Back to Traviq
Legal

Privacy Policy

Last updated · 13 May 2026

This Privacy Policy explains how Drumworks Ventures (“Traviq,” “we,” “us”) collects, uses, shares, and stores personal data when you and your colleagues use the Traviq corporate travel platform at traviq.co and its subdomains. It is published in line with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000, and the IT (Reasonable Security Practices) Rules, 2011.

1. Who we are

Traviq is operated by Drumworks Ventures, a Partnership Firm registered in India.

  • GSTIN: 27AASFD4920E1ZE
  • PAN: AASFD4920E
  • Registered address: Chembur, Mumbai 400089, Maharashtra, India
  • Contact: [email protected]

2. What we collect

To run your corporate travel, we process the following categories of personal data:

  • Account & company data — company legal name, GSTIN(s), billing address, authorised signatory name, work email, work phone.
  • Traveller profile data — employee name, work email, work phone, gender, date of birth, passport number (for international travel), nationality, frequent-flyer numbers, seat / meal preferences, dietary needs.
  • Booking & itinerary data — flight, hotel, and ground-travel searches and bookings, fare details, PNRs, e-tickets, hotel vouchers, change / cancellation history.
  • Tax & invoice data — GSTINs of buyer and supplier, place of supply, HSN / SAC codes, taxable value, tax components (CGST / SGST / IGST), Invoice Reference Numbers (IRN) where issued by partner agencies.
  • Payment metadata — payment method, last four digits, transaction ID, status. Full card / bank details are handled by Razorpay (RBI-PA licensed) and never stored by Traviq.
  • Usage data — IP address, browser type, pages visited, timestamps, session identifiers, error logs.

3. Why we collect it

We use personal data only for the purposes you would expect from a corporate travel platform:

  • Issuing flight, hotel, and ground-travel bookings through our IATA-accredited partners.
  • Generating, reconciling, and delivering GST-compliant invoices.
  • Processing payments and refunds through Razorpay.
  • Enforcing your company’s travel policy and approval rules.
  • Operating customer support, fraud prevention, and security monitoring.
  • Meeting our statutory obligations (Income Tax Act, GST Act, FEMA, IT Act, DPDP Act).

We do not sell personal data. We do not use traveller data for advertising, profiling, or any purpose unrelated to corporate travel.

4. Who we share it with

Traviq is a software layer on top of regulated travel and payment partners. To deliver the service, personal data is shared with:

  • TravClan and Tripjack — our IATA-accredited ticketing partners who issue your flight and hotel bookings.
  • Airlines, hotels, GDS, and aggregators reached through those partners, to fulfil your booking.
  • Razorpay — our RBI-licensed payment aggregator, for collecting payments and processing refunds.
  • GSTN, the Invoice Registration Portal (IRP), and statutory authorities — for tax filings, invoice authentication, and audit responses.
  • Infrastructure providers — cloud hosting, email delivery, analytics, and error logging, under written data-processing agreements.
  • Professional advisors — auditors and legal counsel under confidentiality obligations.

5. Where it is stored

Personal data is stored on servers located in India and the European Union, with encryption in transit (TLS) and at rest. Some partners (e.g. global airlines) may process booking data in other jurisdictions; that processing is governed by their own privacy notices.

6. How long we keep it

We retain booking, invoice, and tax data for seven (7) years from the end of the relevant financial year, as required by the Income Tax Act, the CGST Act, and audit standards. Traveller profile data is retained while you remain a Traviq user and is deleted on written request, subject to the same statutory retention period for records tied to a completed booking.

7. Your rights under the DPDP Act

If you are a Data Principal under the DPDP Act, you may:

  • Ask for a summary of the personal data we hold about you.
  • Ask us to correct, complete, or update inaccurate data.
  • Ask us to erase personal data that is no longer needed for a lawful purpose.
  • Withdraw consent that was the legal basis for processing.
  • Nominate another individual to exercise these rights on your behalf.
  • Raise a grievance with our Grievance Officer (see Section 9).

Send any of these requests to [email protected]. We respond within thirty (30) days.

8. Security

We follow reasonable security practices: TLS in transit, encryption at rest, role-based access, audit logs, multi-factor authentication on administrative accounts, and regular backups. No system is perfect; if you suspect unauthorised access to your data, please write to [email protected] immediately.

9. Grievance Officer

All privacy requests go to [email protected]. If we haven’t responded within seven (7) business days, or you’re not satisfied with the response, our Grievance Officer personally takes over:

  • Name: Nameet Potnis
  • Designation: Co-founder, Drumworks Ventures
  • Email: [email protected] (mark the subject “Grievance Officer”)
  • Address: Chembur, Mumbai 400089, Maharashtra, India

The Grievance Officer responds within thirty (30) days, as required by the DPDP Act.

10. Changes

We update this Privacy Policy when our practices change or when the law requires it. Material changes are announced at the top of this page; the “Last updated” date always reflects the current version.