Privacy Policy

Welcome to Tripiko ("we," "our," or "us"). Tripiko is Kerala's community-led travel platform that connects travelers, experience providers, and local curators. We are committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you access or use our mobile application, website (tripiko.in), and related services (collectively, the "Platform"). This policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and applicable Indian data protection laws.

By using the Platform, you consent to the data practices described in this policy. If you do not agree with any part of this policy, please discontinue use of the Platform immediately.

We collect several types of information to provide and improve our services. The categories of information we collect include:

We use the information we collect for the following purposes:

• Account Management: To create, maintain, and secure your Tripiko account, verify your identity, and authenticate your access.
• Service Delivery: To process bookings, facilitate transactions between travelers and providers, process payments, and send booking confirmations and reminders.
• Personalization: To customize your experience based on your travel interests, location, browsing history, and preferences, including personalized recommendations for places, stays, experiences, and events.
• Platform Improvement: To analyze usage patterns, conduct research, test new features, and improve the overall functionality, performance, and user experience of the Platform.
• Communication: To send you service-related announcements, booking updates, promotional offers (with your consent), community updates, and respond to your inquiries and support requests.
• Safety and Security: To detect, prevent, and address fraud, abuse, security risks, and technical issues, and to enforce our Terms of Service and Community Guidelines.
• Community Features: To operate the weighted review system, curator verification program, creator economy features, community circles, and trip collaboration tools.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests, including those under the Information Technology Act, 2000.
• Analytics and Reporting: To generate aggregated, anonymized analytics for providers (such as booking trends and customer demographics) and for internal business intelligence.

We do not sell your personal information to third parties. We may share your information in the following circumstances:

• With Service Providers: When you make a booking, we share necessary information (such as your name, contact details, booking dates, and special requests) with the relevant experience provider, homestay, or transport operator to fulfill your reservation.
• With Payment Processors: We share transaction data with our payment processing partners to facilitate secure payments, process refunds, and prevent payment fraud. We do not store your complete credit or debit card details on our servers.
• With Technology Partners: We engage trusted third-party service providers for cloud hosting, analytics, push notifications, email delivery, crash reporting, and mapping services. These partners are contractually obligated to protect your data and use it solely for the services they provide to us.
• Public Content: Reviews, ratings, trip reports, public trip boards, and profile information you choose to make public are visible to other Tripiko users. Your curator badge and verification status are publicly displayed.
• Legal Requirements: We may disclose your information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Tripiko, our users, or the public.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy commitments outlined in this policy.
• With Your Consent: We may share your information for other purposes with your explicit consent.

We implement reasonable security practices and procedures as mandated by the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Our security measures include:

• Encryption of data in transit using TLS/SSL protocols and encryption of sensitive data at rest using industry-standard AES-256 encryption.
• Secure cloud infrastructure hosted on reputable service providers with SOC 2 compliance and regular security audits.
• Access controls and authentication mechanisms to restrict access to personal data to authorized personnel only.
• Regular vulnerability assessments, penetration testing, and security monitoring of our systems.
• Employee training on data protection practices and confidentiality obligations.
• Incident response procedures for timely detection, containment, and notification of any data breaches.

While we strive to protect your personal information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, and you acknowledge that you provide your information at your own risk.

Under applicable Indian law, including the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, you have the following rights regarding your personal information:

• Right to Access: You may request a copy of the personal information we hold about you. We will respond to your request within a reasonable timeframe.
• Right to Correction: You may update or correct inaccuracies in your personal information at any time through your account settings or by contacting us.
• Right to Withdraw Consent: Where we process your data based on consent, you may withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing performed prior to the withdrawal.
• Right to Deletion: You may request deletion of your account and associated personal data. We will process your request subject to any legal retention obligations and legitimate business needs.
• Right to Grievance Redressal: If you have any concerns about how we handle your data, you may contact our Grievance Officer (details provided in Section 10 below). We will acknowledge your complaint within 48 hours and resolve it within 30 days.

To exercise any of these rights, please contact us at privacy@tripiko.in or through the "Privacy Settings" section of your account.

We retain your personal information for as long as your account is active or as needed to provide you with our services. The specific retention periods depend on the type of data:

• Account Data: Retained for the duration of your active account and up to 90 days after account deletion to allow for account recovery.
• Booking and Transaction Records: Retained for a minimum of 8 years from the date of transaction to comply with Indian tax and financial regulations.
• Reviews and Public Content: Retained as long as the content remains published. Upon account deletion, your reviews may be anonymized rather than deleted to preserve the integrity of the review system.
• Communication Logs: In-app messages between users and providers are retained for up to 3 years for dispute resolution and safety purposes.
• Usage and Analytics Data: Aggregated and anonymized usage data may be retained indefinitely for analytics and business improvement purposes.

After the applicable retention period, your personal data is securely deleted or irreversibly anonymized.

Tripiko is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at privacy@tripiko.in. Upon verification, we will promptly delete such information from our systems.

Minors between 13 and 18 years of age may use the Platform only under the supervision of a parent or legal guardian who agrees to be bound by this Privacy Policy and our Terms of Service on their behalf.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Send a notification through the Platform or via email for significant changes that affect how we handle your personal data.
• Provide a summary of key changes for your convenience.

We encourage you to review this policy periodically. Your continued use of the Platform after any changes constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: