Effective date: September 27, 2025
Who we are: Yatra Fleet (“we”, “us”, “our”)
Contact: info@yatrafleet.com

This notice explains what personal data we collect, how we use it, who we share it with, how long we keep it, and the rights available to you. It’s written for customers, site visitors, and business partners/vendors. This is an informational template—not legal advice.

1) Scope

This Privacy Policy applies to:

• Website & apps: yatrafleet.com and any subdomains, mobile web, and in-product experiences.

• Marketplace services: browsing listings, creating accounts, making bookings, payments, reviews, and support.

• Partner portal: vendor/operator onboarding, KYC, payout processing, and performance dashboards.

It does not cover third-party sites you visit via outbound links.

2) Data we collect

A. Data you provide directly

• Account & profile: name, email, phone, password, photos, preferences.

• Booking details: pickup/drop locations, dates, passengers, special requests.

• Payments: billing details (processed by our payment provider—see “Sharing”).

• Support & disputes: messages, attachments, call/chat recordings (where applicable).

• Partner/KYC (vendors): business name, GST/PAN, driver licences, vehicle RC/permit/insurance, bank/UPI details, service coverage, pricing.

B. Data collected automatically

• Device & usage: IP address, device type, OS/browser, pages viewed, clicks, session duration, referring/exit pages.

• Location signals: city/region derived from IP or (if you allow) precise location; used for search and relevance.

• Cookies & similar tech: see “Cookies” section.

C. Data from third parties

• Identity & fraud checks (where applicable).

• Payment status from payment providers.

• Maps/geocoding (e.g., Google Maps Platform, Geoapify) for distance and directions.

• Analytics & performance (e.g., Google Analytics/Cloudflare).

3) Why we use your data (purposes & legal bases)

We process personal data to:

1. Provide the service (create accounts, show listings, manage bookings, route notes, notifications).

   • Legal bases: Contract; Legitimate Interests.

2. Payments & payouts (process customer payments, vendor payouts, invoices, refunds).

   • Legal bases: Contract; Legal Obligation.

3. Safety, compliance & dispute resolution (verify vendors, prevent fraud, handle complaints).

   • Legal bases: Legitimate Interests; Legal Obligation.

4. Improve and secure our platform (debugging, analytics, performance monitoring).

   • Legal bases: Legitimate Interests.

5. Marketing with consent (newsletters, occasional offers). You can opt out anytime.

   • Legal bases: Consent; Legitimate Interests (where permitted).

6. Personalization (remember preferences, city defaults, language).

   • Legal bases: Consent (for non-essential cookies); Legitimate Interests.

We do not use automated decision-making that produces legal or similarly significant effects.

4) Sharing & disclosure

We share data only as needed to run Yatra Fleet:

• Vendors/operators: we share necessary booking details so they can fulfill your trip (e.g., name, pickup/drop, contact number, route notes).

• Payment processors: e.g., Razorpay/Stripe (card/UPI processing); we never store full card numbers.

• Maps/geocoding & routing: e.g., Google Maps Platform, Geoapify.

• Infrastructure & security: hosting (e.g., data center/hosting provider), CDN/WAF (e.g., Cloudflare), email/SMS gateways, analytics, error logging.

• Professional advisers & compliance: auditors, accountants, legal counsel, law enforcement when required.

• Business transfers: in a merger/acquisition, data may transfer under the same protections.

We do not sell personal data. If we ever engage in cross-context behavioral advertising, we will update this policy and provide opt-out mechanisms.

5) Data retention

We keep data only as long as needed for the purposes above:

• Accounts & profiles: retained while your account is active; deleted or anonymized 24 months after inactivity (unless needed for legal claims).

• Bookings & invoices: typically 7 years for tax/audit.

• Support/disputes: for the duration of the case plus 3 years.

• Cookies/analytics: see cookie lifetimes; most range from session to 24 months.

When retention ends, we delete or irreversibly anonymize data.

6) International transfers

We may store or process data outside your country via trusted providers. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses). By using our services, you understand your data may be transferred internationally.

7) Security

We employ administrative, technical, and physical safeguards, including encryption in transit (HTTPS), role-based access, least-privilege, and monitoring. No method is 100% secure; we work to prevent, detect, and respond to incidents promptly.

8) Cookies & similar technologies

We use:

• Strictly necessary: login, session management, security.

• Functional: remember preferences (language/city).

• Analytics/performance: traffic measurement, diagnostics.

• Advertising (optional): only with consent.

You can control cookies via our banner, your browser settings, or system-level mobile settings. Blocking some cookies may affect features.

9) Your rights

Your privacy rights depend on your location. Subject to legal limits, you may have the right to:

• Access a copy of your data.

• Correct inaccurate data.

• Delete your data (erasure).

• Restrict or object to certain processing.

• Port data to another service.

• Withdraw consent where processing relies on consent.

• Lodge a complaint with a regulator.

India (DPDP Act, 2023)

You can access, correct, and erase personal data; withdraw consent; and nominate a person to exercise rights.
Grievance Officer (India): [Name], info@yatrafleet.com
Regulator: Data Protection Board of India.

European Economic Area/UK (GDPR/UK GDPR)

Controller: Yatra Fleet ([insert legal entity and address]).
Supervisory authority: contact your local authority; in the UK, the ICO.

California (CPRA)

We do not sell or share personal information as defined by CPRA. You may request access, deletion, and correction. We honor browser-based opt-out signals where required.

To exercise rights, email info@yatrafleet.com with the subject “Privacy Request” and specify your request. We may verify your identity before acting.

10) Children’s privacy

Our services are not directed to children under 18. If you believe a minor provided data, contact us at info@yatrafleet.com and we’ll take appropriate steps.

11) Vendor/Partner privacy specifics

If you are a vendor/operator:

• We process KYC/compliance data to verify eligibility and maintain a safe marketplace.

• We display public business info you choose to publish (e.g., name, city coverage, vehicle types).

• We share necessary job details with customers and relevant partners.

• You are an independent controller for data you collect directly from customers; please maintain your own privacy notices and compliance.

12) Communications

• Transactional: booking confirmations, driver details, receipts, policy updates.

• Service & policy updates: important changes related to your account or legal terms.

• Marketing: only with consent (where required). Unsubscribe links are included.

13) Third-party services (examples)

We rely on reputable providers that may process data on our behalf:

• Hosting/Infrastructure/CDN: e.g., Hostinger, Cloudflare.

• Payments: e.g., Razorpay/Stripe.

• Analytics & diagnostics: e.g., Google Analytics, error logging.

• Maps/Geocoding: Google Maps Platform, Geoapify.

The specific vendors and locations can change. Material changes affecting your data will be reflected here.

14) Changes to this policy

We’ll update this page when we make meaningful changes and adjust the “Effective date.” If changes are significant, we’ll provide additional notice (e.g., email or in-product).

15) Contact us

Email: info@yatrafleet.com