Privacy & Cookie Policy

Last updated: October 16, 2025

Welcome to Stay and Trips. This Privacy and Cookie Policy outlines how Stay and Trips Hospitality Services LLP ("we", "us", or "our") collects, uses, stores, and protects your data when you access or use our website, apps, and travel booking services.

By engaging with our platform, you agree to the terms of this policy. Your trust matters — and this document explains the steps we take to ensure your personal information remains safe, transparent, and in your control.

1. Overview

Stay and Trips complies with international data protection laws, including the Indian IT Act 2000, GDPR (EU), and CCPA (US). This policy applies to all our digital platforms, APIs, marketing channels, customer support systems, and mobile applications. We adopt Privacy-by-Design and Security-by-Default principles in every component of our platform.

2. The Website

Our website is developed with a privacy-first architecture using secure frameworks and encrypted APIs. We do not sell or rent your personal data. Cookies, analytics, and data collection mechanisms are used solely to improve user experience, service quality, and compliance.

Server hosting and cloud infrastructure are provided by ISO 27001-certified providers within India and select global regions under data transfer compliance standards.

3. Information We Collect

We collect personal and technical information necessary to provide, improve, and secure our services. This includes:

• Identity Data: name, phone number, date of birth, nationality, and gender (optional)
• Contact Data: email address, address, preferred communication channel
• Travel Data: trip details, accommodation preferences, passport number, and travel companions (only if voluntarily submitted)
• Financial Data: card details, payment method, transaction history (encrypted and processed by PCI-DSS certified vendors)
• Technical Data: IP address, browser type, operating system, and unique device ID
• Behavioral Data: click patterns, interactions, and on-site journey analytics
• Social Media Data: public information shared via social login (Google, Facebook, etc.)
• Marketing Preferences: subscription behavior, message open rates, and campaign response

We do not collect sensitive data (religion, medical, political, or biometric data) unless explicit consent is provided or required for a specific booking type.

4. How We Collect Your Data

• Direct interactions: when you create an account, make bookings, or contact support
• Automated technologies: via cookies, tracking pixels, or browser analytics
• Third-party vendors: data received from partners like hotels, airlines, and payment gateways
• Social media and referrals: when you use connected accounts or affiliate links

All collection is transparent, consensual, and restricted to lawful business purposes.

5. How We Use Your Information

Your data helps us deliver seamless, personalized travel experiences. We use information to:

• Process reservations, itineraries, and secure payments
• Send travel confirmations, updates, and alerts
• Improve our algorithms and AI-powered trip recommendation engine
• Detect fraudulent activity or unauthorized transactions
• Analyze website performance and marketing campaign impact
• Provide multilingual customer support and service assistance
• Comply with regulatory, tax, or anti-fraud laws

6. Cookies & Tracking Technologies

We use cookies, pixels, and similar technologies to customize and enhance your browsing experience. You can control cookie preferences at any time via browser settings.

• Strictly Necessary Cookies: enable login, checkout, and security functions
• Performance Cookies: monitor site analytics and usability
• Functional Cookies: remember your settings and trip preferences
• Targeting Cookies: deliver personalized travel offers (only with consent)

We also use tools like Google Analytics and Meta Pixel to understand users’ engagement patterns. All data is anonymized before aggregation.

7. Use of Artificial Intelligence and Automation

Our systems may use automation or AI-driven models to personalize content, detect anomalies, and suggest travel destinations based on your past activity. None of these automated decisions have a legal or significant effect on you without human review. You can request manual intervention or clarification on AI-based decisions by contacting us at [email protected].

8. Data Retention Policy

We retain personal data only as long as necessary to fulfill the purposes above. Booking and financial data are stored for up to seven years to comply with accounting and tax regulations. After expiry, data is securely anonymized or deleted.

9. Information Sharing and Disclosure

We share personal data only under lawful, secure, and contractual conditions with:

• Travel partners including hotels, airlines, tour operators
• Payment processors, IT service vendors, analytics providers
• Regulatory or law enforcement agencies (when mandated)
• New owners in the event of business transfer or merger

Every third-party partner is bound by confidentiality and data processing agreements that meet GDPR and Indian compliance standards.

10. Data Security Measures

Stay and Trips employs industry-standard encryption (AES-256), HTTPS/TLS protocols, access controls, intrusion detection systems, and regular penetration audits. Employees receive data protection training to ensure accountability.

11. Your Privacy Rights

Depending on your location, you may have the following rights under applicable data protection laws:

• Right to access and obtain a copy of your data
• Right to rectification or deletion
• Right to data portability
• Right to withdraw consent for marketing
• Right to object to automated profiling or processing

Requests may be made by emailing [email protected]. Identity verification may be required for your protection.

12. International Data Transfers

Some of our partners may operate in countries outside your jurisdiction. All international transfers comply with the European Commission's Standard Contractual Clauses or equivalent safeguards to ensure adequate data protection.

13. Children’s Privacy

Our services are intended for individuals aged 18 and older. We do not knowingly collect or store personal data of minors. Parents or guardians may contact us to delete any data unintentionally collected.

14. Updates and Amendments

This policy may be updated periodically to reflect evolving regulations or new services. All updates will be posted on this page with an updated revision date. In significant cases, users may receive direct notification via email.