Privacy Policy

1. Introduction

Divine Routes AI Private Limited ("Divine Routes," "we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and services (collectively, the "Services").

This policy applies to all users of our Services and complies with applicable data protection laws, including the Information Technology Act, 2000 (India), General Data Protection Regulation (GDPR) (EU), Data Protection Act 2018 (UK), and California Consumer Privacy Act (CCPA) (US).

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Contact Information: Name, email address, phone number, mailing address
• Identity Information: Date of birth, nationality, passport/ID details (for travel bookings)
• Payment Information: Credit/debit card details, billing address, payment history
• Travel Preferences: Dietary restrictions, accessibility needs, accommodation preferences
• Emergency Contacts: Names and contact details of emergency contacts
• Health Information: Medical conditions or requirements relevant to travel safety

2.2 Technical Information

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent on pages, click-through rates, search queries
• Location Data: GPS coordinates, Wi-Fi access points (with your consent)
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies

2.3 AI and Analytics Data

• Chat Interactions: Conversations with our AI assistant for journey planning
• Behavioral Patterns: Service usage patterns to improve recommendations
• Feedback Data: Reviews, ratings, and feedback about our services

3. How We Collect Information

• Direct Collection: When you register, book services, or contact us
• Automatic Collection: Through cookies, analytics tools, and tracking technologies
• Third-Party Sources: Social media platforms, travel partners, payment processors
• Public Sources: Publicly available information for identity verification

4. How We Use Your Information

4.1 Service Provision

• Processing and managing travel bookings and reservations
• Providing AI-powered journey recommendations and planning
• Facilitating temple visits, accommodation, and transportation arrangements
• Customer support and communication

4.2 Legal and Compliance

• Compliance with travel regulations and government requirements
• Identity verification and fraud prevention
• Tax reporting and financial compliance
• Legal proceedings and dispute resolution

4.3 Business Operations

• Marketing and promotional communications (with consent)
• Service improvement and analytics
• Research and development of new features
• Security monitoring and threat detection

5. Legal Basis for Processing

5.1 Under Indian Law

We process personal information in accordance with the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

5.2 Under GDPR (EU/UK)

• Consent: You have given clear consent for specific processing purposes
• Contract: Processing is necessary for contract performance
• Legal Obligation: Required by law (e.g., travel regulations)
• Legitimate Interest: For business operations and service improvement
• Vital Interest: To protect health and safety

5.3 Under CCPA (California, US)

We process personal information for business purposes as defined under the California Consumer Privacy Act, with appropriate disclosures and consumer rights protections.

6. Information Sharing and Disclosure

6.1 Service Partners

• Hotels and Accommodations: For booking confirmations and guest services
• Transportation Providers: Airlines, car rentals, and transfer services
• Temple Authorities: For darshan bookings and special access arrangements
• Local Guides: For personalized tour experiences

6.2 Technology Partners

• Payment Processors: For secure transaction processing
• Cloud Providers: For data hosting and processing (AWS, Google Cloud)
• Analytics Services: Google Analytics, customer engagement platforms
• AI Services: For journey planning and recommendation algorithms

6.3 Legal Requirements

• Government authorities for regulatory compliance
• Law enforcement agencies when legally required
• Courts and legal proceedings
• Tax authorities for financial reporting

7. Data Retention

We retain personal information for the following periods:

• Account Information: Until account deletion or 3 years of inactivity
• Booking Records: 7 years for financial and tax compliance
• Marketing Data: Until consent withdrawal or 2 years of inactivity
• Legal Records: As required by applicable laws and regulations
• Analytics Data: Aggregated data may be retained indefinitely

8. Data Security

We implement comprehensive security measures including:

• Technical Safeguards: SSL/TLS encryption, secure databases, access controls
• Organizational Measures: Staff training, confidentiality agreements, regular audits
• Physical Security: Secure data centers with restricted access
• Incident Response: Breach detection and response procedures
• Regular Testing: Security assessments and vulnerability testing

9. International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place:

• Adequacy Decisions: Transfers to countries with adequate protection
• Standard Contractual Clauses: EU-approved data transfer agreements
• Binding Corporate Rules: Internal data protection standards
• Certification Schemes: Privacy Shield successors and equivalent frameworks

10. Your Rights

10.1 Universal Rights

• Access: Right to know what personal information we hold
• Correction: Right to correct inaccurate information
• Deletion: Right to delete personal information (subject to legal requirements)
• Portability: Right to receive data in a structured format

10.2 GDPR Rights (EU/UK Residents)

• Object to Processing: Right to object to certain processing activities
• Restrict Processing: Right to limit how we use your data
• Withdraw Consent: Right to withdraw consent at any time
• Lodge Complaints: Right to complain to supervisory authorities

10.3 CCPA Rights (California Residents)

• Know: Right to know categories and specific pieces of information collected
• Delete: Right to delete personal information
• Opt-Out: Right to opt-out of sale of personal information
• Non-Discrimination: Right not to be discriminated against for exercising rights

10.4 Exercising Your Rights

To exercise your rights, contact us at privacy@divineroutes.ai or use our online form. We will respond within the timeframes required by applicable law (typically 30 days).

11. Cookies and Tracking Technologies

We use various types of cookies and tracking technologies:

11.1 Types of Cookies

• Essential Cookies: Required for website functionality
• Performance Cookies: Analytics and performance monitoring
• Functional Cookies: Enhanced features and personalization
• Marketing Cookies: Advertising and retargeting (with consent)

11.2 Managing Cookies

You can control cookies through your browser settings or our cookie preference center. Note that disabling certain cookies may affect website functionality.

12. Third-Party Services

Our Services may integrate with third-party services including:

• Social Media: Facebook, Instagram, Google for social login and sharing
• Maps and Location: Google Maps, GPS services
• Payment Services: Razorpay, Stripe, PayPal
• Customer Support: Live chat and helpdesk platforms
• Analytics: Google Analytics, Hotjar, custom analytics

These services have their own privacy policies. We recommend reviewing their policies for information about their data practices.

13. Children's Privacy

Our Services are not intended for children under 16 years of age (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes through:

• Email notification to registered users
• Prominent notice on our website
• In-app notifications

15. Contact Information

16. Jurisdiction-Specific Provisions

16.1 India

This Privacy Policy and our data processing practices comply with the Information Technology Act, 2000, and applicable rules. Indian residents may contact the Grievance Officer for data protection concerns.

16.2 European Union

EU residents have additional rights under GDPR, including the right to lodge complaints with supervisory authorities and the right to effective judicial remedies.

16.3 United Kingdom

UK residents benefit from protections under the Data Protection Act 2018 and UK GDPR. You may contact the ICO for data protection concerns.

16.4 California, United States

California residents have rights under the CCPA, including the right to know, delete, and opt-out of the sale of personal information. We do not sell personal information for monetary consideration.