Last Updated: May 2026 | This policy is reviewed every 6 months and updated whenever we add new features or enter new markets.
Travdigi OPC Private Limited ("Travdigi", "we", "our", "us") is committed to protecting your privacy and personal data. This Privacy Policy explains in full detail how we collect, use, store, protect, and share your information when you use the Travdigi mobile application, hotel portal, admin portal, and all associated services — whether you are a registered traveler, a walk-in hotel guest, a hotel operator, or a visitor to our website.
The Travdigi traveler app is available globally — any traveler worldwide may download and use it. The hotel portal is currently restricted to our focus markets. Marketing is currently focused on India, Asia, Oceania, Africa and Caribbean markets. EU and other international users who discover Travdigi organically are welcome and their data is handled in full compliance with applicable regional laws as described in this policy.
This policy is designed to comply with the India Digital Personal Data Protection Act (DPDP) 2023, the Information Technology Act 2000, and the principles of major international data protection frameworks including the EU GDPR, UK GDPR, US CCPA, UAE PDPL, Singapore PDPA, Australian Privacy Act, Russia Federal Law 152-FZ, China PIPL, South Africa POPIA, and Israel Privacy Protection Law. All legal documents are maintained in English only. For assistance in your language please contact hello@Travdigi.com
Travdigi OPC Private Limited is the Data Controller responsible for your personal data. We operate a verified digital identity platform that enables instant hotel check-ins worldwide, replacing traditional paper-based guest registers with a secure, encrypted, legally compliant digital system.
This policy applies to:
- Registered Travelers — users who have created a Travdigi account and completed identity verification through our app
- Walk-In Guests — individuals who check in at a Travdigi-enabled hotel without a pre-registered account, whose details are collected by hotel staff
- Hotel Operators & Staff — hotels, guesthouses, and accommodation providers registered on the Travdigi hotel portal
- Website Visitors — individuals visiting www.Travdigi.com
Note on International Expansion: Travdigi is currently focused on the Indian market. We are building our compliance framework progressively as we expand internationally. Our architecture is designed to meet international standards from day one, and we update this policy as we enter new markets.
REGISTERED TRAVELERS
- Identity Data: Full name, date of birth, nationality, gender
- Contact Data: Email address, phone number — these are permanently locked after registration and cannot be changed
- Document Data: Government-issued ID (passport, national ID, or driving license), visa details, MRZ data — stored in regional S3 storage based on citizenship
- Verification Media: Live video recording (under 20 seconds) of user holding their ID, face photo — stored in regional S3 storage, never downloadable
- Travel Data: Check-in history, hotel visits, timestamps — visible only to the traveler themselves
- Family / Group Data: Names and documents of dependents (children under 18) added under an adult profile
- Device Data: Device type, operating system, app version for technical support purposes
WALK-IN GUESTS
- Basic Identity: Name, mobile number, email address
- Document Photo: Photo of government-issued ID captured by hotel staff
- Check-In Record: Hotel name, check-in date and time, check-out date and time
Walk-In Guest Notice: If you checked in at a Travdigi-enabled hotel without the app, your basic details were recorded by hotel staff for legal compliance purposes. You will receive an email notification informing you of this and offering you the option to activate a full Travdigi account for future instant check-ins.
HOTEL OPERATORS
- Business name, address, registration details, branch information
- Staff account details, roles, and access permissions
- Check-in and check-out records for their guests only
- Compliance report generation history and audit logs
We process your personal data on the following lawful bases:
| Processing Activity |
Lawful Basis |
| Account creation and identity verification |
Performance of contract — to provide the service you requested |
| Hotel check-in and digital register generation |
Legal obligation — hospitality laws require guest identity recording |
| Walk-in guest data collection by hotel staff |
Legal obligation — hotels are legally required to record all guest identities |
| Sharing check-in records with law enforcement |
Legal obligation — compliance with applicable law enforcement regulations under formal government authorization |
| Permanent storage of verification video |
Legal claims defence — irrefutable proof of identity registration in case of fraud investigation or legal dispute |
| Fraud prevention and security |
Legitimate interests — to protect our platform, hotels, and travelers from identity fraud |
| Tourism analytics |
Legitimate interests — fully anonymized, aggregated data only, no personal data involved |
| Marketing communications |
Consent — only where you have explicitly opted in |
Important: We primarily rely on Legal Obligation as our lawful basis for hotel check-in data processing — not consent. This means check-in records cannot be deleted on request as they serve a legally mandated compliance function. This is consistent with hotel and hospitality industry practice and law worldwide.
- Enable instant hotel check-in using a dynamic, encrypted QR code
- Verify traveler identity through AI document scanning and human admin review
- Generate legally compliant digital guest registers replacing paper registers
- Create and manage your Travdigi profile and personal travel history
- Send check-in confirmation and security alert emails for every check-in event
- Provide hotels with masked, watermarked guest details for operational compliance
- Generate on-demand watermarked timestamped PDF compliance reports for hotels
- Support authorized law enforcement access to check-in records under formal government authorization
- Generate anonymized tourism statistics for government tourism boards
- Prevent identity fraud through multi-layer verification and human review
- Comply with legal and regulatory requirements across all jurisdictions we operate in
- Improve app functionality, security, and user experience
Check-In Security Email: Every time you check in at a Travdigi-enabled hotel — whether via app QR or as a walk-in guest — you will receive an automated email confirming the hotel name, check-in date and time. If you did not initiate this check-in, contact us immediately at hello@Travdigi.com. This is both a legal notice and an identity protection measure.
We do not sell your personal data to any third party. Ever.
We share your data only in the following specific and controlled circumstances:
| Recipient |
What They Receive |
Why |
| Hotel Staff (Employees) |
Masked identity only — first name, last initial, last 4 digits of document number, low-resolution watermarked face photo |
To complete check-in verification. Staff never see full documents. |
| Hotel Owner / Manager |
Full guest details — for their own hotel's guests only. Cannot see guests of other hotels. |
Legal compliance and hotel operational management |
| Law Enforcement Authorities |
Watermarked, timestamped PDF report — check-in record plus identity proof fetched from regional server. Restricted to their authorized geographic zone only. |
Legal obligation under hospitality compliance laws. Requires formal government authorization. Every access is logged and audited. |
| Government Tourism Boards |
Fully anonymized, aggregated statistics only. No personally identifiable information ever shared. |
Tourism policy and planning intelligence |
| Trusted Technology Providers |
Only what is technically necessary for platform operation (e.g., AWS cloud infrastructure, OCR engine) |
Platform operation under strict data processing agreements and confidentiality obligations |
Authority Portal Access: Travdigi operates a dedicated law enforcement portal subject to formal government authorization obtained before any law enforcement access is activated. Authorized officers can only access check-in data within their designated geographic zone — city and state restricted. No officer can access data from another zone, city, or state. No cross-border access exists. Every access request is timestamped, logged, and permanently audited. Travdigi does not proactively share data with authorities — access occurs only under lawful government authorization and formal process.
Travdigi Admin Access: Travdigi administrators — including the founders — do not have access to traveler check-in history across hotels. Admin access is limited to the traveler verification queue and hotel registration list only. A traveler's check-in history across all hotels is visible exclusively to the traveler themselves. This restriction is enforced at both application and infrastructure level — not merely by policy.
No Cross-Hotel Visibility: Each hotel can only see check-in records for their own guests. No hotel can see the guests of any other hotel. No party — including Travdigi — can see a traveler's complete history across multiple hotels except the traveler themselves.
Travdigi uses a two-system split storage architecture designed for maximum security, compliance, and data sovereignty. Profile data and sensitive biometric files are stored in completely separate systems.
SYSTEM 1 — MAIN DATABASE — AWS Mumbai — ALL USERS
The following data for all users regardless of citizenship is stored in our primary encrypted database on AWS Mumbai region (ap-south-1):
- Full name, email address, phone number, date of birth
- Account status, login credentials (hashed)
- Check-in and check-out timestamps
- QR tokens and session data
- Audit logs and access records
Why one central database: Profile and account data is managed centrally to enable instant global check-in. This data alone — without the corresponding identity documents — cannot be used to verify or impersonate any traveler. The two systems are intentionally separate for this security reason.
