Legal

Privacy Policy

Last updated · 14 February 2026.

1. Introduction

TripSynco is operated by Anna Massey (Sole Proprietorship, GSTIN 06EQUPM6570D3ZB) from B05-401, Royal Green Crescent Park Sare Homes, Sector-92, Gurugram, Haryana 122505, India. This policy explains what personal data we collect, why we collect it, how long we keep it and the rights you have over it. By using the site you agree to this policy.

You can reach the data controller at hello@tripsynco.com.

2. Data we collect

Account & booking data — name, email, phone number, guest details, dates of stay, room selection, special requests, and the booking reference and status.
Payment metadata — Razorpay payment ID and order ID. We do not store card numbers, CVVs or any other payment credentials — those are handled by Razorpay under PCI-DSS Level 1 controls.
Communications — enquiries, support messages and WhatsApp opt-in status.
Site analytics — page views, device type, approximate location (city-level), referrer and interaction events, collected via Google Analytics 4 with IP anonymisation.

3. How we use it

To confirm and deliver your booking, generate voucher and invoice PDFs, send you post-booking updates by email and WhatsApp, provide guest support before, during and after your stay, comply with legal and tax obligations, and (with your explicit opt-in) send you our monthly editorial newsletter.

4. Legal bases

We rely on contractual necessity for booking-related processing, legal obligation for tax and consumer-law record-keeping, legitimate interests for security, fraud prevention and product analytics, and consent for marketing and non-essential cookies.

5. Cookies

We use strictly-necessary cookies (Supabase authentication session), privacy-friendly analytics cookies (Google Analytics 4 with IP anonymisation) and no third-party advertising cookies.

6. Sharing your data

We share data only with:
  • The property you're booking with, for delivery of the stay.
  • Razorpay, for processing your payment.
  • Brevo, for delivering transactional email.
  • Meta (WhatsApp Business Cloud), for delivering WhatsApp updates.
  • Supabase, for hosting the database and authentication.
  • Our legal, tax and accounting advisors, where required.
We do not sell personal data or share it with third parties for their own marketing.

7. International transfers

Some of our processors (Brevo, Meta, Google) may process data outside India. Where they do, they operate under standard contractual clauses or equivalent safeguards.

8. Data retention

Booking data is retained for seven years to comply with Indian tax and consumer-protection rules. Newsletter data is kept until you unsubscribe. Support conversations are kept for two years unless a longer period is required by law.

9. Your rights

You can request a copy of the data we hold on you, ask for corrections, ask us to delete your account (subject to legal retention rules), or withdraw consent for marketing. Write to hello@tripsynco.com with your request. We will respond within 30 days.

10. Security

We use HTTPS everywhere, encrypted database storage, Row Level Security policies to limit who can see what, and server-side signature verification for all payment events. Passwords are hashed by Supabase Auth; we never see them in plain text.

11. Children

Our services are not directed at children under 18 and we do not knowingly collect data from them.

12. Changes to this policy

We may update this policy from time to time. Continued use of the service after an update constitutes acceptance of the revised policy.

13. Contact

Any questions about this policy or your data can go to hello@tripsynco.com.