Privacy Policy

Tour Trips India Holidays is a tour-operator business registered in Agra, Uttar Pradesh, India. We act as the Data Controller for the personal data we collect through this website and our booking flow.

Contact: info@ttiholidays.com · WhatsApp +91 70177 98524 · P-10, Tajnagri Phase 1, Agra 282001.

Account data: name, email, password (hashed using bcrypt), phone, country, preferred language. Collected when you create an account.

Booking data: traveler names, passport details, dates of birth, nationality, dietary preferences, mobility needs. Collected when you create a booking — necessary to operate the tour and arrange hotel/permit bookings.

Payment data: handled by Stripe. We never store your card details on our servers; we only receive a transaction ID and confirmation.

Communications: emails, WhatsApp messages, contact-form submissions, newsletter subscriptions.

Technical data: IP address, browser type, pages visited, language preference (Google Translate cookie). Used for security, analytics, and to improve the website.

Contract performance: to operate your tour, arrange transfers, hotels and permits, issue invoices and PDF itineraries, and send booking confirmations.

Legitimate interest: to improve our services, prevent fraud, and respond to support requests.

Consent: for marketing emails, newsletters and promotional WhatsApp messages. You can withdraw consent any time via the unsubscribe link in our emails.

Legal obligation: to keep records as required by Indian tax law (typically 7 years) and respond to lawful requests from regulatory authorities.

Hotel, transport and monument partners (only the minimum necessary — name, nationality, ID where required by Indian law).

Payment processor: Stripe (PCI-DSS Level 1 certified).

Email service: Resend, used to send your booking confirmation and PDF itinerary.

Object storage: Emergent (Cloudflare R2 / S3-compatible) — for uploaded photos.

We do NOT sell your personal data to third parties.

Some of our processors (Stripe, Resend) are based in the EU/US. Where we transfer personal data outside India, we rely on Standard Contractual Clauses or equivalent safeguards.

Booking data: 7 years from booking date (Indian tax law requirement).

Account data: until you delete your account, plus a 30-day grace period.

Newsletter subscriptions: until you unsubscribe.

Analytics logs: 12 months.

Under the GDPR (if you are in the EU/EEA) and the Indian Digital Personal Data Protection Act 2023, you have the right to: access your data, correct inaccuracies, delete (right to be forgotten where legal), export your data in machine-readable format, object to processing, withdraw consent, and lodge a complaint with your local data protection authority.

To exercise any of these rights, email info@ttiholidays.com. We respond within 30 days.

Essential cookies: authentication token (tti_token) — required for login.

Functional cookies: language preference (googtrans) — set by the language switcher.

No third-party advertising / tracking cookies are used on this site.

Our services are not directed at children under 13. We do not knowingly collect data from children. If you believe we have, please contact us and we will delete the data.

We may update this policy occasionally. The 'Last updated' date at the top reflects the most recent revision. Material changes will be notified via email to active customers.