🔒 Privacy

Privacy Policy

Last updated: 26 May 2026 Effective immediately Applies to safarsangh.com

Plain-English Summary

Safar Sangh collects only the information needed to book and run your trip. We use Razorpay for secure online payments — we never see your card details. We track anonymous visit behaviour to improve the site. We do not sell your data to anyone, ever.

1 Who We Are

Safar Sangh is a travel experience company that organises curated group trips and events across India. Our website at https://safarsangh.com lets travellers browse, book, and manage trips and events online.

For the purpose of this Privacy Policy, Safar Sangh is the data controller responsible for your personal information. Independent collaborators who list events on our platform are sub-processors bound by the same data-handling obligations.

2 Data We Collect

We collect only data that is necessary to provide our services. Below is a complete account of every category we collect, when, and why.

Account & Booking Data

DataWhen CollectedPurpose
Full name Registration / booking Identity verification, booking confirmation, trip documentation
Email address Registration / booking Booking confirmations, trip updates, account management
Phone number Registration / booking Pre-trip coordination, WhatsApp communication, emergency contact
Password (bcrypt hash) Registration Secure login — stored as a one-way hash, never readable by us
Mailing address At booking (optional) Invoice generation and correspondence
Number of travellers At booking Spot allocation and trip logistics
Custom form responses At booking (event-specific) Dietary preferences, emergency contacts, fitness levels, or any fields the event organiser requires
Coupon codes used At checkout Applying discounts and tracking redemption counts
Issue reports When you submit a report Handling complaints and disputes about trips or events

Collaborator Profile Data

If you register as a collaborator (trip organiser / event host), we additionally collect:

  • Organisation name and logo
  • Profile photograph and bio
  • WhatsApp contact number (shown to travellers who book your event)

We do not collect Aadhaar numbers, PAN numbers, passport numbers, or raw payment card details at any point.

3 How We Use Your Data

Your personal data is used exclusively to operate Safar Sangh's services:

  • Creating and managing your user account
  • Processing, confirming, and tracking your trip or event bookings
  • Issuing GST-compliant tax invoices (invoice number, amount, dates)
  • Sending booking confirmations, pre-departure information, and trip updates
  • Processing online payments via Razorpay and recording payment status
  • Verifying and applying coupon / discount codes at checkout
  • Connecting you via WhatsApp to the trip leader or event organiser
  • Handling issue reports and resolving disputes
  • Maintaining financial records for legal and accounting compliance
📢 We do not use your data for advertising, behavioural profiling, or selling to third parties. Any communication we send is directly relevant to a booking or account action you have taken.

4 Analytics & Site Tracking

Safar Sangh operates a first-party analytics system — we do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts. All analytics data is stored on our own servers.

When you visit the site, our system records:

  • Session key & visitor key — anonymous, randomly-generated identifiers stored in your browser. These do not contain your name or email.
  • Pages viewed and time spent — to understand which trips are popular and improve page layouts.
  • Scroll depth — how far down a page you scroll, as a percentage.
  • Referrer URL — the site you came from (e.g. Google search, Instagram link, WhatsApp).
  • Device type, browser, and OS — e.g. "mobile / Chrome / Android". We never capture your device's hardware ID.
  • Approximate location — city and country level only, derived from a hashed IP address. We do not store your raw IP address.
  • Conversion events — whether you viewed the booking form, started filling it, submitted it, or completed payment. These are logged against your anonymous session key, not your personal identity, until a booking is completed.
  • Popup interactions — whether you saw a promotional popup and whether you clicked its call-to-action.
🔐 Your IP address is immediately hashed (SHA-256) on the server before storage and is never saved in plain text. The hash cannot be reversed to recover your IP.

Anonymous analytics data is retained for up to 24 months and then purged. It is never linked to your personal identity unless you complete a booking during that session.

5 Payment Data

Online payments on Safar Sangh are processed by Razorpay (Razorpay Software Private Limited, Bangalore, India). When you pay online:

  • You are redirected to or presented with Razorpay's secure checkout widget
  • Your card, UPI, or netbanking details are entered directly into Razorpay's PCI-DSS compliant system — Safar Sangh never sees or stores these details
  • Razorpay returns a payment ID and order ID to our server upon success
  • We store only: Razorpay Order ID, Razorpay Payment ID, amount, currency (INR), payment method type (e.g. "UPI"), and status
  • A unique invoice number is generated and attached to your confirmed booking

For offline payments (bank transfer, UPI collected by organiser), only the amount, date, and a brief description are recorded by the admin — no card or bank account details are stored.

Razorpay's own privacy policy applies to data you submit through their interface. Please review it at razorpay.com/privacy.

💳 If a payment fails or is abandoned, we log the error code and description returned by Razorpay (e.g. "Payment declined by bank") for debugging purposes. No card details are included in these logs.

6 Collaborators & Third-Party Organisers

Some trips and events on Safar Sangh are created by independent collaborators (travel organisers, clubs, or communities) who list their events through our platform. When you book such an event:

  • Your name, email, phone number, and booking details may be shared with the organiser of that event so they can coordinate the trip
  • The organiser can see your booking in their dashboard; they cannot access your account password or payment card details
  • Collaborators are required to handle your data solely for the purpose of operating their event and may not use it for unrelated marketing
  • Safar Sangh remains responsible for enforcing these data protection obligations on all collaborators on our platform

The branding of events hosted by collaborators will indicate whether they are "Hosted by [Organiser Name]" or a "Partnership with Safar Sangh" — this is shown transparently on the event page.

7 Storage & Security

Your data is stored in a secured MySQL database on our hosting server. We apply the following technical safeguards:

  • Bcrypt password hashing (cost factor 10) — passwords cannot be reversed even by our team
  • Prepared SQL statements throughout the application — prevents SQL injection attacks
  • CSRF tokens on all forms — prevents cross-site request forgery
  • Session ID regeneration on every login — prevents session fixation
  • Role-based access control — admin, collaborator, and user roles each have restricted access scopes
  • SHA-256 IP hashing — IP addresses are hashed before storage, never saved in plain text
  • HTTPS — all data in transit is encrypted

Retention: Account and booking data is retained while your account is active and for up to 7 years thereafter for tax and legal compliance. Analytics data is retained for up to 24 months. You may request earlier deletion (see Your Rights).

⚠️ No system is 100% breach-proof. In the unlikely event of a data breach affecting your personal information, we will notify you by email within 72 hours of discovery.

8 Who We Share Your Data With

We share your information only when strictly necessary to deliver your trip or comply with the law:

RecipientData SharedReason
Trip leaders & guides Name, phone number, group size On-trip coordination and emergency contact
Collaborator organisers Name, email, phone, booking details, custom form responses Running the specific event you booked
Accommodation providers Name, group size, arrival/departure dates Room allocation
Transport operators Name, group size, pickup point Vehicle arrangement
Razorpay Name, email, phone, booking amount Payment processing (they are bound by PCI-DSS)
Legal / tax authorities Invoice and payment records Only when required by Indian law

We do not sell, rent, or trade your data to advertisers, data brokers, social media platforms, or any third party for commercial gain.

9 Cookies & Local Storage

We use only essential functional cookies. We do not use advertising, retargeting, or social media tracking cookies.

  • Session cookie (PHPSESSID): Keeps you logged into your account during a browser session. Expires when you close the browser or log out.
  • CSRF token cookie: A security token embedded in forms to prevent cross-site attacks. Expires at session end.
  • Visitor key (localStorage): An anonymous randomly-generated string stored in your browser's localStorage, used to recognise returning visits for analytics. This does not contain any personal information and never leaves your browser except as an anonymous identifier in our analytics system. You can clear it by clearing your browser data.
  • Popup preference (localStorage): Records whether you have dismissed a promotional popup today, to avoid showing it repeatedly.

No third-party cookies are injected. We do not embed Facebook, Google, or Twitter tracking pixels.

10 Your Rights

Under applicable Indian data protection law, and in line with our commitment to transparency, you have the following rights:

  • Access: Request a copy of all personal data we hold about you
  • Correction: Update your name, phone number, or profile from your account settings at any time
  • Deletion: Request permanent deletion of your account and associated personal data
  • Portability: Request your booking history in a readable format (CSV or PDF)
  • Objection: Object to any processing of your data you did not consent to
  • Restrict analytics: Request that your session data be excluded from our analytics

To exercise any right, email us at support@safarsangh.com from the address registered to your account. We will respond within 7 working days. Some data (invoices, payment records) may be retained for 7 years to meet our statutory accounting obligations, even after account deletion.

11 Children's Privacy

Our platform is intended for users aged 18 and above. We do not knowingly collect personal data from minors. If a parent or guardian believes their child has registered, please email support@safarsangh.com and we will delete the account within 48 hours.

Travellers under 18 may participate in a trip when accompanied by a registered adult (parent or legal guardian) who holds the account and accepts these terms on their behalf.

12 Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, new features, or legal requirements. The "Last updated" date at the top always reflects the most recent version.

If we make material changes that affect how we use your personal data, we will notify registered users by email at least 7 days before the change takes effect. Continued use of the platform after that date constitutes acceptance of the revised policy.

13 Contact Us

For privacy-related questions, data requests, or concerns:

  • Email: support@safarsangh.com
  • Phone: +91 98000 00001
  • Address: Safar Sangh, Pune, Maharashtra, India

Questions about your data?

We'll respond to any privacy request within 7 working days.

Email our Privacy Team →