Privacy Policy

How we collect, use, store, and protect your personal information when you use ACF Tourism.

Last updated: 23 April 2026

1. Scope

This Privacy Policy describes how ACF Tourism Pvt Ltd (“ACF Tourism”, “we”, “our”) handles the personal information of visitors, customers, and travel-agent users of acftourism.com. It applies to data collected through our website, mobile web app, emails, and customer support interactions.

This policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (as applicable from enforcement).

2. Information We Collect

2.1 Information you provide

  • Name, email, phone number, date of birth, gender.
  • Traveller details (name, DOB, passport for international bookings).
  • Billing address; for agents: GSTIN, PAN, state code, agency name.
  • Booking details: itinerary, class of travel, special service requests.
  • Support tickets and the messages you share with us.

2.2 Information collected automatically

  • Device information, IP address, browser type, operating system.
  • Pages viewed, search queries, time spent — via cookies and server logs.
  • Authentication cookies (HTTP-only, Secure, SameSite) to maintain sessions.

2.3 Information from third parties

  • Payment status + transaction references from CCAvenue / payment gateways.
  • PNR, e-ticket, and fare-rule data from airlines / consolidators (Tripjack, Riya Travel).
  • Fraud / blocklist signals from risk-scoring partners, where applicable.

Sensitive data we do not store

We do not store your card number, CVV, UPI PIN, or net-banking password. These are handled exclusively by PCI-DSS-compliant payment gateways.

3. How We Use Your Information

  • Process bookings, issue tickets, and deliver confirmations.
  • Provide customer support, refunds, cancellations, and reschedule.
  • Send transactional alerts (SMS / email) for booking status, payment, and support.
  • Issue GST-compliant tax invoices to B2B agents.
  • Detect and prevent fraud, abuse, or violations of these Terms.
  • With your explicit opt-in, send marketing communications (you can unsubscribe any time).
  • Comply with legal obligations (tax filings, law-enforcement requests).

4. Sharing of Information

We share your information only to the extent necessary for the services you request:

  • Airlines / travel suppliers — to issue and fulfil the ticket.
  • Payment gateway (CCAvenue) — to process transactions.
  • Email / SMS providers (Resend, MSG91) — to deliver transactional messages.
  • Cloud hosting & support tools — to run the Platform.
  • Regulators / tax authorities — where required by law.

We never sell your personal information to third parties for their own marketing.

5. Cookies

We use cookies for (a) essential site functionality, (b) maintaining your login session, (c) anonymous analytics. You can disable cookies in your browser settings, but some features (booking, wallet) will not work without them.

6. Data Retention

  • Booking records: retained for up to 8 years to satisfy tax audit requirements.
  • Marketing opt-in lists: retained until you unsubscribe.
  • Support ticket conversations: retained for 3 years from ticket closure.
  • Access logs: rolling 90 days, then anonymised.

7. Security

We implement industry-standard technical and organisational measures: TLS in transit, encrypted data at rest on managed databases, bcrypt-hashed passwords, short-lived password-reset tokens (SHA-256 hashed, 1-hour expiry, one-time-use), rate-limited login endpoints, and least-privilege access for staff.

8. Your Rights

You may, at any time, by emailing us at grievance@acftourism.com:

  • Request a copy of the personal data we hold about you.
  • Ask us to correct inaccurate data.
  • Ask us to delete your account data (subject to tax-retention minimums).
  • Withdraw consent to marketing communications.
  • Object to automated decisions that materially affect you.

9. Grievance Officer

In compliance with Section 5(9) of the IT Rules, 2021:
Name: [Grievance Officer Name]
Email: grievance@acftourism.com
Phone: +91 98765 43210
Complaints are acknowledged within 24 hours and resolved within 15 days.

10. Children

The Platform is not intended for children under 18. We do not knowingly collect data from minors except where a parent or guardian makes a booking on their behalf (traveller details only, no account creation).

11. Changes to This Policy

We may update this Privacy Policy. Material changes are notified on the Platform and via email to registered users 30 days before taking effect.

12. Contact

For any privacy-related queries, email legal@acftourism.com.