About This Policy
TripClap operates as a two-sided travel marketplace — connecting travelers seeking holiday packages with verified travel agents across India and worldwide. This Privacy Policy ("Policy") governs the collection, storage, use, disclosure, and protection of Personal Information and Sensitive Personal Data provided by users ("you", "traveler") of:
- The website www.tripclap.com and all its sub-domains
- Our mobile applications (iOS and Android, when available)
- Any communications or interactions you have with our team
This Policy is published in compliance with:
- The Digital Personal Data Protection (DPDP) Act, 2023 (India) India Law
- The Information Technology Act, 2000 and IT (SPDI) Rules, 2011 (India) India Law
- The General Data Protection Regulation (GDPR) for users in the European Economic Area GDPR
- Requirements of Google LLC for advertising and analytics services Google Policy
- Requirements of Meta Platforms Inc. (Facebook, Instagram) for advertising services
- Standards of payment partners Razorpay and Cashfree
Information We Collect
A. Information You Provide Directly
When you browse packages, submit a travel enquiry form, or contact us, we may collect:
| Category | Specific Data Points | When Collected |
|---|---|---|
| Identity | Full name, date of birth (optional) | Enquiry form submission |
| Contact | Mobile number, email address, city of residence | Enquiry form / registration |
| Travel Details | Destination, travel dates, number of travellers, budget range, flight details, hotel preferences, special requirements | Enquiry form submission |
| Verification Data | OTP confirmation (phone & email), call interaction records, trip intent assessment notes | Lead verification process |
| Communication | Chat messages, emails, feedback, review content | Ongoing platform use |
| Financial (if applicable) | Transaction reference IDs, billing name, GST number (for corporate clients). We do not store card/bank details — all payment data is handled by Razorpay / Cashfree. | Payment flows |
B. Automatically Collected Information
When you visit our website, we automatically collect certain technical information:
- Device & Browser: IP address, browser type and version, operating system, device model, screen resolution
- Usage Data: Pages visited, time spent, clicks, scroll depth, package pages viewed, search queries entered on our platform
- Location Data: Approximate city/country level location inferred from IP address (we do not collect precise GPS location)
- Referral Source: The URL or search engine query that brought you to TripClap
- Session Data: Session tokens, login timestamps
C. Information from Third Parties
- Google: If you use "Sign in with Google," we receive your name, email address, and profile picture as permitted by your Google account settings.
- Facebook / Meta: If you click on our Facebook ads or interact with our Facebook Page, Meta may share aggregated audience data with us via the Facebook Pixel.
- Travel Agents: Registered agents on our platform may update or add context to your enquiry with your consent during the package consultation process.
How We Use Your Information
We use the personal data collected for the following purposes, relying on valid legal bases:
| Purpose | Details | Legal Basis (DPDP / GDPR) |
|---|---|---|
| Service Delivery | Processing your travel enquiry, connecting you with suitable travel agents, providing package information and quotes | Consent / Contract Performance |
| Lead Verification | Verifying your identity via OTP, making manual confirmation calls to assess trip intent and capture accurate trip requirements | Consent / Legitimate Interest |
| Communication | Sending booking confirmations, updates, itineraries, travel tips, and service-related notifications via SMS, email, WhatsApp | Consent / Contract Performance |
| Marketing & Promotions | Sending promotional emails, offers, and newsletters. You may opt out at any time via the "Unsubscribe" link in our emails. | Consent (opt-in) |
| Platform Improvement | Analysing user behaviour to improve website features, package recommendations, and user experience | Legitimate Interest |
| Advertising | Running targeted ads on Google and Facebook/Instagram using aggregated audience data and retargeting pixels | Consent (cookie consent) |
| Legal Compliance | Meeting obligations under Indian law (DPDP Act, IT Act), responding to court orders, or cooperating with law enforcement where legally required | Legal Obligation |
| Fraud Prevention | Detecting and preventing fake enquiries, spam, and fraudulent bookings to protect genuine travellers and agents | Legitimate Interest |
Lead Sharing with Travel Agents
How Lead Sharing Works
By submitting an enquiry form on TripClap, you expressly consent to TripClap sharing your provided personal information (name, mobile number, email address, travel requirements) with a maximum of 3 (three) travel agents registered on our platform who are best matched to your destination and requirements. This is the core purpose of our platform — helping you receive competitive quotes from multiple agents.
