Privacy Policy

Tribely Technologies Private Limited ("Tribely", "we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the choices you have over your data when you use our platform — including the website, mobile application, and any related services (collectively, the "Platform").

This Policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India and other applicable data protection laws. By using the Platform, you consent to the practices described in this Policy.

We collect personal data in the following categories:

• Account data: Name, email address, phone number, and profile photo provided during registration or via Google OAuth.
• Identity data (Partners only): PAN number, GST number, and bank account details required for payouts and tax compliance. Aadhaar numbers, if collected, are stored only as a one-way hash and never in raw form.
• Booking data: Check-in/check-out dates, number of guests, special requests, and payment status.
• Payment data: Transaction IDs and payment status from Razorpay. We do not store card numbers, CVVs, or UPI PINs.
• Device and usage data: IP address, browser type, device identifiers, pages visited, search queries, and clickstream data collected automatically.
• Communications: Messages sent via our support channels, WhatsApp, or email.
• User-generated content: Reviews, photos, and listing descriptions you submit to the Platform.

We process your personal data for the following purposes:

• Creating and managing your account.
• Facilitating bookings between Guests and Partners.
• Processing payments and issuing refunds via Razorpay.
• Sending booking confirmations, reminders, and updates via email and WhatsApp.
• Calculating and disbursing Partner payouts, including GST compliance.
• Improving Platform features, search relevance, and personalised recommendations.
• Detecting and preventing fraud, abuse, and safety incidents.
• Complying with legal obligations under Indian law.
• Sending promotional communications where you have opted in (you may opt out at any time).

Under the DPDP Act, 2023, we rely on the following lawful bases:

• Consent: For optional communications such as marketing emails and WhatsApp promotions.
• Contract: To perform the booking agreement between you and Tribely / the Partner.
• Legal obligation: For tax reporting, GST invoicing, and responding to lawful government requests.
• Legitimate interests: For fraud detection, platform security, and improving our services.

We do not sell your personal data. We share data only as follows:

• Partners: Guest name, phone number, and booking details are shared with the Partner hosting your stay to facilitate the stay.
• Guests: Partners' property details and contact information are shared with confirmed Guests for their booking.
• Payment processor (Razorpay): Payment data is processed by Razorpay under their own privacy policy.
• Communications providers: Email is sent via Resend; WhatsApp messages via Twilio. Only the data needed to deliver the message is shared.
• Analytics (Mixpanel): Anonymised usage events to understand platform behaviour. No name or email is sent.
• Error monitoring (Sentry): Stack traces and device data for debugging. PII is scrubbed before transmission.
• Legal authorities: Where required by law, court order, or to protect the rights and safety of users.

We use the following types of cookies on the Platform:

• Essential cookies: Required for authentication and session management. Cannot be disabled.
• Analytics cookies: Track usage patterns to improve the Platform (e.g., Mixpanel). You may opt out via your browser settings or our cookie banner.
• Preference cookies: Remember your search filters and display preferences.

You can control cookies through your browser settings. Disabling essential cookies will prevent you from using core Platform features.

We retain your personal data for as long as necessary to fulfil the purposes described in this Policy:

• Account data: Retained while your account is active and for 2 years after closure for legal and fraud prevention purposes.
• Booking and payment records: Retained for 7 years as required by Indian tax and accounting laws.
• Usage logs: Retained for 90 days.
• Marketing consent records: Retained for 3 years from the date of consent.

As a Data Principal under the DPDP Act, you have the following rights:

• Right to access: Request a summary of the personal data we hold about you.
• Right to correction: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
• Right to withdraw consent: Withdraw consent for optional processing (e.g., marketing) at any time without affecting prior processing.
• Right to grievance redressal: File a complaint with our Grievance Officer (see Section 11).

To exercise any of these rights, email us at privacy@tribely.in. We will respond within 30 days.

We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest for sensitive fields, row-level security on our database, and access controls limiting who within Tribely can access personal data. Aadhaar numbers are irreversibly hashed before storage.

Despite these measures, no internet transmission is 100% secure. If you suspect a security incident, notify us immediately at security@tribely.in.

The Platform is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will delete it promptly. If you believe a minor has registered on the Platform, contact us at privacy@tribely.in.

In accordance with the DPDP Act, 2023 and the Information Technology Act, 2000, we have appointed a Grievance Officer:

If your grievance is not resolved satisfactorily, you may escalate to the Data Protection Board of India once it is constituted under the DPDP Act.

We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice on the Platform. Your continued use of the Platform after changes take effect constitutes acceptance of the updated Policy.

For any privacy-related questions or requests, contact: