Privacy Policy
Last updated: 20 May 2026
1inalltravel ("we," "us," or "our"), operating from Kolkata, India, provides a specialized Customer Relationship Management (CRM) and workflow automation SaaS platform designed for travel agencies and tour operators. We are committed to protecting the privacy of our subscribers (travel agents and businesses) and their authorized users.
This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform accessible via https://www.1inalltravel.com (the "Website") and associated services (collectively, the "Service").
This policy is drafted in compliance with the Indian Information Technology Act, 2000, the Digital Personal Data Protection (DPDP) Act, 2023, and where applicable, global data protection regulations like the General Data Protection Regulation (GDPR).
### 1. Important Notice: Data Fiduciary vs. Data Processor * **For Subscriber/Account Data:** 1inalltravel acts as a **Data Fiduciary** (or Data Controller) regarding the personal information collected directly from travel agents establishing accounts (e.g., name, business email, billing details). * **For End-Traveler/Customer Data:** When travel agents input, upload, or manage their customers' personal data (traveler names, passports, itineraries, flight details) within our CRM, 1inalltravel acts strictly as a **Data Processor**. The subscribing travel agency remains the **Data Fiduciary** and is solely responsible for obtaining requisite lawful consent from their end-travelers.
### 2. Information We Collect
#### A. Information You Provide to Us (Account Data) * **Identity & Contact Data:** Name, business registration details, business address, email address, phone number, and account passwords. * **Financial & Billing Data:** Billing address, GSTIN (for Indian businesses), and partial payment details (processed securely via PCI-DSS compliant third-party payment gateways).
#### B. Data Processed Within the CRM (End-Traveler Data) To provide workflow automation, lead generation, and invoicing features, the Service allows you to upload and store information regarding your travel clients, including names, contact info, travel preferences, flight itineraries, passport details, and billing records.
#### C. Automatically Collected Data (Technical Data) * **Log and Usage Data:** IP addresses, browser types, device information, system configurations, and patterns of how you interact with our workflow features.
### 3. How We Use Your Information We process your personal information based on lawful bases, primarily to fulfill our contract with you, or based on your explicit consent: * To set up, manage, and maintain your CRM subscriber account. * To execute automated workflows, generate invoices, and manage itineraries as directed by your inputs. * To process subscription billings and comply with statutory Indian tax laws (GST). * To send technical updates, security alerts, and administrative support messages. * To detect, prevent, and mitigate technical errors, fraud, or misuse of our system.
### 4. Data Storage, Location, and Security Your data is securely stored using enterprise-grade cloud servers. In alignment with Indian regulations and international security standards: * **Security Practices:** We implement robust administrative, technical, and physical security controls (including HTTPS encryption, database access firewalls, and token-based authentication) to prevent unauthorized access or leaks. * **Data Localization:** Account data and CRM data are stored and processed in compliance with cross-border data transfer rules under the DPDP Act 2023 and other regional requirements.
### 5. Sharing and Disclosure of Information We do not sell, trade, or rent your personal or business data. We share information only with trusted third parties essential to running our platform: * **Cloud Infrastructure Providers:** For secure hosting and database services. * **Payment Processors:** To securely handle recurring subscription fees. * **Communication APIs:** To allow your CRM to send automated emails/SMS alerts to your clients as configured by you. * **Legal Requirements:** We may disclose your information to law enforcement or statutory authorities in Kolkata, West Bengal, or national Indian authorities if required to do so by applicable laws, court orders, or regulations.
### 6. Your Rights Under the DPDP Act, 2023 If you are accessing our platform from India, you possess the following statutory rights regarding your personal information: * **Right to Access and Summary:** The right to request a summary of your personal data processed by us and the identities of third parties with whom it has been shared. * **Right to Correction and Erasure:** The right to correct inaccuracies, update old details, or request the erasure of your personal data when it is no longer necessary for the original purpose. * **Right to Grievance Redressal:** The right to register a grievance with our Grievance Officer regarding any perceived compliance breach. * **Right to Nominate:** The right to nominate an individual to exercise your rights on your behalf in the event of death or incapacity.
### 7. Grievance Officer In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, if you have any questions, concerns, or grievances regarding this Privacy Policy or our data management practices, please contact our designated Grievance Officer:
* **Attn:** Grievance Redressal Officer * **Company Name:** 1inalltravel * **Address:** Kolkata, West Bengal, India * **Email:** support@1inalltravel.com
### 8. Changes to This Privacy Policy We reserve the right to modify this Privacy Policy at any time. Any changes will be posted on this page with an updated "Last Updated" date. Continued use of our CRM software after modifications signifies acceptance of the revised policy.