Travonex - Travel & Activities Marketplace
1.1 Legal Framework
This Privacy Policy ("Policy") is an electronic record in terms of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act").
1.2 Scope
This Policy governs the collection, use, processing, storage, disclosure, retention, and protection of personal data of individuals ("Users", "you", "your") who access or use the Travonex platform, including through:
1.3 Electronic Record
This electronic record is generated by a computer system and does not require physical or digital signatures.
1.4 Acceptance
By accessing or using the Platform, you acknowledge that you have read, understood, and agreed to the terms of this Policy.
2.1 "Personal Data" means any data about an identifiable individual, as defined under Section 2(t) of the DPDP Act.
2.2 "Sensitive Personal Data" or "SPDI" shall have the meaning assigned under Rule 3 of the IT Rules and includes financial information, health data, passwords, and authentication credentials.
2.3 "Processing" includes collection, recording, organisation, structuring, storage, use, sharing, disclosure, retention, anonymisation, and erasure of personal data.
2.4 "Data Principal" means the individual to whom the personal data relates.
2.5 "Data Fiduciary" means Wanderlynx Labs LLP, which determines the purpose and means of processing personal data.
2.6 "Organizer" means an independent third-party service provider listing and conducting travel experiences on the Platform.
2.7 "Consent" means any freely given, specific, informed and unambiguous indication of the Data Principal's wishes by which they, by a clear affirmative action, signify agreement to the processing of personal data, in accordance with Section 6 of the DPDP Act, 2023.
2.8 "Withdrawal of Consent" means the right of the Data Principal to withdraw consent at any time, in accordance with Section 6(2) of the DPDP Act, without affecting the lawfulness of processing carried out prior to such withdrawal.
The Platform is owned and operated by:
Wanderlynx Labs LLP
UNIT 101, Oxford Towers
139, HAL Old Airport Road
Hulsur Bazaar
Bengaluru - 560008, Karnataka, India
Email: contact@travonex.com
4.1 Travonex operates as a technology-based travel marketplace and digital intermediary.
4.2 Travonex does not own, operate, manage, or control the travel experiences listed on the Platform.
4.3 Organizers are independent service providers and are responsible for their own data processing practices once User data is shared with them for experience fulfillment.
4.4 Travonex acts as a Data Fiduciary under the DPDP Act for personal data processed for platform operations, payments, security, compliance, and customer support.
AI Planner & LLM Training: When you use our "AI Planner" or conversational interfaces, you expressly consent to the processing of your inputs and interactions to train and refine our Large Language Models (LLMs). This helps us improve travel recommendations, response accuracy, and personalization for the entire Travonex community.
Interest-Based Ads & Social Media: We use Meta Pixels and similar tracking technologies to serve interest-based advertisements to you on social media platforms. This ensures the ads you see are relevant to your travel interests.
Google Analytics: We use Google Analytics to understand platform performance, user journeys, and technical health through pseudonymised data.
5.1 Identity & Contact Information
Purpose: Account creation, authentication, booking confirmations, customer support, legal communication.
Legal Basis: Consent + contractual necessity.
5.2 Booking, Travel & Transaction Data
Purpose: Activity fulfillment, accounting, audits, dispute resolution, and compliance.
5.3 Payment-Related Information
Travonex does not store or process full payment credentials.
5.3.1 Payment Gateway Data Flow
What Travonex Receives: Transaction ID, status (success/failure), payment mode (generic), timestamp, and masked card info (first 6 and last 4 digits only).
What Travonex Does NOT Receive: Full card numbers, CVV, UPI PINs, Net banking credentials, or OTPs.
PCI-DSS Compliance: Payment gateways like Razorpay, PhonePe, or Cashfree are PCI-DSS Level 1 compliant and act as independent Data Fiduciaries.
5.4 Emergency, Health & Special Requirement Data (Sensitive Personal Data)
Users may voluntarily provide emergency contacts, medical declarations, or dietary restrictions. This is shared only with the relevant Organizer for safety and fulfillment.
Retention: Deleted within 90 days of trip completion unless required for legal/insurance reasons.
5.5 Device & Location Analytics
We automatically collect device information, IP-based location data (such as City/Country), and platform interaction analytics when you use Travonex. This is standard practice for securing the platform, complying with legal consent requirements, and improving user experience.
Purpose: Security, fraud prevention, compliance tracking, and performance analytics.
6.1 Legal Basis for Processing (Section 7, DPDP Act)
Travonex processes personal data based on: (a) Consent, (b) Contractual Necessity, (c) Legal Obligations, (d) Legitimate Interest (fraud prevention), and (e) Vital Interest (user safety during emergencies).
6.2 Data Minimization
Travonex collects only personal data that is adequate, relevant, and limited to what is necessary for stated purposes, in accordance with Section 4 of the DPDP Act.
7.1 Sharing with Activity Organizers
Data Shared: Booking details, User contact information, Special requirements (if provided), Payment status.
Organizer Obligations: Use data solely for experience delivery, delete data within 180 days post-experience (excluding tax/legal records), and comply with the DPDP Act.
7.2 Sharing with Service Providers (Data Processors)
Travonex uses essential, functional, and analytics cookies. This includes **Meta Pixels** for serving relevant travel ads based on your platform behavior. Users may manage cookie preferences via browser settings.
For full details on cookies, tracking tools, and consent management see Section 8A, 8B, and 8C below.
8A.1 Types of Cookies Used
Essential Cookies
Required for core platform functionality including login sessions, booking flow, and payment processing. These cannot be disabled and do not require consent.
Analytics Cookies
Travonex uses Google Analytics to understand how travelers discover and use the platform. Data collected is aggregated and anonymised. No personally identifiable information is shared with Google Analytics.
Opt out: tools.google.com/dlpage/gaoptout
Marketing & Retargeting Cookies
Travonex uses Meta Pixel (ID: 1220726809673027) to measure advertising effectiveness and to show relevant travel content to users who have previously visited the platform. This is only activated after explicit cookie consent is provided.
Manage preferences: facebook.com/ads/preferences
AI Personalisation
Anonymised search queries entered into the Travonex AI Trip Planner are stored and used to improve trip recommendations on the platform. No personally identifiable information is stored from AI Planner searches. See Section 8B for full details.
8A.2 Cookie Consent Banner
Travonex displays a cookie consent banner to all first time visitors. Users may: Accept all cookies; Manage individual preferences by category (Essential, Analytics, Marketing, AI Personalisation); Withdraw consent at any time by clearing browser cookies or using the preference manager.
8A.3 Conditional Loading
Analytics and Marketing cookies are only loaded after a user provides explicit consent via the banner. Essential cookies load by default as they are required for platform functionality.
8A.4 Consent Records
Consent preferences are stored locally for 365 days. Users may update their preferences at any time.
8B.1 What We Collect
When you use the Travonex AI Trip Planner at travonex.com/ai-planner, your search queries are collected in anonymised form.
8B.2 How We Use It
Anonymised query data is used to:
8B.3 What We Do NOT Do
8B.4 Disclaimer on Planner Page
A disclosure is shown below the AI Planner search input informing users that anonymised queries are used to improve recommendations.
8C.1 Google Analytics
Provider: Google LLC
Purpose: Platform usage analysis, traffic measurement, user behaviour insights (aggregated and anonymised).
Data location: Google servers (subject to Google's privacy policy)
Data shared: Anonymised, aggregated usage data only. Travonex does not share personally identifiable information with Google Analytics.
Opt out: tools.google.com/dlpage/gaoptout
Google Privacy Policy: policies.google.com/privacy
8C.2 Meta Pixel
Provider: Meta Platforms Inc.
Pixel ID: 1220726809673027
Purpose: Advertising effectiveness measurement and delivery of relevant travel content to users who have visited Travonex.
Activation: Only after explicit cookie consent is provided.
Data shared: Anonymised event data (page views, button clicks) only. Travonex does not share personal booking data or payment data with Meta.
Manage preferences: facebook.com/ads/preferences
Meta Privacy Policy: facebook.com/privacy/policy
8C.3 Firebase & Google Cloud
Provider: Google LLC
Purpose: Platform hosting, database, authentication, and cloud functions.
Region: Asia East (Google Cloud)
Safeguards: ISO 27001, SOC 2 compliant.
8C.4 Cashfree Payments
Provider: Cashfree Payments India Pvt Ltd
Purpose: Payment processing, escrow, and automatic settlement via Easy Split.
Data shared: Booking amount, transaction reference, and settlement details only. Travonex does not store card numbers, UPI PINs, CVV, or any payment credentials. Cashfree is RBI regulated and PCI-DSS compliant.
Cashfree Privacy Policy: cashfree.com/privacy-policy
9.1 Data is retained only as long as necessary for stated purposes or legal compliance.
9.2 Aggregated or anonymised data may be retained indefinitely.
9.3 Specific retention periods:
10.1 Travonex implements reasonable technical and organisational safeguards including encryption, access controls, and security audits.
10.2 In the event of a data breach likely to cause harm, Travonex shall notify affected Users and authorities as required by applicable law.
11.1 Users may exercise the following rights by writing to contact@travonex.com:
11.2 Requests will be processed within statutory timelines under the DPDP Act.
Upon verified request, personal data will be deleted or anonymised except where retention is legally required.
The Platform is not intended for use by individuals under 18 without guardian involvement.
Promotional communications are optional and can be opted out at any time.
Travonex is not responsible for third-party privacy practices.
Grievance Officer: Akash
Email: contact@travonex.com