Travel Coffee ("Company", "we", "us", or "our") operates the website https://www.travelcoffee.in and offers curated travel experiences across India and globally. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our services or visit our website.

1. Who This Policy Applies To

This policy applies to:

• Visitors to our website, mobile site, or social platforms
• Users booking travel packages via Travel Coffee
• Customers communicating via email, WhatsApp, or phone
• Anyone interacting with our marketing campaigns or customer service

2. Information We Collect

We may collect the following categories of data:

a. Personal Identifiers

• Full Name
• Email Address
• Phone Number
• Postal/Billing Address
• Date of Birth
• Government-issued ID (e.g., passport, Aadhaar, PAN) for travel compliance

b. Booking & Transaction Data

• Travel history, booking dates, destinations
• Preferences for hotel/transport
• Payment method (Note: All payments are processed securely via third-party gateways. We do not store card data)

c. Device & Usage Data

• IP Address
• Device Type and OS
• Browser Type
• Referring/Exit Pages
• Pages visited, time spent, clickstream behavior

d. Location Data

• GPS or IP-based approximate location if you allow access

e. Cookies and Tracking Technologies

• Cookies, pixels, and similar tools for personalization and analytics (see Section 8)

3. How We Use Your Information

We use your data to:

• Process bookings and payments
• Communicate order confirmations and updates
• Offer personalized travel recommendations
• Improve website functionality and user experience
• Prevent fraud or misuse
• Comply with legal requirements under Indian and international laws
• Deliver marketing campaigns (opt-in basis)

4. Legal Bases for Processing (Global Compliance)

For users in:

• India: Personal Data is handled in accordance with the Information Technology Act, 2000, and SPDI Rules.
• EU/UK: Data is processed under lawful bases including contract necessity, consent, and legitimate interests (as per GDPR Articles 6 & 9).
• California: As per the CCPA, users have the right to know, delete, and opt out of data sales (we do not sell data).

5. Sharing of Personal Data

We may share your data with:

• Travel Suppliers: hotels, airlines, transport vendors solely for service delivery
• Payment Gateways: Razorpay, Stripe, or others (only during secure checkout)
• Analytics & Marketing Providers: Google Analytics, Meta Pixel (non-personally identifiable behavior data)
• Legal/Regulatory Authorities: where required by law or to protect rights/safety

We never sell your personal data to third parties.

6. Data Retention & Security

We retain personal data only as long as necessary to:

• Fulfil the purposes outlined in this policy
• Comply with legal, accounting, and regulatory obligations
• Resolve disputes and enforce agreements

We use industry-standard safeguards to protect your information:

• SSL encryption
• Firewalls and multi-level access controls
• Secure servers and cloud infrastructure
• Periodic security audits and internal reviews

Despite our efforts, no system is completely secure. By using our services, you accept this inherent risk.

7. Your Rights

Depending on your region, you may exercise the following rights:

India (IT Act 2000, SPDI Rules)

• Right to know the nature of data collected
• Right to correct, update, or delete information
• Right to withdraw consent (where applicable)
• Right to register a grievance with the Grievance Officer

European Union / UK (GDPR)

• Right to access and correct your data
• Right to data portability (machine-readable format)
• Right to restrict or object to processing
• Right to be forgotten (deletion)
• Right to object to automated decision-making/profiling
• Right to lodge complaints with a Data Protection Authority

California (CCPA)

• Right to know what data we collect and how we use it
• Right to delete your personal data
• Right to opt out of data sales (we don’t sell data)
• Right to non-discriminatory service for exercising rights

How to exercise your rights:

Send an email to support@travelcoffee.in with subject line: "Privacy Request – [Your Full Name]".

8. Cookies & Tracking Technologies

We use cookies, pixels, and similar technologies to:

• Maintain session state
• Personalize your experience
• Measure site performance and traffic
• Show relevant ads across platforms (Google, Meta, etc.)

Cookie Choices:

You may manage cookie preferences via:

• Browser settings
• Our cookie banner (where applicable)
• Google Ad Settings

Note: Disabling cookies may affect site functionality.

9. Third-Party Links and Platforms

Our website may contain links to external websites, booking platforms, or third-party tools.

Travel Coffee is not responsible for the privacy practices or content of any external websites. Please review their privacy policies independently.

This also applies to payment gateways, social media logins, and embedded booking APIs.

10. Third-Party Suppliers & Marketplace Partners

In some cases, your travel services (hotels, activities, transport) may be provided by third-party suppliers or affiliate vendors.

We facilitate bookings but are not responsible for the data practices, disclosures, or policies of external service providers.

If you book a package with a third-party supplier, your personal information may be governed by their terms.

11. Children’s Privacy

Our services are not intended for use by children under 16.

We do not knowingly collect personal data from minors. If we learn we've collected data from a child, we will promptly delete it.

Parents may contact support@travelcoffee.in to request deletion or access.

12. International Data Transfers

We may transfer your data to:

• India (our operational base)
• United States, EU, and other regions for cloud hosting or partner support

We use legally approved transfer mechanisms (e.g., SCCs, DPA-approved safeguards) to ensure your data is adequately protected across borders.

13. Automated Profiling & Decision-Making

We may use limited profiling (e.g., travel interest suggestions or dynamic pricing) to improve your experience.

You have the right to:

• Object to automated profiling
• Request human review of decisions impacting you

14. Breach Notification

If Travel Coffee becomes aware of a data breach:

• We will notify affected users within 72 hours (as per GDPR)
• We will report the incident to Indian authorities where required
• We will take all necessary containment and remediation actions

15. Policy Updates

This Privacy Policy may be updated periodically.

We will notify you of material changes through:

• A website banner
• Email (if you’re subscribed)
• Updates on this page with a new effective date