1. Interpretation and Definitions
Interpretation
Words with initial capital letters have meanings defined in this section. The definitions apply whether the terms appear in singular or plural.
Definitions
- Account: A unique account created for You to access our Service or parts of our Service.
- Affiliate: Any entity that controls, is controlled by, or is under common control with the Company.
- Company / Firm: Thrivia.
- Cookies: Small data files stored on your device to enhance your browsing experience.
- Country: India (with principal jurisdiction in Uttar Pradesh).
- Device: Any device that can access the Platform, including mobile, tablet, and desktop.
- Personal Data: Any information relating to an identified or identifiable individual.
- Sensitive Personal Data: Information classified as sensitive under applicable laws (e.g., financial data, government IDs, health info), collected only as permitted by law.
- Service: The Platform and related features offered by Thrivia.
- Service Provider: Any entity that processes data on behalf of the Company. This includes cloud hosting, payment gateways, analytics services, and communication tools.
- Usage Data: Automatically collected data related to your interaction with the Platform.
- Website: https://www.thrivia.io
- You / User: Any natural person or legal entity lawfully accessing or using the Platform.
2. Applicability & Legal Basis
This Privacy Policy applies to:
- Visitors to the Platform
- Registered Users
- Users who browse, save, plan trips, or book experiences
- Users interacting with Experiences hosted by third-party Partners
Thrivia complies with:
- Digital Personal Data Protection Act, 2023 (DPDP Act, India)
- Information Technology Act, 2000
- SPDI Rules, 2011
- Industry best practices for data privacy and security
3. Categories of Data We Collect
We collect several types of information to operate, improve, secure, and personalise the Platform.
A. Personal Data (Directly Provided by You)
We may collect:
- Full name
- Email address
- Mobile number
- Username
- Profile information & preferences
- Demographic information voluntarily shared
- Information provided during account setup
- Information provided during support requests
- Information submitted during bookings, reviews, testimonials, or interactions
- Identity verification documents (only when required under law or for fraud prevention, and only with your explicit consent)
B. Sensitive Personal Data
Collected only:
- When explicitly required for verification, fraud prevention, or compliance
- After obtaining explicit consent
- Stored securely and processed strictly for limited purposes
Sensitive data may include:
- Government-issued IDs
- Payment instrument details (processed by third-party PCI-DSS compliant gateways—not stored by Thrivia)
- Travel-related personal preferences where required for bookings
C. Usage Data (Automatically Collected)
Includes:
- IP address
- Device identifiers
- Browser type, OS, screen size
- App version and diagnostics
- Pages visited, time spent, click events
- Location approximation (if allowed by device)
- Crash logs, performance metrics
This helps improve Platform performance and user experience.
D. Information from Third-Party Login Services
If you log in using Google, Facebook, Instagram, Twitter, or LinkedIn, we may receive:
- Name
- Email address
- Profile photo
- Contact lists (optional, only if shared by you)
- Social media activity relevant to login permissions
We use only what is necessary to operate the Service.
E. Information from Partners, Payment Providers & Analytics Tools
To enable your bookings and improve services, we receive limited data from:
- Partners hosting Experiences (booking status, fulfillment data)
- Payment gateways (payment confirmation, transaction IDs)
- Analytics tools (Mixpanel, Axiom)
- Cloud hosting services (AWS)
All such providers act under strict confidentiality and data processing agreements.
4. Cookies, Tracking & Similar Technologies
We use:
- Essential Cookies
- Functional Cookies
- Analytics Cookies
- Web Beacons
- Pixel tags
- Session storage and local storage
You may control Cookies via your browser settings. Rejecting cookies may reduce Platform functionality.
5. How We Use Your Personal Data
A. Providing and Maintaining the Service
- Account creation
- Booking experiences
- Search, discovery, and trip planning
- Content personalization
B. Platform Functionality
- User authentication
- Booking confirmations
- Communication and support
- Synchronizing your preferences across devices
C. Contract Performance
- Managing Experiences you book
- Sharing data with Partners where necessary
- Processing payments and refunds
D. Safety, Fraud Prevention & Compliance
We use your data to:
- Detect, investigate, and prevent fraud
- Enforce Terms & Conditions
- Prevent misuse or abuse of the Platform
- Comply with legal and regulatory requirements
- Verify identity where required
E. Improvement & Analytics
- Analysing usage trends
- Performance optimization
- Debugging issues
- Enhancing user experience
F. Communication
We may contact you for:
- Account notifications
- Bookings, changes, or cancellations
- Support responses
- Feature updates
- Marketing (only if you have not opted out)
You can opt out anytime.
6. Sharing Your Personal Data
A. Service Providers
Including:
- Cloud hosting (AWS)
- Analytics (Mixpanel, Axiom)
- Email/SMS push providers
- Payment gateways
B. Experience Partners
Only when necessary for:
- Booking confirmations
- Experience fulfillment
- Guest verification
- Customer support
Partners are contractually required to protect your data.
C. Affiliates
For operations consistent with this Policy.
D. Business Transfers
If Thrivia undergoes:
- Merger
- Acquisition
- Investment
- Reorganization
Your data may be securely transferred.
E. Law Enforcement
Only when legally required.
F. With Your Consent
In cases where you explicitly authorize sharing.
We DO NOT:
- Sell your personal data
- Share your data for advertising without consent
- Allow unauthorized third parties to access it
7. Data Retention
We retain your Personal Data:
- Only as long as necessary for legitimate business purposes
- To comply with legal, regulatory, tax, and audit requirements
- As long as your account remains active
After this period, your data is:
- Deleted, or
- Irreversibly anonymized
Backups may retain data for a limited time due to technical constraints but are not used for processing.
8. Cross-Border Data Transfer
Your data may be processed outside India. We ensure that:
- Transfers comply with DPDP Act requirements
- Appropriate safeguards (contracts, encryption) are in place
9. Deleting Your Personal Data
You may request:
- Account deletion
- Correction of inaccurate data
- Restriction of processing (where applicable)
Email: support@thrivia.io
We will process requests as per law.
Certain data may be retained if required for:
- Legal obligations
- Fraud prevention
- Dispute resolution
10. Security Measures
We use industry-standard measures:
- Encryption in transit and at rest
- Secure cloud infrastructure (AWS)
- Strict access controls
- Multi-factor authentication
- Regular audits and monitoring
- Firewalls and intrusion detection systems
However, no method is 100% secure.
11. Children's Privacy
Our Platform is not intended for individuals below the minimum age required under applicable Indian laws to enter into binding contracts.
We do not knowingly collect data from such individuals. If discovered, we will delete the data promptly.
12. Links to Other Websites
We are not responsible for:
- Privacy practices
- Content
- Data handling policies
of third-party websites. Please review their policies before providing information.
13. Changes to This Privacy Policy
We may update this Privacy Policy periodically.
We will:
- Update the "Last Updated" date
- Notify users through the Platform or email when appropriate
Continued use of the Platform constitutes acceptance.
14. Contact Us
If you have questions, requests, or complaints:
Email: support@thrivia.io