Translations are powered by Google Translate and may not be fully accurate. For the official and legally binding version of this Privacy Policy please refer to the English text above."
Travdigi OPC Private Limited is the Data Controller responsible for your personal data. We operate a verified digital identity platform that enables instant hotel check-ins worldwide, replacing traditional paper-based guest registers with a secure, encrypted, legally compliant digital system.
This policy applies to:
We process your personal data on the following lawful bases:
| Processing Activity | Lawful Basis |
|---|---|
| Account creation and identity verification | Performance of contract — to provide the service you requested |
| Hotel check-in and digital register generation | Legal obligation — hospitality laws require guest identity recording |
| Walk-in guest data collection by hotel staff | Legal obligation — hotels are legally required to record all guest identities |
| Sharing check-in records with law enforcement | Legal obligation — compliance with applicable law enforcement regulations under formal government authorization |
| Permanent storage of verification video | Legal claims defence — irrefutable proof of identity registration in case of fraud investigation or legal dispute |
| Fraud prevention and security | Legitimate interests — to protect our platform, hotels, and travelers from identity fraud |
| Tourism analytics | Legitimate interests — fully anonymized, aggregated data only, no personal data involved |
| Marketing communications | Consent — only where you have explicitly opted in |
We do not sell your personal data to any third party. Ever.
We share your data only in the following specific and controlled circumstances:
| Recipient | What They Receive | Why |
|---|---|---|
| Hotel Staff (Employees) | Masked identity only — first name, last initial, last 4 digits of document number, low-resolution watermarked face photo | To complete check-in verification. Staff never see full documents. |
| Hotel Owner / Manager | Full guest details — for their own hotel's guests only. Cannot see guests of other hotels. | Legal compliance and hotel operational management |
| Law Enforcement Authorities | Watermarked, timestamped PDF report — check-in record plus identity proof fetched from regional server. Restricted to their authorized geographic zone only. | Legal obligation under hospitality compliance laws. Requires formal government authorization. Every access is logged and audited. |
| Government Tourism Boards | Fully anonymized, aggregated statistics only. No personally identifiable information ever shared. | Tourism policy and planning intelligence |
| Trusted Technology Providers | Only what is technically necessary for platform operation (e.g., AWS cloud infrastructure, OCR engine) | Platform operation under strict data processing agreements and confidentiality obligations |
Travdigi uses a two-system split storage architecture designed for maximum security, compliance, and data sovereignty. Profile data and sensitive biometric files are stored in completely separate systems.
The following data for all users regardless of citizenship is stored in our primary encrypted database on AWS Mumbai region (ap-south-1):
Only identity documents, ID photos, and verification videos are stored in regional AWS S3 buckets based on the traveler's citizenship. This sensitive biometric data never leaves its designated regional server.
| Region | S3 Bucket Location | Serves | Applicable Law |
|---|---|---|---|
| India | AWS Mumbai ap-south-1 | Indian citizens | India DPDP Act 2023 |
| Europe + UK | AWS Frankfurt eu-central-1 | All EU, EEA and UK citizens | EU GDPR + UK GDPR + DPA 2018 |
| Asia Pacific | AWS Singapore ap-southeast-1 | Singapore and Southeast Asian citizens | Singapore PDPA + local laws |
| Oceania | AWS Sydney ap-southeast-2 | Australian, New Zealand and Pacific citizens | Australian Privacy Act 1988 |
| Africa | AWS Cape Town af-south-1 | All African citizens | POPIA + local laws |
| Americas | AWS N. Virginia us-east-1 | USA, Canada and Latin American citizens | US CCPA + PIPEDA + LGPD |
| China | AWS Singapore ap-southeast-1 | Chinese citizens only | China PIPL 2021 |
| Russia + CIS | AWS Frankfurt eu-central-1 | Russian and CIS citizens | Russia Federal Law 152-FZ |
| Israel + Middle East | AWS UAE me-central-1 | Israeli and GCC citizens | Israel Privacy Protection Law + UAE PDPL |
Hotels do not store any traveler identity data locally. Hotel systems contain only check-in and check-out timestamps and encrypted reference tokens. When a hotel generates a compliance report, traveler identity data is fetched in real time from the appropriate regional S3 bucket, combined with local timestamps, and delivered as a watermarked PDF. No identity data is retained locally by any hotel at any time after report generation.
All data — in database and in S3 — is encrypted using AES-256 encryption at rest and TLS 1.3 in transit. SSL pinning is implemented in all mobile apps to prevent man-in-the-middle attacks.
During registration, every user records a short live video (under 20 seconds) of themselves holding their government-issued ID. This video serves as irrefutable proof of identity registration.
| Aspect | Detail |
|---|---|
| Who reviews it | Travdigi authorized admin verification team only |
| AI processing | No — human review only |
| Watermark | Travdigi logo, exact timestamp of recording, and anonymized user reference ID permanently burned into every video at point of upload — cannot be removed without detection |
| Admin viewing | View-only mode — no download button, right-click disabled. A dynamic overlay showing the admin's name and a live timestamp moves across the screen during viewing. Every view is permanently logged with admin ID, timestamp, IP address, and duration |
| Shared with hotels | Never |
| Shared with authority or government | Never under any circumstances |
| Downloadable | Never — not downloadable by any party including Travdigi founders and employees |
| Retention period | Permanent — retained as legal evidence of identity registration |
| Storage location | Regional S3 bucket based on citizenship — AES-256 encrypted, access restricted |
| Deletable on request | No — exempt from erasure requests under legal claims defence provisions |
When a hotel requires a guest record for submission to authority, immigration, or other legal authorities — a compliance report can be generated through the Travdigi hotel portal.
Every compliance PDF contains:
Travdigi uses a multi-layer dynamic QR system for hotel check-in:
Travdigi enforces strict role-based access control (RBAC) at both application and infrastructure level. Every role sees only what they need — nothing more.
| Role | What They Can See | What They Cannot See |
|---|---|---|
| Traveler | Own profile, own complete check-in history across all hotels | Any other traveler's data |
| Hotel Staff / Employee | Masked guest details — first name, last initial, last 4 doc digits, low-res watermarked photo | Full documents, other hotels' guests, traveler history |
| Hotel Owner / Manager | Full guest details for their hotel's guests only | Guests of any other hotel, traveler history at other hotels |
| Authority Portal | Check-in records within their authorized zone only — city and state restricted | Data from other zones, states, or countries. Verification video. Never. |
| Tourism Board Portal | Fully anonymized, aggregated statistics only | Any personally identifiable information |
| Travdigi Admin | Traveler registration details submitted at time of registration only: name, email, phone number, uploaded identity documents, and verification video — for the sole purpose of identity verification approval or rejection. Hotel registration list. | Traveler check-in history, travel history, hotel guest data, authority portal data, or any data beyond registration submission details. |
| Travdigi Founder | Same as admin | Same as admin |
We implement the following security measures to protect your data:
In the event of a data breach that may affect your rights, we will notify affected users and relevant supervisory authorities within 72 hours as required by applicable law.
| Data Type | Retention Period | Reason |
|---|---|---|
| Active account profile data | Until account deactivation | Service delivery |
| Hotel check-in and check-out records | Minimum 5 years or as required by local hospitality law | Legal compliance — hospitality regulations |
| Identity verification video | Permanently | Legal claims defence — irrefutable identity proof |
| Identity documents and photos in S3 | Minimum 5 years or as required by local law | Legal compliance and fraud prevention |
| Walk-in guest records | Minimum 5 years or as required by local hospitality law | Hotel legal obligation |
| Law enforcement access logs | Minimum 7 years | Audit, accountability, and legal compliance |
| Admin verification decisions | Minimum 5 years | Audit trail and legal defence |
| Anonymized tourism analytics | Indefinitely | No personal data — no privacy impact |
You can request deactivation of your Travdigi account at any time through:
Upon deactivation:
When you check in at a Travdigi-enabled hotel without the Travdigi app, the hotel receptionist records your basic details using the Travdigi hotel portal for legal compliance purposes.
What is collected: Name, mobile number, email address, and a photo of your government-issued ID taken by hotel staff.
What happens:
Travdigi is intended for users aged 18 and above only. We do not create independent accounts for minors.
Children under 18 may travel as dependents under a verified adult's profile for family or group check-ins:
If you believe we have inadvertently collected data from a minor without appropriate parental authority, contact us immediately at hello@Travdigi.com and we will take prompt corrective action.
Depending on your jurisdiction, you have the following rights regarding your personal data:
| Right | Description | How to Exercise |
|---|---|---|
| Right to Access | Request a copy of your personal data held by Travdigi | Email hello@Travdigi.com |
| Right to Correction | Request correction of inaccurate personal data — subject to re-verification requirements | Profile settings in app or email us |
| Right to Account Deactivation | Request deactivation of your account and removal of active access | App → Delete Account or Travdigi.com/delete-account |
| Right to Portability | Request your personal data in a machine-readable format | Email hello@Travdigi.com |
| Right to Object | Object to processing based on legitimate interests for non-essential activities | Email hello@Travdigi.com |
| Right to Withdraw Consent | TravDigi sends transactional service emails only. We do not send marketing or promotional emails. | No unsubscribe option is provided as all emails are required service notifications for account security and legal compliance. |
We will acknowledge all rights requests within 24 hours of receipt and resolve them within 15 days as required under the Information Technology Rules 2021 and India DPDP Act 2023.
Travdigi is committed to full compliance in every market we enter. We expand our compliance framework progressively and deliberately:
TravDigi's traveler app is available globally from Day 1 — any traveler worldwide may download and register. Our compliance framework is built progressively as we actively enter each market. Active marketing and hotel onboarding is currently focused on India, Oceania, and small Asian markets. Travelers from all other countries who discover TravDigi organically are welcome and their data is handled in compliance with applicable regional laws as described in this policy. We update this policy as we enter new markets and as our regional compliance framework expands. Hotel operational data is currently stored on secured servers in India. Regional data storage for hotel operational data will be implemented in a future update.
Our website www.Travdigi.com uses essential cookies for basic functionality only. We do not use advertising, tracking, or third-party analytics cookies without your explicit consent.
You can manage cookie preferences through your browser settings at any time. Rejecting non-essential cookies will not affect your ability to use our core services.
We update this Privacy Policy as we expand to new markets, add new features, or when applicable laws change. When we make material changes:
We encourage you to review this policy periodically, especially when we announce entry into new international markets.
The Travdigi traveler app is available globally. We respect the data protection rights of users from every country. Your identity documents and verification video are stored on the regional server corresponding to your citizenship as described in Section 6. Below is our jurisdiction-specific framework:
EU and EEA residents are protected under the General Data Protection Regulation (GDPR). Your identity documents and verification video are stored exclusively on our Frankfurt, Germany server and are not transferred outside the EU under any circumstances. Our lawful basis for processing EU resident data is Article 6(1)(a) — explicit consent — and Article 9(2)(a) for biometric and identity data. EU residents have full GDPR rights including the right to erasure subject to legal retention obligations described in Section 12. Your supervisory authority is your local EU Data Protection Authority — full list at edpb.europa.eu
UK residents are protected under UK GDPR and the Data Protection Act 2018. Your identity documents and verification video are stored on our Frankfurt, Germany server. You have the same rights as EU residents described above. Your supervisory authority is the Information Commissioner's Office — ico.org.uk
US residents — including California residents under the California Consumer Privacy Act (CCPA) — have the following rights: right to know what personal data is collected, right to request deletion, right to opt out of sale of personal data, and right to non-discrimination. Travdigi does not sell personal data to any third party under any circumstances. US resident identity documents are stored on our US East server. Exercise your rights by contacting hello@Travdigi.com. For California residents — we do not share personal information for cross-context behavioral advertising.
Australian residents are protected under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). New Zealand residents are protected under the Privacy Act 2020. Your identity documents are stored on our Sydney, Australia server. Your supervisory authority is the Office of the Australian Information Commissioner — oaic.gov.au. New Zealand residents may contact the Office of the Privacy Commissioner — privacy.org.nz
Singapore residents are protected under the Personal Data Protection Act 2012 (PDPA). Thailand residents under the Thailand PDPA. Philippines residents under the Data Privacy Act 2012. Malaysia residents under the Personal Data Protection Act 2010. Indonesia residents under the Personal Data Protection Law (UU PDP). Identity documents for all Southeast Asian citizens are stored on our Singapore server. Singapore supervisory authority: Personal Data Protection Commission — pdpc.gov.sg
Chinese residents are protected under the Personal Information Protection Law (PIPL) 2021. Chinese citizen identity documents and verification videos are stored exclusively on AWS Singapore ap-southeast-1 Note: China PIPL requires data localisation within China. Full China PIPL compliance will be implemented when TravDigi actively enters the Chinese market. China supervisory authority: Cyberspace Administration of China — cac.gov.cn
Russian residents are protected under Federal Law 152-FZ on Personal Data. Russian citizen identity documents and verification videos are stored exclusively on AWS Frankfurt eu-central-1 as nearest available infrastructure. Full Russia Federal Law 152-FZ localisation compliance will be implemented when TravDigi actively enters the Russian market. CIS country residents are also stored on the Frankfurt server as the nearest regional infrastructure. Russia supervisory authority: Roskomnadzor — rkn.gov.ru
Israeli residents are protected under the Privacy Protection Law 5741-1981 and its regulations. Israeli citizen identity documents are stored on our AWS UAE me-central-1 server. Supervisory authority: Privacy Protection Authority — gov.il/en/departments/the_privacy_protection_authority
UAE residents are protected under the UAE Personal Data Protection Law (PDPL) Federal Decree-Law No. 45 of 2021. Saudi Arabia, Qatar, Kuwait, Bahrain and Oman residents are covered under their respective national frameworks. GCC citizen identity documents are stored on our AWS UAE me-central-1. UAE supervisory authority: UAE Data Office — uaedataoffice.ae
South African residents are protected under the Protection of Personal Information Act (POPIA) 2013. All African citizen identity documents are stored on our Cape Town, South Africa server. Bharath Keshava is appointed as Information Officer for South Africa purposes. Supervisory authority: Information Regulator — inforegulator.org.za
Canadian residents are protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. Canadian citizen identity documents are stored on our US East server as nearest available infrastructure. Dedicated Canadian infrastructure will be established at time of active Canada market entry. Supervisory authority: Office of the Privacy Commissioner of Canada — priv.gc.ca
Japanese residents are protected under the Act on Protection of Personal Information (APPI). South Korean residents under the Personal Information Protection Act (PIPA). Identity documents for both are stored on our Singapore server as nearest available infrastructure. Dedicated infrastructure will be established at time of active East Asia market entry.
Brazilian residents are protected under the Lei Geral de Proteção de Dados (LGPD). Other Latin American residents are covered under applicable national laws. Identity documents are stored on our US East server as nearest available infrastructure. Dedicated Latin American infrastructure planned for regional market entry.
For residents of all countries not specifically named above — Travdigi applies the core international principles of data minimization, purpose limitation, security, transparency, and user rights as defined throughout this policy. Your identity documents are stored on the nearest available regional server. You have the right to access, correct, and request deactivation of your account regardless of your jurisdiction. Contact hello@Travdigi.com for any data rights request. We respond to all requests within 30 days.
"In accordance with the Information Technology Act 2000, India DPDP Act 2023, EU GDPR, and applicable international data protection regulations, Travdigi has appointed a designated officer responsible for all privacy-related complaints, data rights requests, and regulatory communications.
This officer serves as:
All complaints and data rights requests are acknowledged within 24 hours and resolved within 15 days of receipt as required under Rule 3(2) of the Information Technology Rules 2021. If you are not satisfied with our response, you have the right to approach the relevant supervisory authority in your jurisdiction.