Who Are These Travel Agents?
- All agents on TripClap are registered, verified businesses who have accepted TripClap's Agent Terms of Service and Privacy obligations.
- These are primarily Indian travel agencies, though some may specialize in international destinations.
- Agents are contractually prohibited from selling, sharing, or misusing your data for purposes other than responding to your travel enquiry.
Lead Exclusivity
Your enquiry is not exclusive to a single agent — it is shared with up to 3 agents simultaneously. This is by design to give you access to competitive pricing and multiple options. You are under no obligation to book with any agent who contacts you.
Withdrawal of Consent
If you wish to withdraw your consent and stop receiving calls/messages from agents regarding a specific enquiry, please email us at privacy@tripclap.com with your registered mobile number. We will flag your lead as "Do Not Contact" and notify the agents accordingly. Note that we cannot retract data already communicated before your withdrawal request.
Agent Data Responsibility
Once your data is shared with a travel agent, that agent becomes an independent Data Processor (and, in some contexts, a Data Controller) of your personal data for the purpose of responding to your enquiry. TripClap is not responsible for the downstream privacy practices of individual agents beyond our contractual obligations with them. We recommend asking agents directly about their data handling practices before proceeding with a booking.
Cookies & Tracking Technologies
TripClap uses cookies, web beacons, pixels, and similar tracking technologies to operate our website, understand user behaviour, and deliver relevant advertising. Google Policy
Types of Cookies We Use
| Cookie Type | Purpose | Can You Opt Out? |
|---|---|---|
| Strictly Necessary | Essential for the website to function — session management, form security (CSRF tokens), OTP flow | No (essential for service) |
| Performance / Analytics | Google Analytics (GA4) to understand page performance, user flows, and traffic sources | Yes — via cookie settings |
| Advertising / Retargeting | Google Ads conversion tracking, Google Tag Manager; Facebook Pixel / Meta Pixel for ad performance and retargeting on Facebook/Instagram | Yes — via cookie settings |
| Functional | Remembering your preferences, pre-filling enquiry forms for returning users, language preferences | Yes — via cookie settings |
Google Services Disclosure Google
We use the following Google services on our platform:
- Google Analytics 4 (GA4) — Collects anonymised usage data. Data is processed by Google Inc. in accordance with Google's Privacy Policy. We have enabled IP anonymisation.
- Google Ads & Google Search Ads — We run paid search campaigns. Conversion tracking cookies may be placed on your browser when you arrive from a Google Ad.
- Google Tag Manager — Used to deploy and manage tracking scripts. No data is collected by GTM itself.
- Google Sign-In (OAuth) — If used, we access only your basic profile (name, email) as permitted by your Google account settings. You can revoke access at any time via Google Account Permissions.
- reCAPTCHA — Used on forms to prevent spam. Subject to Google's Privacy Policy and Terms of Service.
Meta / Facebook Services Disclosure
We use the Meta Pixel (Facebook Pixel) on our website to:
- Measure the effectiveness of our Facebook and Instagram advertising campaigns
- Build Custom Audiences for retargeting users who have visited our website
- Track conversion events (enquiry submissions, package views)
This data is processed by Meta Platforms Ireland Ltd. in accordance with Meta's Privacy Policy. You can manage your Meta ad preferences at facebook.com/ads/preferences or opt out of interest-based advertising via the Digital Advertising Alliance.
Managing Your Cookie Preferences
You can manage cookie preferences at any time via:
- The Cookie Settings banner displayed on your first visit to our website
- Your browser settings — most browsers allow you to block or delete cookies
- The Google Analytics opt-out browser add-on: tools.google.com/dlpage/gaoptout
- Google's Ad Settings: adssettings.google.com
Disabling certain cookies may affect your ability to use some features of our website, such as pre-filled forms.
