Privacy Policy
Payaanam is your AI travel companion — it plans trips, helps you while you travel, and keeps your memories in one place. To do that, we handle some of your personal data. This policy explains, in plain language, what we collect, why, who we share it with, how long we keep it, and the rights you have over it.
1. Who we are
Payaanam (“Payaanam”, “we”, “us”, “our”) operates the Payaanam mobile application and the website at payaanam.online (together, the “Service”).
The entity responsible for your personal data — the Data Fiduciary under India's Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the Data Controller under the EU/UK GDPR — is:
- Legal entity: [Registered company / proprietor name]
- Registered address: [Street, City, State, PIN, India]
- Email: privacy@payaanam.online
2. Scope & your consent
This policy applies to all personal data we process when you create an account, plan or join a trip, chat with our AI, upload memories, or otherwise use the Service. By creating an account or using the Service, you confirm you have read this policy. Where the law requires consent (for example, for certain analytics or location use), we ask for it separately and you may withdraw it at any time as described in Section 12.
3. Data we collect
We collect only what we need to run the Service. We do not sell your personal data.
a. Account & identity
- Email address and name — to create and secure your account. Authentication is handled by Amazon Cognito.
- Password — stored and verified by Amazon Cognito in hashed form; we never see your plain-text password.
- Google Sign-In (optional) — if you sign in with Google, we receive your Google account email, name and profile picture. We do not access your Gmail, contacts, or files.
- Profile details — optional profile photo, travel persona/preferences, and your timezone (used to schedule notifications at a sensible local hour).
b. Travel content you create
- Trips — destinations, dates, budget, number of travellers, interests, travel style and accommodation preferences.
- AI chat messages — the conversations you have with the Payaanam AI to plan and manage trips.
- Memories — photos and videos you upload, stored in Amazon S3.
- Expenses & packing lists — amounts, descriptions and items you add to a trip.
- Documents — files you choose to attach to a trip (e.g. tickets, bookings).
c. Device & permission-based data
The app requests these device permissions only when you use the related feature, and you can decline or revoke them in your device settings:
- Camera & photo library — to capture or pick photos/videos for memories and your profile.
- Location (while in use) — to provide location-aware suggestions and context during an active trip. We do not track your location in the background.
- Notifications — to send trip reminders and updates via push.
- Files — to attach documents you select.
d. Technical & usage data
- Device & app data — device type, operating system, app version, language, and a push-notification token (via Firebase Cloud Messaging).
- Usage analytics — screens viewed, features used and interaction events, collected via PostHog to understand and improve the product.
- Log data — request metadata and error logs (via Amazon CloudWatch) needed to operate and secure the Service.
We do not intentionally collect special-category / sensitive data (such as health, religion or biometrics). Please avoid putting such information into chats, memories or documents.
4. How & why we use your data
| Purpose | Data used |
|---|---|
| Create and secure your account; authenticate sign-in | Email, name, password, Google profile |
| Generate AI itineraries and respond to your chats | Trip details, chat messages, location (when in use) |
| Store and display your trips, memories, expenses and documents | Travel content, uploaded media/files |
| Enable shared/group trips and collaboration | Name, email, trip content (see Section 7) |
| Send trip reminders and notifications | Push token, timezone |
| Measure and improve the product | Usage analytics, device/app data |
| Maintain security, prevent abuse, debug issues | Log data, device data |
| Comply with legal obligations and enforce our Terms | As necessary |
5. Legal bases for processing
Depending on the law that applies to you, we rely on one or more of the following:
- Performance of a contract — to provide the Service you signed up for (planning, storing and managing trips).
- Your consent — for camera/photo, location and notification permissions, and for non-essential analytics. You can withdraw consent at any time.
- Legitimate interests — to secure the Service, prevent fraud/abuse and improve our product, balanced against your rights.
- Legal obligation — where we must retain or disclose data to comply with applicable law.
6. AI processing
The core of Payaanam is an AI travel assistant. To answer you and build itineraries, your trip details and chat messages are processed by AI models and search tools, which may run on third-party infrastructure:
- Google Gemini and AI models accessed via OpenRouter / DeepInfra — to understand your requests and generate plans.
- Tavily — to search the web for places and travel information.
- Wikipedia / Wikimedia — for destination imagery and facts.
We send these providers only what is needed to fulfil your request. We do not use your private conversations to train our own advertising profiles, and we instruct our AI providers to process data solely to deliver the requested response. AI-generated suggestions (places, timings, costs, safety notes) can be inaccurate or out of date — always verify important details (bookings, visas, opening hours, safety) with official sources before you rely on them.
8. Third-party processors
| Provider | Purpose |
|---|---|
| Amazon Web Services (AWS) — Cognito, Lambda, DynamoDB, S3, API Gateway, CloudWatch | Authentication, application hosting, database, media/file storage, logging (region: Asia Pacific — Mumbai, India) |
| Google (Gemini, Sign-In, Firebase Cloud Messaging) | AI processing, optional sign-in, push notifications |
| OpenRouter / DeepInfra | Access to AI language models |
| Tavily | Web & place search for travel information |
| Wikimedia | Destination images and facts |
| PostHog | Product analytics |
| Vercel | Website hosting and website analytics |
This list may change as our Service evolves; we will keep it current.
9. International data transfers
Our primary infrastructure is hosted in India (AWS Asia Pacific — Mumbai). Some processors (e.g. AI and analytics providers) may process data in other countries, including the United States and the EU. Where we transfer personal data across borders, we rely on appropriate safeguards such as Standard Contractual Clauses or transfers to countries the relevant regulator considers adequate, and we only transfer to destinations not restricted under applicable law (including the DPDP Act).
10. How long we keep your data
- Account & trip content — kept while your account is active, so your trips and memories remain available to you.
- After account deletion — we delete or anonymise your personal data within a reasonable period, except where we must retain certain records to meet legal, tax, security or dispute-resolution obligations.
- Analytics & logs — retained for a limited period and then deleted or aggregated.
- Shared trip content — content you contributed to a group trip may remain visible to other members of that trip after you leave; you can remove your own memories before leaving.
11. How we protect your data
We use industry-standard safeguards: encryption in transit (HTTPS/TLS), encryption at rest for stored data, managed authentication with hashed passwords via Amazon Cognito, JWT-protected APIs, and access controls that limit who and what can reach your data. No method of transmission or storage is completely secure, but we work to protect your information and to notify you and the relevant authority of a personal-data breach where the law requires.
12. Your rights & choices
Subject to applicable law, you can:
- Access a copy of the personal data we hold about you.
- Correct inaccurate or incomplete data — you can edit most profile and trip details in the app.
- Delete your account and associated personal data from within the app, or by contacting us.
- Withdraw consent for permissions (camera, photos, location, notifications) via your device settings, and for analytics by contacting us.
- Object to or restrict certain processing, and request portability of data you provided, where the law grants these rights.
- Complain to us or to your data-protection authority.
To exercise any right, email privacy@payaanam.online. We will respond within the timeframe required by applicable law and may need to verify your identity first.
13. India — Digital Personal Data Protection Act, 2023
If you are in India, you are a Data Principal and we are the Data Fiduciary. In addition to the rights above, you have the right to: access information about your data and processing; correction, completion, updating and erasure of your data; nominate another person to exercise your rights in the event of death or incapacity; and grievance redressal.
We process your data for lawful purposes for which you have given consent or which are legitimate uses under the Act. You may withdraw consent as easily as you gave it. Our Grievance Officer handles DPDP-related complaints:
- Grievance Officer: [Name]
- Email: grievance@payaanam.online
- Address: [Registered address, India]
If unresolved, you may approach the Data Protection Board of India. This Service also complies with the Information Technology Act, 2000 and its rules on reasonable security practices.
14. EU / UK — GDPR
If you are in the European Economic Area or the United Kingdom, we act as the data controller for your personal data and process it on the legal bases in Section 5. You have the rights of access, rectification, erasure, restriction, objection, portability, and to lodge a complaint with your local supervisory authority. Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
15. California — CCPA / CPRA
If you are a California resident, you have the right to know what personal information we collect and how we use it, to request access and deletion, to correct inaccurate information, and to not be discriminated against for exercising your rights. We do not sell or “share” your personal information for cross-context behavioural advertising as those terms are defined under California law. To exercise your rights, contact privacy@payaanam.online.
16. Children
Payaanam is intended for adults. We do not knowingly create accounts for, or knowingly collect personal data from, children under 18 without verifiable parental or guardian consent, as required by the DPDP Act. We do not engage in tracking, behavioural monitoring, or targeted advertising directed at children. If you believe a child has provided us data without consent, contact us and we will delete it.
18. Changes to this policy
We may update this policy as the Service or the law evolves. We will revise the “Last updated” date and, for material changes, notify you in the app or by email. Continued use after an update means you accept the revised policy.
19. Contact & grievances
For any privacy question, request or complaint:
- Privacy: privacy@payaanam.online
- Grievance Officer (India): grievance@payaanam.online
- Entity: [Legal name & registered address]