Privacy Policy
1. Who we are
BECURATED STUDIIOS LLP, operating as Curanza ("we", "us", "our"), is the Data Fiduciary responsible for your personal data. Our registered office is 14/42, 9th Cross, Munishwara Layout, Kudlu Main Road, Bangalore 560068, Karnataka, India. This policy explains what we collect, why, how we use it (including how we use AI to design your journeys), and the rights you have. Read it with our Terms & Conditions.
2. Definitions
Personal data is any data about an individual who is identifiable by or in relation to it. Data Principal is the individual the data relates to (you). Data Fiduciary is the entity that decides why and how data is processed (Curanza). Data Processor is an entity that processes data on our behalf. Processing is any operation on personal data, such as collection, storage, use, disclosure or deletion.
3. What we collect
We limit collection to what we need to deliver the service and meet legal obligations:
- Identity: name, date of birth, and government ID or passport details where required for travel.
- Contact: email, phone number, postal address.
- Booking and financial: booking history and billing details. Card payments are handled by our payment gateway; we do not store card numbers.
- Travel preferences: interests, pace, budget, and any dietary, medical or accessibility requirements you share.
- Usage: IP address, browser type, pages visited and device identifiers.
4. How we use your data
- Process and manage bookings, payments and refunds.
- Design and personalise your itinerary, including with AI assistance (Section 6).
- Send confirmations, trip updates and support communications.
- Send marketing only after you opt in, with an easy way to unsubscribe.
- Understand usage to improve the service.
- Comply with legal and regulatory obligations.
5. Lawful basis
We process personal data primarily on the basis of your consent, which is free, specific, informed and withdrawable, and on the other legitimate uses permitted under the Digital Personal Data Protection Act, 2023. We process sensitive details such as medical, dietary or accessibility needs only with your consent and only as needed to deliver your journey.
6. AI-assisted itinerary creation
We use AI tools to help design and personalise your itinerary from the preferences you share. We do this responsibly:
- Data minimisation: we use only what's needed to build your itinerary and, where practical, remove or mask direct identifiers before data is processed by an AI tool. We do not send payment details to AI tools.
- Providers as processors: third-party AI providers act as our Data Processors under contract, are bound by confidentiality and security obligations, and are instructed not to use your personal data to train their models.
- Human oversight: AI outputs are reviewed by our team before they are shared with you. AI is never the sole basis for a decision that significantly affects you.
- Accuracy: AI content can occasionally be wrong or out of date. We verify key details such as availability, pricing and safety, and recommend you confirm time-critical details before relying on them.
- Your choices: you can ask how AI was used in your itinerary, ask a person to review or prepare it without AI, or object to AI-assisted processing, by contacting us.
7. Where your data is stored
Our core systems and database are hosted in India. Some suppliers and AI providers may process limited personal data outside India. Where that happens, we transfer data only to countries not restricted for this purpose by the Government of India, and we put appropriate contractual and security safeguards in place.
8. Sharing and disclosure
We do not sell or rent your personal data. We share it only when necessary and under safeguards:
- Suppliers: accommodation, transport and local operators, on a need-to-know basis under confidentiality terms.
- Service providers: our payment gateway, email and IT providers, and AI providers, as our Data Processors under contract.
- Authorities: where legally required.
- With your consent: for anything else.
9. Retention and deletion
We retain personal data for as long as your relationship with us is active, plus up to seven years where required for legal and tax compliance. Sensitive details are deleted promptly after your trip unless you have consented otherwise. AI prompts and outputs are kept only as long as needed for the purpose they were created for. You may request erasure at any time, subject to our legal obligations.
10. Security
We apply reasonable safeguards, including encryption in transit (TLS), access controls with role-based permissions, regular backups, and staff confidentiality and training. We require our processors to maintain equivalent safeguards.
11. Your rights
As a Data Principal under the DPDP Act, 2023 you may: access a summary of the data we hold and how we process it; correct or update it; request erasure (subject to legal limits); withdraw consent at any time for consent-based processing; nominate someone to exercise your rights in the event of death or incapacity; and seek grievance redressal. To exercise any of these, contact hitusup@curanza.in.
12. Children
Our service is for adults aged 18 and over, and we do not knowingly collect the personal data of children. We do not carry out tracking, behavioural monitoring or targeted advertising directed at children. If we learn we have collected a child's data, we will delete it.
13. Cookies
We use cookies and similar technologies for site functionality, analytics and, with your consent, marketing. You can manage preferences through our cookie banner or your browser settings.
14. Data breaches
If a personal data breach occurs, we will take prompt remedial action and notify affected Data Principals and the Data Protection Board of India as required under applicable law.
15. Grievances and contact
For any question, request or complaint about your personal data, contact our Grievance Officer at hitusup@curanza.in. We acknowledge grievances promptly and aim to resolve them within 30 days. If your concern remains unresolved, you may escalate it to the Data Protection Board of India.
16. Updates
We may update this policy from time to time and will notify you of material changes by email and on the website.