Privacy Policy
Last Updated: June 2026
Welcome to PlanMyOffbeat.com. We respect your privacy and are committed to protecting your personal data. This Privacy Policy informs you how we collect, handle, and store your personal data when you visit our website (regardless of where you visit it from), use our interactive trip planner, or participate in our Tour Provider Marketplace.
Since PlanMyOffbeat supports destination planning globally, this policy is written to comply with global data protection frameworks, including the General Data Protection Regulation (GDPR) for EU/EEA citizens, the California Consumer Privacy Act (CCPA) for California residents, and the Digital Personal Data Protection (DPDP) Act of India.
1. Data We Collect & Process
We collect and store data depending on your role on the platform:
A. For Travellers
- Identity & Account Data: Name, email address, profile picture, and Google login credentials (retrieved if you sign in via Google OAuth).
- Trip Request & Planner Snapshots: Detailed custom travel itineraries, nights per stop, budget preferences, transportation/meal preferences, headcount, specific sightseeing requirements, and flexible travel month settings.
- In-App Chat Transcripts: All messages, file attachments, and quotes sent between you and tour operators. Chats are stored on our servers to enable communication history and dispute resolution.
- Mutual-Consent Phone Reveal Logs: To verify contact-sharing consent, we log timestamps of when both you and a provider explicitly requested/consented to reveal phone numbers. Phone numbers remain fully masked prior to mutual consent.
- Feedback & Reviews: Operator ratings, stars, and written reviews submitted after booking completions.
B. For Tour Providers (Operators & Staff)
- Business Profile Data: Company name, description, address, cities of operation, website, languages spoken, and tour specialties.
- Mandatory KYC Documents: To verify company legitimacy and maintain marketplace safety, we collect metadata and files for:
- Permanent Account Number (PAN) details
- GST registration details
- Business registration certificates
- Tourism board or travel department licenses
- Bank account proof (cancelled checks or bank statements for manual payouts)
- Non-Aadhaar government-issued photo identity proof (Passport, Voter ID, or Driving License of the account owner)
- Staff Account Mapping: Links connecting the User accounts of managers, sales agents, and operations staff to their corresponding Provider Organization.
C. Technical & Usage Data
- IP addresses, browser client settings, device models, referrer URLs, operating systems, and page navigation history.
2. Cookies, Ads, & Web Beacons
We use functional cookies to save active trip planning states, auth tokens, and preferences. PlanMyOffbeat also displays advertising via third-party systems like Google AdSense:
- Google DoubleClick DART Cookies: Used by Google to serve relevant ads based on your visit to www.planmyoffbeat.com and other websites. You may opt out of DART cookies by visiting the Google Ad and Content Network Privacy Policy.
- Affiliate Cookies: Set by our affiliate partners (e.g. Booking.com) to track referrals if you click external links to make hotel or flight bookings.
3. How We Use Your Data
We process your personal data for the following legitimate purposes:
- To match traveller trip requests with qualified operators in specific service areas.
- To provide in-app chat messaging between travellers and operators.
- To enforce our mutual-consent phone reveal policy.
- To investigate disputes, complaints, or safety violations (administrators have access to review chat messages and logs for this purpose).
- To run and maintain audit logs of administrative actions (approving providers, validating documents, and registering manual bookings).
- To serve personalized AdSense advertisements.
4. Data Sharing & Third-Party Processors
We do not sell your personal data. We only share information in the following circumstances:
- With Tour Providers: When you submit a trip request, operators in that region receive your trip details (excluding your contact info). Your phone number is shared ONLY if both you and the provider click "Request Phone Number."
- With Cloud Hosting & File Storage: Document uploads and images are stored on secure cloud services (Vercel Blob / Cloudinary) and are protected with private document access controls.
- Legal Enforcement: We may share data if required by courts, regulatory authorities (such as under the India DPDP Board), or to prevent fraud.
5. Your Rights Under Global Laws
Depending on your location, you hold legal rights regarding your data:
- GDPR (Europe): You have the right to access, rectify, or erase your data, restrict processing, and request data portability.
- CCPA (California): You have the right to know what personal data is collected, request deletion, and opt-out of data "sales" or personalized ad targeting.
- DPDP Act (India): As a Data Principal, you have the right to seek correction, completion, and erasure of your personal data, and the right to withdraw consent. You also have the right to nominate an representative and file grievances.
To exercise any of these rights, or to request permanent deletion of your account and files, please email us at: planmyoffbeat@gmail.com. Deletion requests are processed within 48 hours.
6. Data Security & Retention
All communications use HTTPS. Admin portals are password-protected and restricted to authorized personnel. KYC documents are stored in secure storage buckets and never exposed publicly.
We retain operator KYC documents for as long as the provider account is active. Chat transcripts and trip records are stored to assist with dispute timelines and tax/commission reviews, after which they are deleted or anonymized.
7. Contact & Grievance Redressal
If you have any questions or wish to file a grievance under the India DPDP Act or other regulations, please contact our data coordinator at:
PlanMyOffbeat Privacy & Grievance Desk
Email: planmyoffbeat@gmail.com
Mobile: +91 84207 60502
Business WhatsApp: +91 84207 60502