SYSTEM 2 — REGIONAL S3 — IDENTITY DOCUMENTS & VIDEOS ONLY — BY CITIZENSHIP
Only identity documents, ID photos, and verification videos are stored in regional AWS S3 buckets based on the traveler's citizenship. This sensitive biometric data never leaves its designated regional server.
| Region |
S3 Bucket Location |
Serves |
Applicable Law |
| India |
AWS Mumbai ap-south-1 |
Indian citizens |
India DPDP Act 2023 |
| Europe + UK |
AWS Frankfurt eu-central-1 |
All EU, EEA and UK citizens |
EU GDPR + UK GDPR + DPA 2018 |
| Asia Pacific |
AWS Singapore ap-southeast-1 |
Singapore and Southeast Asian citizens |
Singapore PDPA + local laws |
| Oceania |
AWS Sydney ap-southeast-2 |
Australian, New Zealand and Pacific citizens |
Australian Privacy Act 1988 |
| Africa |
AWS Cape Town af-south-1 |
All African citizens |
POPIA + local laws |
| Americas |
AWS N. Virginia us-east-1 |
USA, Canada and Latin American citizens |
US CCPA + PIPEDA + LGPD |
| China |
AWS China Beijing |
Chinese citizens only |
China PIPL 2021 |
| Russia + CIS |
AWS Russia |
Russian and CIS citizens |
Russia Federal Law 152-FZ |
| Israel + Middle East |
AWS Bahrain me-south-1 |
Israeli and GCC citizens |
Israel Privacy Protection Law + UAE PDPL |
Citizenship-Based Routing: When a traveler registers on Travdigi — their identity documents and verification video are automatically routed to the S3 bucket corresponding to their nationality — not their physical location. A Russian traveler registering in India will have their documents stored on the Russia S3 server. Their profile data is stored on the Mumbai main database like all users.
Security Architecture Benefit: By separating profile data from biometric files into two completely independent systems — a breach of one system cannot compromise the other. Identity documents without profile data are useless for impersonation. Profile data without biometric documents cannot be used for identity fraud. Two independent breach events would be required to compromise both — an exceptionally strong security design.
ZERO LOCAL STORAGE AT HOTELS
Hotels do not store any traveler identity data locally. Hotel systems contain only check-in and check-out timestamps and encrypted reference tokens. When a hotel generates a compliance report, traveler identity data is fetched in real time from the appropriate regional S3 bucket, combined with local timestamps, and delivered as a watermarked PDF. No identity data is retained locally by any hotel at any time after report generation.
All data — in database and in S3 — is encrypted using AES-256 encryption at rest and TLS 1.3 in transit. SSL pinning is implemented in all mobile apps to prevent man-in-the-middle attacks.
During registration, every user records a short live video (under 20 seconds) of themselves holding their government-issued ID. This video serves as irrefutable proof of identity registration.
How it is used: The video is reviewed solely by Travdigi's authorized human verification team to confirm the person matches their ID document. It is not processed by automated facial recognition systems. It is not shared with hotels, authority, government, or any third party under any circumstances.
| Aspect |
Detail |
| Who reviews it |
Travdigi authorized admin verification team only |
| AI processing |
No — human review only |
| Watermark |
Travdigi logo, exact timestamp of recording, and anonymized user reference ID permanently burned into every video at point of upload — cannot be removed without detection |
| Admin viewing |
View-only mode — no download button, right-click disabled. A dynamic overlay showing the admin's name and a live timestamp moves across the screen during viewing. Every view is permanently logged with admin ID, timestamp, IP address, and duration |
| Shared with hotels |
Never |
| Shared with authority or government |
Never under any circumstances |
| Downloadable |
Never — not downloadable by any party including Travdigi founders and employees |
| Retention period |
Permanent — retained as legal evidence of identity registration |
| Storage location |
Regional S3 bucket based on citizenship — AES-256 encrypted, access restricted |
| Deletable on request |
No — exempt from erasure requests under legal claims defence provisions |
Why permanently retained: The verification video is the only irrefutable proof that the person who registered is the same person shown in the identity document. In cases of identity fraud, criminal investigation, or legal dispute — this video is critical evidence. Permanent retention is justified under legal claims defence provisions of applicable data protection laws. This is consistent with practices of banks, fintechs, and regulated identity platforms worldwide.
When a hotel requires a guest record for submission to authority, immigration, or other legal authorities — a compliance report can be generated through the Travdigi hotel portal.
How report generation works: The system fetches identity data in real time from the traveler's home country regional S3 bucket. This is combined with the hotel's local check-in and check-out timestamps. A PDF is automatically generated and delivered to the hotel. No pre-generated reports are stored. Reports are created on demand only.
Every compliance PDF contains:
- Traveler identity proof — fetched from regional server at time of generation
- Check-in date, time, and location
- Check-out date and time
- Travdigi watermark on every page — tamper-proof
- Timestamp of report generation — cannot be backdated
- Digital audit reference number — traceable in Travdigi system
PDF Security: All reports are delivered in PDF format only — never in editable formats. The watermark and timestamp make any tampering immediately identifiable. Reports are court-admissible documentation with a verifiable chain of custody. Every report generation is logged with the staff member who requested it, the timestamp, and the reason.
Travdigi uses a multi-layer dynamic QR system for hotel check-in:
- Rotates every 60 seconds — a screenshot of a QR code is useless within 60 seconds
- Single-use only — each QR code can be scanned exactly once. Duplicate scans are rejected automatically
- Contains no personal data — the QR contains only an encrypted short-lived token. No name, no document number, no personal information is embedded in the QR itself
- Token signed using HMAC-SHA256 — cryptographically secure and verifiable
- Offline capable — if a QR is loaded and the traveler loses connectivity, the loaded QR remains valid for that session. The hotel requires internet connectivity to complete the scan verification
- Role-based visibility at scan — when a hotel
scans the QR, staff accounts see masked identity
details and owner accounts see full identity
details during the active check-in session only.
Once check-in is confirmed — all identity details
are immediately cleared from the hotel app screen.
- Documents accessible only on report generation —
after check-in, identity documents are not
browsable by any hotel staff or owner. They are
accessible only when an authorised hotel owner
generates an official compliance PDF report.
- Optional arrival and destination fields — hotel
staff may optionally record the traveler's point
of arrival and intended next destination at
check-in. These fields are optional but
recommended.
- Immediately deactivated on account deletion or suspension
Travdigi enforces strict role-based access control (RBAC) at both application and infrastructure level. Every role sees only what they need — nothing more.
| Role |
What They Can See |
What They Cannot See |
| Traveler |
Own profile, own complete check-in history across all hotels |
Any other traveler's data |
| Hotel Staff / Employee |
Masked guest details — first name, last initial, last 4 doc digits, low-res watermarked photo |
Full documents, other hotels' guests, traveler history |
| Hotel Owner / Manager |
Full guest details for their hotel's guests only |
Guests of any other hotel, traveler history at other hotels |
| Authority Portal |
Check-in records within their authorized zone only — city and state restricted |
Data from other zones, states, or countries. Verification video. Never. |
| Tourism Board Portal |
Fully anonymized, aggregated statistics only |
Any personally identifiable information |
| Travdigi Admin |
Traveler registration details
submitted at time of registration only: name,
email, phone number, uploaded identity documents,
and verification video — for the sole purpose
of identity verification approval or rejection.
Hotel registration list. |
Traveler check-in history,
travel history, hotel guest data, authority
portal data, or any data beyond registration
submission details. |
| Travdigi Founder |
Same as admin |
Same as admin |
We implement the following security measures to protect your data:
- AES-256 encryption for all data stored at rest in database and S3
- TLS 1.3 encryption for all data in transit between app, server, and portals
- SSL pinning in all mobile apps — prevents man-in-the-middle attacks
- AWS VPC — database not directly accessible from the public internet
- AWS KMS — encryption key management separate from encrypted data
- AWS CloudTrail — every API call, database access, and admin action is logged
- Dynamic single-use QR — rotating every 60 seconds, usable exactly once
- Zero local storage at hotels — no identity data stored at hotel level
- Non-downloadable verification video — viewable only within secured admin panel
- Immutable identity anchors — name and email locked permanently after registration
- Re-verification required for any profile change — QR suspended until admin re-approves
- 24-hour human verification — two shifts ensure all verifications completed within hours
- Complete audit trails — every access event logged with who, when, what, and why
- Separate infrastructure — website, email, and app servers are on separate systems
In the event of a data breach that may affect your rights, we will notify affected users and relevant supervisory authorities within 72 hours as required by applicable law.
| Data Type |
Retention Period |
Reason |
| Active account profile data |
Until account deactivation |
Service delivery |
| Hotel check-in and check-out records |
Minimum 5 years or as required by local hospitality law |
Legal compliance — hospitality regulations |
| Identity verification video |
Permanently |
Legal claims defence — irrefutable identity proof |
| Identity documents and photos in S3 |
Minimum 5 years or as required by local law |
Legal compliance and fraud prevention |
| Walk-in guest records |
Minimum 5 years or as required by local hospitality law |
Hotel legal obligation |
| Law enforcement access logs |
Minimum 7 years |
Audit, accountability, and legal compliance |
| Admin verification decisions |
Minimum 5 years |
Audit trail and legal defence |
| Anonymized tourism analytics |
Indefinitely |
No personal data — no privacy impact |
Why data is retained after account deactivation: When you deactivate your Travdigi account, your profile and login access are disabled. However, check-in records, identity documents, and verification media are retained as required by hospitality compliance laws and for legal claims defence. This is the same reason banks retain transaction records after account closure. Your data will never be used for any active commercial purpose after deactivation.