Third-Party Services & Disclosures
TripClap integrates with trusted third-party service providers to deliver a seamless experience. Each provider processes your data only as necessary for their specific function and is bound by data processing agreements.
| Service Provider | Purpose | Data Shared | Their Privacy Policy |
|---|---|---|---|
| Razorpay | Payment processing for agent subscriptions & services | Transaction details, billing name; no card data stored by TripClap | razorpay.com/privacy |
| Cashfree Payments | Alternative payment processing | Transaction details, billing information | cashfree.com privacy |
| Google LLC | Analytics, advertising, maps, cloud infrastructure | Anonymised usage data, ad interaction data | policies.google.com/privacy |
| Meta Platforms Inc. | Facebook/Instagram advertising & retargeting | Hashed email/phone (via Pixel), page interaction events | facebook.com/privacy |
| SMS / OTP Gateway | Sending OTP and transactional SMS for lead verification | Mobile number, OTP message | As per provider's policy |
| Email Service Provider | Sending transactional and marketing emails | Email address, name | As per provider's policy |
| Cloud Hosting Provider | Secure storage and hosting of platform data | Encrypted platform data | As per provider's policy |
What We Do NOT Do
- We do not sell your personal data to any third party for their own independent commercial purposes
- We do not share your data with advertisers in a way that directly identifies you
- We do not permit third-party service providers to use your data for their own marketing
- We do not share your data with agents outside of India without your explicit consent
International Data Transfers
TripClap is headquartered in Gurugram, India. If you are accessing our platform from outside India — including from the European Economic Area (EEA), United Kingdom, or other countries — your personal data will be transferred to and processed in India.
We take the following steps to protect cross-border data transfers:
- We ensure that all international data transfers are covered by appropriate contractual safeguards, including Standard Contractual Clauses (SCCs) where applicable under GDPR.
- Our cloud and infrastructure partners are located in countries with adequate data protection frameworks.
- Data is encrypted in transit (TLS 1.2+) and at rest.
When you submit a travel enquiry for international destinations (e.g., trips to Europe, South-East Asia, or other countries), your data may be shared with travel agents who specialize in those destinations. These agents are based in India and operate under Indian law.
Data Security
TripClap is an ISO-certified company and takes data security seriously. We implement industry-standard technical and organisational measures to protect your information from unauthorised access, loss, misuse, alteration, or destruction.
Security Measures We Employ
- Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security) 1.2 or higher.
- Encryption at Rest: Sensitive data fields stored in our databases are encrypted at rest.
- OTP Verification: Phone and email verification via OTP is mandatory before lead data is passed to agents.
- Access Control: Role-based access controls ensure only authorised TripClap employees can access personal data, on a need-to-know basis.
- Secure Payment Processing: We do not store credit/debit card numbers or bank account details. All payment data flows through PCI-DSS compliant payment gateways (Razorpay / Cashfree).
- Regular Security Audits: We conduct periodic security reviews of our systems and third-party integrations.
- Incident Response: We maintain a data breach response plan. In the event of a breach affecting your personal data, we will notify you and the relevant authorities as required by law.
Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by law.
| Data Type | Retention Period | Basis |
|---|---|---|
| Travel enquiry details (name, phone, email, trip info) | 3 years from the date of enquiry, or until deletion request | Business operations, lead management |
| Booking and transaction records | 7 years | Indian tax and accounting law (GST compliance) |
| Communication logs (calls, emails, chat) | 1 year | Quality assurance, dispute resolution |
| Website usage data (analytics) | 14 months (as per GA4 default) | Product improvement |
| Cookies (advertising / retargeting) | 90 days (Meta Pixel); 30–540 days (Google Ads, varies by campaign) | Ad performance measurement |
| Account data (registered users) | Duration of account + 2 years after account closure | Regulatory / dispute resolution |
Upon expiry of the retention period, we securely delete or anonymise your personal data. Where complete deletion is not possible (e.g., data in backup systems), we isolate and protect the data until deletion is feasible.
