Privacy Policy

Last updated: February 2026 · Effective immediately upon registration

🔒 Your privacy matters deeply to us. Trivasta collects only what's necessary to deliver an exceptional travel planning experience. We never sell your personal data to third parties.
Section 1

Information We Collect

We collect information you provide directly when using Trivasta, as well as data generated automatically through your use of our platform.

Information you provide:

  • Account details: name, email address, username and password
  • Trip planning data: destinations, dates, budget preferences and travel style
  • Payment information: processed securely by Razorpay — we never store card details
  • Agency information: business name, location, description and contact details
  • Communications: messages sent through our platform between users and agencies

Information collected automatically:

  • Device information: browser type, operating system, IP address
  • Usage data: pages visited, features used, time spent on platform
  • Cookies and similar tracking technologies (see Section 4)
Section 2

How We Use Your Information

  • To generate personalized AI travel itineraries based on your preferences
  • To connect you with relevant travel agencies and facilitate bookings
  • To process payments and send booking confirmations
  • To send service-related communications (booking updates, receipts)
  • To improve our AI models and platform features
  • To prevent fraud and ensure platform security
  • To comply with legal obligations

We do not use your data for targeted advertising and we never sell your personal information.

Section 3

Information Sharing

We share your information only in the following limited circumstances:

  • With travel agencies: When you request offers, agencies see your trip requirements (destination, duration, budget, travel type) but not your personal contact details until you confirm a booking
  • Payment processors: Razorpay receives payment data necessary to process transactions
  • AI service providers: Trip planning data is sent to Groq/Google Gemini APIs to generate itineraries — no personal identifiers are included
  • Legal requirements: When required by law, court order or government authority
  • Business transfers: In the event of a merger or acquisition, with appropriate privacy protections
Section 4

Cookies & Tracking

Trivasta uses cookies to maintain your login session, remember preferences and analyse platform usage. We use:

  • Essential cookies: Required for login sessions and CSRF security — cannot be disabled
  • Analytics cookies: Help us understand how users navigate the platform (anonymised)
  • Preference cookies: Remember your settings and preferences

You can control cookie settings through your browser. Disabling essential cookies will prevent you from logging in.

Section 5

Data Security

We implement industry-standard security measures to protect your information:

  • All data transmitted via 256-bit SSL/TLS encryption
  • Passwords hashed using Django's PBKDF2 algorithm with SHA256
  • Payment data handled exclusively by PCI-DSS compliant Razorpay
  • Regular security audits and vulnerability assessments
  • Access to personal data restricted to authorised team members only

No system is perfectly secure. In the event of a data breach affecting your rights, we will notify you within 72 hours.

Section 6

Your Rights

Under applicable Indian data protection law, you have the right to:

  • Access: Request a copy of all personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and associated data
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing of your data for marketing purposes

To exercise any of these rights, email us at privacy@trivasta.com. We respond within 30 days.

Section 7

Data Retention

We retain your personal data for as long as your account is active. After account deletion:

  • Profile data deleted within 30 days
  • Booking and payment records retained for 7 years (legal requirement)
  • AI-generated itineraries anonymised and may be retained for model improvement
  • Backup copies purged within 90 days
Section 8

Children's Privacy

Trivasta is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has created an account, please contact us immediately at privacy@trivasta.com.

Section 9

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email at least 14 days before they take effect. Continued use of Trivasta after changes constitutes acceptance of the updated policy.

Section 10

Contact Us

For any privacy-related questions or to exercise your data rights: