Travonex logoTravonex
HomeGroup TripsActivitiesDealsAI PlannerPro
Log inSign Up
Travonex

Curated group trips and social travel activities for modern explorers.

Explore

  • Discover Group Trips
  • Discover Activities
  • FAQ & Support
  • AI Trip Planner

For Partners

  • Partner with Travonex
  • Partner Login
  • How it Works
  • For Businesses

Legal

  • Privacy Policy
  • Terms & Conditions
  • Refund Policy
With love from us to every traveler who deserves better.— Team Travonex 🧡

© 2026 Travonex. All rights reserved.

      Back to Home

      Privacy Policy

      Data Privacy & DPDP ComplianceLast Updated: March 2026

      PRIVACY POLICY

      Travonex - Travel & Activities Marketplace

      1. LEGAL STATUS, SCOPE & APPLICABILITY

      1.1 Legal Framework

      This Privacy Policy ("Policy") is an electronic record in terms of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act").

      1.2 Scope

      This Policy governs the collection, use, processing, storage, disclosure, retention, and protection of personal data of individuals ("Users", "you", "your") who access or use the Travonex platform, including through:

      • the website,
      • mobile or web interfaces,
      • email,
      • SMS,
      • WhatsApp and other electronic communication channels (collectively, the "Platform").

      1.3 Electronic Record

      This electronic record is generated by a computer system and does not require physical or digital signatures.

      1.4 Acceptance

      By accessing or using the Platform, you acknowledge that you have read, understood, and agreed to the terms of this Policy.

      2. DEFINITIONS & STATUTORY INTERPRETATION

      2.1 "Personal Data" means any data about an identifiable individual, as defined under Section 2(t) of the DPDP Act.

      2.2 "Sensitive Personal Data" or "SPDI" shall have the meaning assigned under Rule 3 of the IT Rules and includes financial information, health data, passwords, and authentication credentials.

      2.3 "Processing" includes collection, recording, organisation, structuring, storage, use, sharing, disclosure, retention, anonymisation, and erasure of personal data.

      2.4 "Data Principal" means the individual to whom the personal data relates.

      2.5 "Data Fiduciary" means Wanderlynx Labs LLP, which determines the purpose and means of processing personal data.

      2.6 "Organizer" means an independent third-party service provider listing and conducting travel experiences on the Platform.

      2.7 "Consent" means any freely given, specific, informed and unambiguous indication of the Data Principal's wishes by which they, by a clear affirmative action, signify agreement to the processing of personal data, in accordance with Section 6 of the DPDP Act, 2023.

      2.8 "Withdrawal of Consent" means the right of the Data Principal to withdraw consent at any time, in accordance with Section 6(2) of the DPDP Act, without affecting the lawfulness of processing carried out prior to such withdrawal.

      3. PLATFORM OWNERSHIP & CONTACT DETAILS

      The Platform is owned and operated by:

      Wanderlynx Labs LLP

      UNIT 101, Oxford Towers

      139, HAL Old Airport Road

      Hulsur Bazaar

      Bengaluru - 560008, Karnataka, India

      Email: contact@travonex.com

      4. ROLE OF TRAVONEX AS DATA FIDUCIARY

      4.1 Travonex operates as a technology-based travel marketplace and digital intermediary.

      4.2 Travonex does not own, operate, manage, or control the travel experiences listed on the Platform.

      4.3 Organizers are independent service providers and are responsible for their own data processing practices once User data is shared with them for experience fulfillment.

      4.4 Travonex acts as a Data Fiduciary under the DPDP Act for personal data processed for platform operations, payments, security, compliance, and customer support.

      SPECIAL DISCLOSURE: AI & ANALYTICS

      AI Planner & LLM Training: When you use our "AI Planner" or conversational interfaces, you expressly consent to the processing of your inputs and interactions to train and refine our Large Language Models (LLMs). This helps us improve travel recommendations, response accuracy, and personalization for the entire Travonex community.

      Interest-Based Ads & Social Media: We use Meta Pixels and similar tracking technologies to serve interest-based advertisements to you on social media platforms. This ensures the ads you see are relevant to your travel interests.

      Google Analytics: We use Google Analytics to understand platform performance, user journeys, and technical health through pseudonymised data.

      5. CATEGORIES OF PERSONAL DATA COLLECTED

      5.1 Identity & Contact Information

      • Full legal name
      • Email address
      • Mobile number

      Purpose: Account creation, authentication, booking confirmations, customer support, legal communication.

      Legal Basis: Consent + contractual necessity.

      5.2 Booking, Travel & Transaction Data

      • Booking IDs and references
      • Activity details
      • Travel dates and participant details
      • Cancellation, refund, and dispute records

      Purpose: Activity fulfillment, accounting, audits, dispute resolution, and compliance.

      5.3 Payment-Related Information

      Travonex does not store or process full payment credentials.

      5.3.1 Payment Gateway Data Flow

      What Travonex Receives: Transaction ID, status (success/failure), payment mode (generic), timestamp, and masked card info (first 6 and last 4 digits only).

      What Travonex Does NOT Receive: Full card numbers, CVV, UPI PINs, Net banking credentials, or OTPs.

      PCI-DSS Compliance: Payment gateways like Razorpay, PhonePe, or Cashfree are PCI-DSS Level 1 compliant and act as independent Data Fiduciaries.

      5.4 Emergency, Health & Special Requirement Data (Sensitive Personal Data)

      Users may voluntarily provide emergency contacts, medical declarations, or dietary restrictions. This is shared only with the relevant Organizer for safety and fulfillment.

      Retention: Deleted within 90 days of trip completion unless required for legal/insurance reasons.

      5.5 Device & Location Analytics

      We automatically collect device information, IP-based location data (such as City/Country), and platform interaction analytics when you use Travonex. This is standard practice for securing the platform, complying with legal consent requirements, and improving user experience.

      Purpose: Security, fraud prevention, compliance tracking, and performance analytics.

      6. PURPOSE & LEGAL BASIS OF PROCESSING

      6.1 Legal Basis for Processing (Section 7, DPDP Act)

      Travonex processes personal data based on: (a) Consent, (b) Contractual Necessity, (c) Legal Obligations, (d) Legitimate Interest (fraud prevention), and (e) Vital Interest (user safety during emergencies).

      6.2 Data Minimization

      Travonex collects only personal data that is adequate, relevant, and limited to what is necessary for stated purposes, in accordance with Section 4 of the DPDP Act.

      7. DATA SHARING & DISCLOSURE

      7.1 Sharing with Activity Organizers

      Data Shared: Booking details, User contact information, Special requirements (if provided), Payment status.

      Organizer Obligations: Use data solely for experience delivery, delete data within 180 days post-experience (excluding tax/legal records), and comply with the DPDP Act.

      7.2 Sharing with Service Providers (Data Processors)

      • Cloud Hosting: AWS (Mumbai Region) for secure hosting and backups.
      • Payment Gateways: Razorpay, PhonePe, Cashfree for secure transactions.
      • Communication: SMS/Email/WhatsApp providers for transactional messages.
      • Analytics: Google Analytics for platform health (pseudonymised data).

      8. COOKIES & TRACKING

      Travonex uses essential, functional, and analytics cookies. This includes **Meta Pixels** for serving relevant travel ads based on your platform behavior. Users may manage cookie preferences via browser settings.

      For full details on cookies, tracking tools, and consent management see Section 8A, 8B, and 8C below.

      8A. COOKIES, TRACKING & CONSENT MANAGEMENT

      8A.1 Types of Cookies Used

      Essential Cookies

      Required for core platform functionality including login sessions, booking flow, and payment processing. These cannot be disabled and do not require consent.

      Analytics Cookies

      Travonex uses Google Analytics to understand how travelers discover and use the platform. Data collected is aggregated and anonymised. No personally identifiable information is shared with Google Analytics.
      Opt out: tools.google.com/dlpage/gaoptout

      Marketing & Retargeting Cookies

      Travonex uses Meta Pixel (ID: 1220726809673027) to measure advertising effectiveness and to show relevant travel content to users who have previously visited the platform. This is only activated after explicit cookie consent is provided.
      Manage preferences: facebook.com/ads/preferences

      AI Personalisation

      Anonymised search queries entered into the Travonex AI Trip Planner are stored and used to improve trip recommendations on the platform. No personally identifiable information is stored from AI Planner searches. See Section 8B for full details.

      8A.2 Cookie Consent Banner

      Travonex displays a cookie consent banner to all first time visitors. Users may: Accept all cookies; Manage individual preferences by category (Essential, Analytics, Marketing, AI Personalisation); Withdraw consent at any time by clearing browser cookies or using the preference manager.

      8A.3 Conditional Loading

      Analytics and Marketing cookies are only loaded after a user provides explicit consent via the banner. Essential cookies load by default as they are required for platform functionality.

      8A.4 Consent Records

      Consent preferences are stored locally for 365 days. Users may update their preferences at any time.

      8B. AI TRIP PLANNER - DATA COLLECTION & USAGE

      8B.1 What We Collect

      When you use the Travonex AI Trip Planner at travonex.com/ai-planner, your search queries are collected in anonymised form.

      8B.2 How We Use It

      Anonymised query data is used to:

      • Improve the relevance and quality of trip recommendations shown on Travonex.
      • Understand travel trends, popular destinations, and traveler intent patterns across our user base.
      • Improve the AI Planner's ability to match traveler preferences with verified trip listings.
      • Support internal analytics and platform development decisions.

      8B.3 What We Do NOT Do

      • We do not store personally identifiable information from AI Planner searches.
      • Queries are anonymised before storage and are never linked back to individual user accounts or profiles.
      • This data is never sold to third parties or shared with advertisers.

      8B.4 Disclaimer on Planner Page

      A disclosure is shown below the AI Planner search input informing users that anonymised queries are used to improve recommendations.

      8C. THIRD PARTY ANALYTICS & ADVERTISING TOOLS

      8C.1 Google Analytics

      Provider: Google LLC
      Purpose: Platform usage analysis, traffic measurement, user behaviour insights (aggregated and anonymised).
      Data location: Google servers (subject to Google's privacy policy)
      Data shared: Anonymised, aggregated usage data only. Travonex does not share personally identifiable information with Google Analytics.
      Opt out: tools.google.com/dlpage/gaoptout
      Google Privacy Policy: policies.google.com/privacy

      8C.2 Meta Pixel

      Provider: Meta Platforms Inc.
      Pixel ID: 1220726809673027
      Purpose: Advertising effectiveness measurement and delivery of relevant travel content to users who have visited Travonex.
      Activation: Only after explicit cookie consent is provided.
      Data shared: Anonymised event data (page views, button clicks) only. Travonex does not share personal booking data or payment data with Meta.
      Manage preferences: facebook.com/ads/preferences
      Meta Privacy Policy: facebook.com/privacy/policy

      8C.3 Firebase & Google Cloud

      Provider: Google LLC
      Purpose: Platform hosting, database, authentication, and cloud functions.
      Region: Asia East (Google Cloud)
      Safeguards: ISO 27001, SOC 2 compliant.

      8C.4 Cashfree Payments

      Provider: Cashfree Payments India Pvt Ltd
      Purpose: Payment processing, escrow, and automatic settlement via Easy Split.
      Data shared: Booking amount, transaction reference, and settlement details only. Travonex does not store card numbers, UPI PINs, CVV, or any payment credentials. Cashfree is RBI regulated and PCI-DSS compliant.
      Cashfree Privacy Policy: cashfree.com/privacy-policy

      9. DATA RETENTION

      9.1 Data is retained only as long as necessary for stated purposes or legal compliance.

      9.2 Aggregated or anonymised data may be retained indefinitely.

      9.3 Specific retention periods:

      • Account data: Duration of account plus 3 years.
      • Transaction records: 8 years for tax and audit purposes.
      • Emergency/health data: Deleted within 90 days of trip completion.
      • Dispute records: Duration of dispute plus applicable limitation period.

      10. DATA SECURITY & BREACH RESPONSE

      10.1 Travonex implements reasonable technical and organisational safeguards including encryption, access controls, and security audits.

      10.2 In the event of a data breach likely to cause harm, Travonex shall notify affected Users and authorities as required by applicable law.

      11. USER RIGHTS

      11.1 Users may exercise the following rights by writing to contact@travonex.com:

      • Right to Access personal data held.
      • Right to Correction of inaccurate data.
      • Right to Deletion subject to legal retention requirements.
      • Right to Withdrawal of Consent.
      • Right to Data Portability.

      11.2 Requests will be processed within statutory timelines under the DPDP Act.

      12. ACCOUNT DELETION

      Upon verified request, personal data will be deleted or anonymised except where retention is legally required.

      13. CHILDREN'S PRIVACY

      The Platform is not intended for use by individuals under 18 without guardian involvement.

      14. MARKETING COMMUNICATIONS

      Promotional communications are optional and can be opted out at any time.

      15. THIRD PARTY LINKS

      Travonex is not responsible for third-party privacy practices.

      16. GRIEVANCE REDRESSAL

      Grievance Officer: Akash

      Email: contact@travonex.com

      © 2026 Wanderlynx Labs LLP • All Rights Reserved