Your Rights
Depending on your location, you have various rights regarding your personal data. We honour all applicable rights under Indian law (DPDP Act 2023) and international frameworks (GDPR).
Request a copy of the personal data we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion ("right to be forgotten") of your personal data, subject to legal retention requirements.
Object to processing based on legitimate interests or for direct marketing purposes.
Request restriction of processing while a dispute or complaint is being resolved.
Receive your data in a machine-readable format and transfer it to another service (GDPR).
Withdraw consent at any time, including consent to receive marketing communications or have your lead shared with agents.
Under India's DPDP Act 2023, nominate another individual to exercise your rights on your behalf in the event of your death or incapacity.
How to Exercise Your Rights
To exercise any of the above rights, please:
- Email us at privacy@tripclap.com with the subject line "Data Rights Request"
- Include your registered mobile number, name, and a description of your request
- We will respond within 30 days of receiving your request (or sooner, as required by applicable law)
- We may need to verify your identity before processing your request
Do Not Disturb (DND) / Do Not Call (DNC)
If you wish to stop receiving calls or SMS from our team or from travel agents, please email privacy@tripclap.com or reply "STOP" to any of our SMS messages. We will remove you from our active contact list within 7 business days. You can also register your mobile number on the TRAI DND Registry.
Complaint / Grievance Redressal
If you believe your privacy rights have been violated, you may first contact our Grievance Officer (see Section 13). If unresolved, Indian residents may escalate to the Data Protection Board of India (once operational under the DPDP Act 2023), and EEA residents may lodge a complaint with their local Data Protection Authority (DPA).
Children's Privacy
TripClap's services are intended for adults who are 18 years of age or older. We do not knowingly collect, use, or disclose personal data from individuals under the age of 18.
Under India's DPDP Act 2023, we recognise that any processing of data of children (persons below 18 years) requires verifiable parental or guardian consent. We do not process children's data without such consent.
If you are a parent or guardian and believe that your child under 18 has provided personal information on our platform without your consent, please contact us immediately at privacy@tripclap.com. We will promptly investigate and delete such information.
Family holiday packages listed on our platform may describe trips involving children; however, this does not constitute collection of children's data — we only collect information about the adult enquirer making the booking.
Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our business practices, new features, legal requirements, or regulatory guidance. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Display a prominent notice on our website for at least 30 days
- Send an email notification to registered users for significant changes
Your continued use of TripClap's services after such changes constitutes your acceptance of the updated Policy. We encourage you to review this page periodically. Previous versions of this Policy are available on request.
If changes affect how we share your data with travel agents (Section 4) or involve new data processing activities, we will seek fresh consent where required by applicable law.
Grievance Officer
In accordance with the Information Technology Act, 2000, IT (Intermediary Guidelines & Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, TripClap has appointed a Grievance Officer to address privacy complaints and data-related concerns.
Any complaints or concerns regarding the content of this Policy, or any alleged breach of data privacy, may be directed to the Grievance Officer in writing.
Grievance Officer — TripClap
Name: Daya Das
Designation: Data Privacy Officer
Email: grievance@tripclap.com
Response Time: Within 30 days of receipt of complaint
Working Hours: Mon–Fri, 10:00 AM – 6:00 PM IST
Registered Address
TripClap Technology Private Limited
Gurugram, Haryana, India
Website: www.tripclap.com
CIN: U72200HR2022PTC104899
Complaints must be submitted in writing and include your full name, contact information, and a clear description of your grievance. Anonymous complaints may not be actionable.
Contact Us
For any privacy-related queries, data rights requests, or general questions about this Policy, please reach out through the following channels:
Privacy & Data Rights: privacy@tripclap.com
Security Concerns: security@tripclap.com
Grievances: grievance@tripclap.com
General: support@tripclap.com
This Policy is governed by the laws of the Republic of India. Any disputes arising from or related to this Policy shall be subject to the exclusive jurisdiction of the courts in Gurugram, Haryana, India.
By using TripClap.com, you confirm that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree, please refrain from using our platform.
