Your trust, in writing

Privacy on every route

A plain-language guide to what we collect, why we need it, and the choices that stay with you.

Last updated: June 16, 2026

1.Who this notice is for

Tripzort - Aorta Rooms Private Limited ("Tripzort", "we", "our", or "us") is the Data Fiduciary for personal data processed through the Tripzort mobile application and related services. This notice explains what personal data we process, the specific purposes for processing it, how consent works, and how you can exercise your rights as a Data Principal under India's Digital Personal Data Protection Act, 2023 and applicable rules.

2.Personal data we process

We process only the personal data needed to provide, secure, improve, and support Tripzort.

Account and identity data

Name, email address, Indian mobile number, profile details, account identifiers, and authentication status.

Login and security data

One-time password activity, secure session tokens, refresh tokens, device identifiers used for fraud prevention, and app security logs.

Booking and payment data

Hotel, room, stay dates, guest counts, prices, taxes, offers, booking status, payment method metadata, transaction references, and support notes. Card, UPI, wallet, or bank details are processed by payment partners and are not stored by Tripzort unless required by law or settlement records.

Location and search data

City, destination, nearby-search location, approximate device location when permission is granted, and places searched in the app.

Peeks, media, and profile content

Profile images, Peek videos, thumbnails, captions, city, venue, likes, saves, shares, and public profile metadata you choose to upload or publish.

Device, diagnostics, and communication data

App version, device model, operating system, crash logs, performance events, notification tokens, customer-support messages, and communication preferences.

3.Specific purposes

We process personal data for these purposes:

  • Create and manage your account and login sessions.
  • Search, show, reserve, modify, cancel, and support hotel bookings.
  • Process payments, refunds, offers, taxes, invoices, and payment verification.
  • Show destination results, nearby stays, Peeks, recommendations, saved items, and recently viewed places.
  • Publish, moderate, share, and secure Peeks and user profile content.
  • Send booking confirmations, OTPs, service updates, safety alerts, and support responses.
  • Detect, prevent, investigate, and respond to fraud, abuse, security incidents, and policy violations.
  • Improve app reliability, features, analytics, and customer experience.
  • Comply with tax, accounting, consumer protection, payment, law-enforcement, and other legal obligations.

4.Consent and withdrawal

Where consent is the basis for processing, we will ask for clear and informed consent before processing your personal data. You may withdraw consent at any time by changing app permissions, account settings, communication preferences, or by contacting us. Withdrawal does not affect processing already completed, and some services may stop working when the data is necessary to provide that service.

We may also process personal data for legitimate uses permitted by law, such as providing a service you requested, complying with law, responding to emergencies, or protecting against fraud and misuse.

5.Sharing and processors

We do not sell your personal data. We share personal data only when needed for the purposes listed above, including with:

  • Hotels, property partners, and booking fulfilment partners.
  • Payment gateways, banks, refund processors, invoice and tax service providers.
  • Cloud hosting, storage, analytics, notification, customer-support, fraud-prevention, and security vendors acting as Data Processors under contract.
  • Regulators, courts, law-enforcement, or government authorities where required or permitted by law.
  • Successor entities in a merger, acquisition, financing, restructuring, or transfer of business, subject to this notice and applicable law.

6.Your rights

You may exercise the following DPDP rights by contacting us:

  • Access a summary of personal data being processed and processing activities.
  • Ask for correction, completion, or updating of inaccurate or incomplete personal data.
  • Ask for erasure of personal data when it is no longer necessary for the specified purpose, unless retention is required by law.
  • Withdraw consent where consent is the basis of processing.
  • Raise grievances about our processing of your personal data.
  • Nominate another individual to exercise your rights if you die or become incapacitated.

7.Your duties

Please provide authentic information, keep your account details current, do not impersonate another person, do not suppress material information, and do not file false or frivolous complaints while exercising your rights.

8.Children

Tripzort is intended for users who can lawfully make bookings and manage travel services. If we need to process personal data of a child under 18, we will obtain verifiable consent from a parent or lawful guardian where required. We do not knowingly track, behaviourally monitor, or target advertising to children.

9.Retention and deletion

We retain personal data only for as long as needed for the specified purpose, for legal compliance, dispute resolution, fraud prevention, accounting, tax, payment settlement, or security. When retention is no longer necessary, we delete, de-identify, or anonymize the data and require processors to do the same where applicable. Certain transaction records and logs may be retained for minimum periods required under applicable law.

10.Security and breach notice

We use reasonable technical and organisational safeguards designed to protect personal data against unauthorised access, disclosure, alteration, loss, or misuse. If a personal data breach occurs, we will notify affected Data Principals and the Data Protection Board of India in the manner required by law.

11.Storage and transfers

Personal data may be stored or processed in India or other countries by us and our service providers, subject to applicable Indian law and any transfer restrictions notified by the Government of India. Where another law requires a higher level of protection or localisation, we will follow that law.

12.Grievance and contact person

For privacy questions, consent withdrawal, rights requests, deletion requests, or grievances, contact the person authorised to respond on behalf of Tripzort:

Email: customercare@aortarooms.com

Subject line: DPDP Privacy Request

We may ask for information needed to verify your identity and process your request. If your grievance is not resolved through our grievance mechanism, you may approach the Data Protection Board of India as permitted under the DPDP Act.

13.Updates to this notice

We may update this notice when our services, processing purposes, or legal obligations change. The latest version will be available in the app with a new "Last updated" date. Where required, we will seek fresh consent or give additional notice.