Privacy Policy

This Privacy Policy explains how TripCraft collects, uses, and protects information when you use the Service. We act as a processor for the customer data your agency stores, and as a controller for your account and billing information.

1. Information we collect

• Account data — your name, email, agency details, and hashed password.
• Agency content — contacts, travellers (including passport and travel details you enter), trips, quotes, invoices, messages, and payment records.
• Usage & technical data — log data needed to operate and secure the Service.
• Billing data — handled by our payment processor; we do not store full card numbers.

2. How we use information

• to provide, maintain, and improve the Service;
• to process subscriptions and send service communications;
• to generate AI itineraries (briefs are sent to our AI provider);
• to deliver messages you send via WhatsApp;
• to detect, prevent, and address security issues.

3. Sharing & sub-processors

We share data only with sub-processors needed to run the Service — including our hosting provider, database, AI provider, Razorpay (payments), and Meta (WhatsApp). We do not sell your data.

4. Data security

Data is isolated per agency. Access is permission-controlled, traffic is encrypted in transit, and passwords are stored hashed. No system is perfectly secure, but we take reasonable measures to protect your data.

5. Retention & your rights

We retain data for as long as your account is active. You may request export or deletion of your agency's data, subject to legal retention requirements (e.g. tax invoices). Your customers' rights requests should be directed to your agency, for whom you are the controller.

6. International & legal basis

We process data in line with applicable Indian data-protection law (including the DPDP Act) and other laws relevant to your use.

7. Contact

Privacy questions or requests? Email privacy@tripcraft.app.