TravelInstagram — Powered by Dtravco

Legal

Privacy Policy

GDPR · UK GDPR · India DPDP Act 2023 · Last updated 1 May 2026

This Privacy Policy explains how Dtravco, operator of TravelInstagram, collects, uses, shares and protects your personal data. We act as the data controller for personal data processed through the Platform.

1. Data we collect

  • Identity & contact: name, email, phone, country, passport details (when you book).
  • Booking data: travel dates, destinations, traveller preferences, dietary or accessibility needs.
  • Payment data: processed by PCI-DSS compliant providers; we receive only a token and last 4 digits.
  • Conversations: messages you send to our AI Concierge or human agents.
  • Technical data: IP address, device, browser, pages visited (see Cookie Policy).

2. Why we use it (legal bases under GDPR Art. 6)

  • Contract — to process bookings and provide travel services.
  • Legal obligation — tax, anti-money-laundering, immigration reporting.
  • Legitimate interests — fraud prevention, service improvement, analytics.
  • Consent — marketing emails, non-essential cookies, optional features.

3. Sharing

We share your data with: airlines, hotels, cruise lines, ground operators, visa authorities, payment processors, our AI provider (Lovable AI Gateway / Google / OpenAI), email providers, and analytics tools. Suppliers may be located outside the EEA. Where required, we use Standard Contractual Clauses (SCCs) approved by the European Commission for international transfers.

4. International transfers

Your data may be transferred to India and other countries that may not provide the same level of protection as your home country. We rely on EU SCCs, the UK International Data Transfer Addendum, and your explicit consent where required.

5. Retention

Booking and tax records: 8 years (legal requirement). Marketing data: until you withdraw consent. AI chat logs: 12 months for service improvement, then anonymised. Cookie data: see Cookie Policy.

6. Your rights

Under GDPR, UK GDPR and India's DPDP Act 2023 you have the right to:

  • Access, rectify or erase your data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time
  • Lodge a complaint with your supervisory authority (e.g. Irish DPC, UK ICO, or India's Data Protection Board)

To exercise any right, email sales@travelinstagram.in. We respond within 30 days.

7. Security

We use TLS encryption in transit, AES-256 at rest, role-based access, and regular penetration testing. No system is 100% secure — please use a strong, unique password.

8. Children

The Platform is not directed at children under 16. We do not knowingly collect data from minors without parental consent.

9. Data Protection Officer

Our DPO can be reached at sales@travelinstagram.in.

10. Changes

We will notify material changes via email or in-app banner at least 14 days in advance.