Your trust, in writing
A plain-language guide to what we collect, why we need it, and the choices that stay with you.
Last updated: June 16, 2026
Tripzort - Aorta Rooms Private Limited ("Tripzort", "we", "our", or "us") is the Data Fiduciary for personal data processed through the Tripzort mobile application and related services. This notice explains what personal data we process, the specific purposes for processing it, how consent works, and how you can exercise your rights as a Data Principal under India's Digital Personal Data Protection Act, 2023 and applicable rules.
We process only the personal data needed to provide, secure, improve, and support Tripzort.
Account and identity data
Name, email address, Indian mobile number, profile details, account identifiers, and authentication status.
Login and security data
One-time password activity, secure session tokens, refresh tokens, device identifiers used for fraud prevention, and app security logs.
Booking and payment data
Hotel, room, stay dates, guest counts, prices, taxes, offers, booking status, payment method metadata, transaction references, and support notes. Card, UPI, wallet, or bank details are processed by payment partners and are not stored by Tripzort unless required by law or settlement records.
Location and search data
City, destination, nearby-search location, approximate device location when permission is granted, and places searched in the app.
Peeks, media, and profile content
Profile images, Peek videos, thumbnails, captions, city, venue, likes, saves, shares, and public profile metadata you choose to upload or publish.
Device, diagnostics, and communication data
App version, device model, operating system, crash logs, performance events, notification tokens, customer-support messages, and communication preferences.
We process personal data for these purposes:
Where consent is the basis for processing, we will ask for clear and informed consent before processing your personal data. You may withdraw consent at any time by changing app permissions, account settings, communication preferences, or by contacting us. Withdrawal does not affect processing already completed, and some services may stop working when the data is necessary to provide that service.
We may also process personal data for legitimate uses permitted by law, such as providing a service you requested, complying with law, responding to emergencies, or protecting against fraud and misuse.
We do not sell your personal data. We share personal data only when needed for the purposes listed above, including with:
You may exercise the following DPDP rights by contacting us:
Please provide authentic information, keep your account details current, do not impersonate another person, do not suppress material information, and do not file false or frivolous complaints while exercising your rights.
Tripzort is intended for users who can lawfully make bookings and manage travel services. If we need to process personal data of a child under 18, we will obtain verifiable consent from a parent or lawful guardian where required. We do not knowingly track, behaviourally monitor, or target advertising to children.
We retain personal data only for as long as needed for the specified purpose, for legal compliance, dispute resolution, fraud prevention, accounting, tax, payment settlement, or security. When retention is no longer necessary, we delete, de-identify, or anonymize the data and require processors to do the same where applicable. Certain transaction records and logs may be retained for minimum periods required under applicable law.
We use reasonable technical and organisational safeguards designed to protect personal data against unauthorised access, disclosure, alteration, loss, or misuse. If a personal data breach occurs, we will notify affected Data Principals and the Data Protection Board of India in the manner required by law.
Personal data may be stored or processed in India or other countries by us and our service providers, subject to applicable Indian law and any transfer restrictions notified by the Government of India. Where another law requires a higher level of protection or localisation, we will follow that law.
For privacy questions, consent withdrawal, rights requests, deletion requests, or grievances, contact the person authorised to respond on behalf of Tripzort:
Email: customercare@aortarooms.com
Subject line: DPDP Privacy Request
We may ask for information needed to verify your identity and process your request. If your grievance is not resolved through our grievance mechanism, you may approach the Data Protection Board of India as permitted under the DPDP Act.
We may update this notice when our services, processing purposes, or legal obligations change. The latest version will be available in the app with a new "Last updated" date. Where required, we will seek fresh consent or give additional notice.