๐ Your privacy matters. TRACKINN is committed to protecting your personal information and being transparent about how we collect and use it. This policy explains our practices clearly โ no legal jargon.
1. Overview
TRACKINN Technologies Pvt. Ltd. ("TRACKINN", "we", "us", or "our") operates India's leading Hotel Management SaaS platform at trackinn.in. This Privacy Policy explains how we collect, use, store, and protect information about hotel owners, hotel staff, guests, and visitors to our website and platform.
By using the TRACKINN platform, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of our services.
2. Data We Collect
We collect the following categories of information:
2.1 Hotel Owner & Staff Data
- Full name, email address, and phone number during registration
- Hotel name, address, GSTIN, and business PAN
- Bank account details for payment settlement (stored encrypted)
- Usage data โ pages visited, features used, session duration
- Device information โ browser type, IP address, OS
2.2 Guest / Traveller Data (Collected by Hotels via TRACKINN)
- Full name, contact number, and email address
- Aadhaar, PAN, Passport, or Voter ID details (for KYC and Sarai compliance)
- Check-in and check-out dates, room number, and booking details
- Payment information (card last 4 digits, UPI ID โ never full card numbers)
- Nationality and address as required by Sarai API regulations
2.3 Automatically Collected Data
- Log data: IP address, browser type, time of access, pages viewed
- Cookies and local storage for session management and theme preferences
- Performance analytics to improve platform speed and stability
3. How We Use Your Data
We use the data we collect for the following purposes:
- Service Delivery: To provide hotel management, billing, check-in, and analytics features.
- Sarai API Compliance: Guest KYC data is transmitted to the Ministry of Tourism's Sarai API as required by law for all hotels in India.
- GST Invoicing: Hotel owner GSTIN and booking data are used to auto-generate GST-compliant invoices.
- Payment Processing: Booking payment data is processed via Razorpay/Stripe in compliance with PCI-DSS.
- Communication: We send transactional emails, platform alerts, and โ with your permission โ product updates.
- Security: To detect and prevent fraudulent access or suspicious activity on the platform.
- Product Improvement: Anonymized, aggregated usage data helps us build better features.
4. Data Sharing
We do not sell your personal data. We share data only in these specific circumstances:
- Government & Legal Requirements: Sarai API (Guest data as mandated by Indian law), GST portal, and law enforcement when legally compelled.
- Payment Processors: Razorpay and Stripe receive minimal payment data required to process transactions. They are PCI-DSS compliant.
- Cloud Infrastructure: AWS and Google Cloud store our data in India-based data centers (ap-south-1, Mumbai region).
- Analytics (Anonymized Only): We use Plausible Analytics which processes no personal data and stores nothing identifiable.
- Hotel Operators: Guest data entered through TRACKINN is accessible to the specific hotel managing that guest's booking.
5. Data Storage & Security
- All data is stored in AWS Mumbai (ap-south-1) and Google Cloud Mumbai โ within India's geographic boundaries.
- Guest KYC documents (Aadhaar, Passport scans) are encrypted using AES-256 and stored in isolated S3 buckets.
- Bank account and payment details are tokenized โ never stored in plaintext.
- All data in transit is protected by TLS 1.3 encryption.
- We conduct quarterly security audits and annual penetration tests.
- Hotel data is retained for 7 years for GST compliance, then securely deleted.
- Inactive accounts are deleted after 3 years of no login activity, with prior notice.
6. Your Rights
Under India's Digital Personal Data Protection (DPDP) Act and GDPR principles, you have the right to:
- Access: Request a copy of all your personal data we hold.
- Correction: Update or correct inaccurate information at any time via your account settings or by contacting us.
- Deletion: Request deletion of your account and associated data (subject to legal retention requirements like GST).
- Portability: Export your hotel and booking data in CSV/JSON format.
- Opt-out: Unsubscribe from marketing communications at any time via the unsubscribe link in emails.
- Grievance Redressal: Contact our Grievance Officer within 30 days for any privacy concerns.
To exercise any of these rights, email us at privacy@trackinn.in with the subject "Data Rights Request".
7. Cookies & Local Storage
We use the following cookies and browser storage:
- Essential Cookies: Session tokens for keeping you logged in. Cannot be disabled without breaking the platform.
- Preference Storage: Theme (dark/light mode) preference stored in localStorage โ contains no personal data.
- No Third-Party Ad Cookies: We do not use Google Ads, Meta Pixel, or any advertising cookies.
You can clear cookies and localStorage via your browser settings at any time.
8. Children's Privacy
TRACKINN is a B2B platform designed for hotel businesses and their adult staff. We do not knowingly collect personal data from individuals under 18 years of age. If we discover that a child has provided us with personal information, we will delete it immediately. Contact us at privacy@trackinn.in if you believe a child's data has been submitted.
9. DPDP Act Compliance (India)
TRACKINN fully complies with India's Digital Personal Data Protection Act, 2023 (DPDP Act). Specifically:
- We process personal data lawfully, with explicit consent or for legitimate hotel management purposes.
- Our Data Fiduciary is TRACKINN Technologies Pvt. Ltd., registered in Bangalore, India.
- Our Grievance Officer is available at: grievance@trackinn.in | +91 98765 43210
- We respond to data grievances within 30 calendar days as mandated by the Act.
- Cross-border data transfers (if any) comply with Section 16 of the DPDP Act.