Your Privacy
Matters to Us

Welcome to ZoomFly. This Privacy Policy explains how ZoomFly Travel Services ("ZoomFly", "we", "us", or "our") collects, uses, stores, and protects your personal information when you use our website at zoomfly.in and related services.

By accessing or using ZoomFly's platform — including booking flights, hotels, packages, buses, or cabs — you agree to the terms of this Privacy Policy. If you do not agree, please refrain from using our services.

This policy applies to all users — customers, vendors, and visitors — across all ZoomFly services and platforms.

We collect information in the following categories:

We use your personal data for the following lawful purposes:

• Booking & Service Fulfilment: Processing flight, hotel, cab, bus and package bookings; sending confirmations via email and WhatsApp.
• Account Management: Creating and maintaining your ZoomFly account, authenticating your identity on login.
• Payment Processing: Initiating, verifying, and reconciling payments through Razorpay and UPI gateways.
• Customer Support: Responding to queries, complaints, and cancellation requests via WhatsApp, phone, or email.
• Marketing & Promotions: Sending exclusive deals, promo codes, and newsletters — only if you have opted in or subscribed.
• Legal & Compliance: Complying with applicable Indian laws, tax obligations, and government directives.
• Fraud Prevention: Detecting suspicious activity, preventing unauthorized access, and protecting our platform.
• Analytics & Improvement: Analysing usage patterns to improve our website, content, and booking experience.
• Vendor Onboarding: Verifying vendor credentials, communicating listing details, and managing vendor accounts.

We will never use your data for any purpose beyond what is stated here without obtaining your explicit consent first.

We do not sell your personal data. We may share your information only in the following limited circumstances:

• Service Partners: Hotels, bus operators, cab providers, tour operators who need your booking details to fulfil your travel service.
• Payment Processors: Razorpay and UPI payment infrastructure for processing and validating transactions.
• Technology Providers: Supabase (database & authentication), Vercel (hosting), and other platforms necessary to operate ZoomFly.
• Legal Obligations: Regulatory authorities, law enforcement, or courts when required by applicable Indian law.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity with prior notice.

ZoomFly uses cookies and similar technologies to enhance your experience on our platform. These include:

• Essential Cookies: Required for the website to function (login sessions, booking cart, security tokens). Cannot be disabled.
• Functional Cookies: Remember your preferences such as language, currency, and previously searched destinations.
• Analytics Cookies: Help us understand how users interact with our site (page views, session duration, click paths). We use anonymised data only.
• Marketing Cookies: Used to deliver relevant promotional content. These are only set if you have consented.

You can manage cookie preferences through your browser settings at any time. Disabling essential cookies may impact core functionality such as bookings and login.

All financial transactions on ZoomFly are processed through Razorpay, a PCI-DSS Level 1 certified payment gateway. We support the following payment methods:

• UPI (GPay, PhonePe, Paytm, BHIM)
• Credit & Debit Cards (Visa, Mastercard, RuPay)
• Net Banking
• NEFT/RTGS Bank Transfers
• EMI (select cards and providers)

ZoomFly does not store any card numbers, CVV, or banking passwords on our servers. All sensitive payment data is encrypted and handled exclusively by Razorpay's secure infrastructure.

We retain your personal data only for as long as necessary for the purposes it was collected, or as required by law:

• Active accounts: For the duration of your account plus 3 years after last activity.
• Booking records: 7 years from the date of booking (as required under Indian tax laws for GST compliance).
• Payment records: 7 years from transaction date as per RBI and GST requirements.
• Marketing communications: Until you unsubscribe or withdraw consent.
• Inactive accounts: Data deleted after 3 years of inactivity with prior notification.

Upon deletion, data is securely erased from our systems and all third-party processors are notified to remove associated records.

As a ZoomFly user, you have the following rights over your personal data:

• Right to Access: Request a copy of all personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete information.
• Right to Deletion: Request deletion of your account and associated personal data, subject to legal retention obligations.
• Right to Portability: Request your data in a structured, machine-readable format (JSON/CSV).
• Right to Withdraw Consent: Withdraw marketing consent at any time without affecting past processing.
• Right to Object: Object to processing of your data for direct marketing purposes.
• Right to Lodge a Complaint: File a complaint with ZoomFly's Grievance Officer (details below) or approach appropriate regulatory authorities.

To exercise any of these rights, please contact our Grievance Officer at s.admin@zoomfly.in with the subject line "Privacy Request — [Your Name]". We will respond within 30 days.

ZoomFly's services are not directed to children under the age of 18 years. We do not knowingly collect personal information from minors.

If a parent or guardian believes that their child has provided us with personal information without consent, they should contact us immediately at s.admin@zoomfly.in. We will promptly delete such information from our records.

Minors travelling as part of a family booking may have their details collected as part of the adult's booking. This data is used solely for travel documentation and fulfilment purposes.

ZoomFly may update this Privacy Policy from time to time to reflect changes in our services, technology, or applicable law. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page.
• Notify registered users via email to the address on their account.
• Display a prominent notice on our homepage for 30 days following significant updates.

Your continued use of ZoomFly after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

For any privacy-related queries, requests, or complaints, please contact our designated Grievance Officer as required under the Information Technology Act, 2000: