days as required by GDPR, or 45 days as permitted under CCPA.

8. Children's Privacy

Our services are not directed to individuals under the age of 18 years. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at privacy@travelyog.com. Upon verification, we will take steps to remove such information from our records within 72 hours.

9. International Data Transfers

TravelYog is headquartered in India, and our servers are located in India (Mumbai) with CDN distribution via Cloudflare. If you are accessing our services from outside India, please be aware that your information may be transferred to, stored, and processed in India, where our central database operates. By using our services, you consent to this transfer.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure that appropriate safeguards are in place for such transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on adequacy decisions where applicable.

10. Security Measures

The security of your personal information is our top priority. TravelYog employs industry-standard physical, technical, and administrative security measures to protect your data against unauthorized access, alteration, disclosure, or destruction:

• Encryption: TLS 1.3 encryption for all data in transit; AES-256 encryption for sensitive data at rest.
• Firewalls & Network Security: Web Application Firewall (WAF) via Cloudflare, intrusion detection and prevention systems (IDS/IPS).
• Access Controls: Multi-factor authentication (MFA) for all administrative access, role-based access control (RBAC), and principle of least privilege.
• Regular Audits: Quarterly vulnerability assessments and annual penetration testing conducted by certified third-party security firms.
• Employee Training: Mandatory annual data privacy and security awareness training for all TravelYog employees and contractors.
• PCI-DSS Compliance: We do not store sensitive payment data; all card transactions are tokenized by PCI-DSS Level 1 compliant payment gateways.

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. In the unlikely event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as mandated by applicable laws.

11. Changes to This Privacy Policy

TravelYog reserves the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technologies, legal obligations, or for other operational reasons. When we make material changes, we will:

• Post the revised policy on this page with a new "Last Updated" date.
• Display a prominent notice on our website homepage for at least 15 days after the change.
• Send an email notification to all registered users explaining the key changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website and services after any changes constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or our data handling practices, we encourage you to reach out to us. We are committed to resolving all privacy-related inquiries promptly and transparently.

Grievance Officer: grievance@travelyog.com

If you are based in the EU/EEA, you also have the right to lodge a complaint with your local Data Protection Authority (DPA). For Indian users, complaints may be directed to the Data Protection Board of India once established under the Digital Personal Data Protection Act, 2023.