TripBng

Legal

Privacy policy

Last updated · 14 May 2026

Tripbng India Private Limited (“TripBng”, “we”, “us”) respects your privacy. This policy explains what personal data we collect, why we collect it, how we secure it, and what rights you have under the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and other applicable laws.

Who we are

We are a private limited company registered in India. Our registered office is at WeWork BKC, Mumbai. For matters of personal data, our Data Protection Officer (DPO) is reachable at dpo@tripbng.com.

What we collect

Account & KYC

  • Legal entity details: PAN, GSTIN, IATA / TAFI accreditation
  • Authorised signatory details: name, mobile, email
  • Address proof and bank-account verification documents

Booking data

  • Passenger name, gender, date of birth, nationality
  • Passport number / expiry (for international travel)
  • Contact details for delivery of itineraries and tickets

Usage & device

  • IP address, device type, browser, OS for security and abuse prevention
  • Pages visited and actions taken inside the dashboard (anonymised after 90 days)

Why we collect it

  1. To provision and operate the platform you signed up for
  2. To comply with regulatory obligations (KYC, GST, AML, DPDP)
  3. To process bookings with airlines, hotels, GDS, and payment gateways
  4. To prevent fraud, investigate abuse, and resolve disputes
  5. To improve the product and provide trade-desk support

Who we share with

We share strictly the minimum data required to complete a transaction with:

  • Airlines, GDS aggregators, hotel suppliers, charter operators
  • Payment gateways (Razorpay, ICICI Eazypay, PhonePe) for top-ups and refunds
  • Tax authorities for GST filings
  • Cloud infrastructure providers (AWS Mumbai, MongoDB Atlas) under signed DPAs
  • Law-enforcement agencies when lawfully required

We do not sell personal data and we do not share it with advertisers. We have signed Data Protection Agreements with every processor that handles personal data on our behalf.

How we store + secure

  • TLS 1.3 in transit; AES-256 encryption at rest in MongoDB Atlas
  • Field-level encryption for PAN, GSTIN, and passport numbers
  • bcrypt password hashing (cost factor 12); mandatory 2FA for super-admins
  • Audit logs on every privileged action with tamper-evident chaining
  • Annual SOC 2 audit (in flight); ISO 27001 in progress

How long we keep it

  • KYC documents: 7 years after account closure (regulatory requirement)
  • Booking records and GST invoices: 7 years (Income Tax Act)
  • Behavioural / analytics logs: 90 days, then anonymised
  • Marketing contact data: until you opt out

Your rights

Under the DPDP Act, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request erasure (subject to legal retention obligations)
  • Withdraw consent at any time for processing based on consent
  • Nominate someone to exercise your rights on your behalf
  • File a complaint with the Data Protection Board of India

To exercise any of these rights, write to dpo@tripbng.com with proof of identity. We respond within 30 days.

Cookies

We use strictly necessary cookies for authentication and CSRF protection, and aggregated analytics cookies that do not identify individuals. We do not use advertising cookies, third-party trackers, or fingerprinting. You can opt out of analytics in your account settings.

International transfers

Personal data is primarily stored in the Mumbai (ap-south-1) AWS region. Limited cross- border transfer happens when you book international flights — only the data the destination carrier needs to issue the ticket leaves India.

Children's data

The Service is not directed at children under 18. We do not knowingly collect personal data from minors. When a parent or guardian books travel for a child, the data they provide is used only to process that booking.

Changes

Material changes to this policy are communicated at least 14 days before they take effect via email and in-dashboard banner. The current version is always available at this URL.

Contact the DPO

Data Protection Officer
Tripbng India Private Limited
WeWork BKC, Bandra Kurla Complex, Mumbai 400051
dpo@tripbng.com · +91 22 6196 4040

For data-related complaints not resolved at the DPO level, you may approach the Data Protection Board of India per the DPDP Act, 2023. Read our DPDP Act summary.