You can request deactivation of your Travdigi account at any time through:
Upon deactivation:
- Your profile, login credentials, and active account access will be permanently disabled within 30 days
- Your dynamic QR code will be immediately deactivated — unusable for any future check-in
- Your account will appear as inactive — not visible to any hotel or authority
- Check-in history, identity documents, and verification media will be retained as described in Section 12
- Retained data will never be used for any active commercial or operational purpose
- You will receive a confirmation email when deactivation is complete
Why we say "deactivation" not "deletion": Complete deletion of all records is not possible because hotel guest records are a legal requirement under hospitality laws. Deactivation removes all active access and visibility while preserving compliance records as required by law. This is transparent, honest, and legally correct.
When you check in at a Travdigi-enabled hotel without the Travdigi app, the hotel receptionist records your basic details using the Travdigi hotel portal for legal compliance purposes.
What is collected: Name, mobile number, email address, and a photo of your government-issued ID taken by hotel staff.
What happens:
- At the point of check-in, the receptionist will inform you that your details are being recorded digitally on Travdigi for compliance purposes
- You will receive a confirmation email at the address you provided, confirming your check-in details and hotel name
- A Travdigi profile is created linked to your email address
- You will be invited to activate this profile by setting a password — enabling instant QR check-ins at future hotel visits
- If you choose not to activate, your walk-in record remains for legal compliance purposes only and will not be used for any other purpose
- The confirmation email includes an unsubscribe option. If you unsubscribe, no further emails will be sent to you from Travdigi. Your check-in record is maintained regardless of whether you receive or open this email — it fulfills a legal compliance obligation not dependent on your consent or acknowledgment
Lawful basis for walk-in data: Walk-in guest data is collected under legal obligation — hotels are required by law to record all guest identities. The hotel is the data collector acting under their legal duty. Travdigi is the data processor providing the compliant digital platform. This does not require individual consent as the legal obligation basis overrides the consent requirement for this specific processing activity.
Did not check in? If you receive a Travdigi check-in notification for a stay you did not make — contact us immediately at hello@Travdigi.com. This may indicate attempted identity fraud and we will investigate and notify relevant authorities promptly.
Travdigi is intended for users aged 18 and above only. We do not create independent accounts for minors.
Children under 18 may travel as dependents under a verified adult's profile for family or group check-ins:
- Children are added as sub-profiles under a verified adult account
- The adult account holder is the responsible party for dependent data
- No separate account, independent KYC, or direct data collection occurs for children
- Child profiles are managed entirely through and linked to the adult account
- When an adult account is deactivated, associated child profiles are also deactivated
If you believe we have inadvertently collected data from a minor without appropriate parental authority, contact us immediately at hello@Travdigi.com and we will take prompt corrective action.
Depending on your jurisdiction, you have the following rights regarding your personal data:
| Right |
Description |
How to Exercise |
| Right to Access |
Request a copy of your personal data held by Travdigi |
Email hello@Travdigi.com |
| Right to Correction |
Request correction of inaccurate personal data — subject to re-verification requirements |
Profile settings in app or email us |
| Right to Account Deactivation |
Request deactivation of your account and removal of active access |
App → Delete Account or Travdigi.com/delete-account |
| Right to Portability |
Request your personal data in a machine-readable format |
Email hello@Travdigi.com |
| Right to Object |
Object to processing based on legitimate interests for non-essential activities |
Email hello@Travdigi.com |
| Right to Withdraw Consent |
Withdraw consent for marketing communications at any time |
Unsubscribe link in any email or app notification settings |
Limitation on Deletion Rights: The right to complete deletion of all data does not apply to check-in records, identity verification media, and compliance documentation retained under legal obligation or for legal claims defence. We will always clearly inform you what has been deactivated and what has been retained, and the legal reason for retention.
We will acknowledge all rights requests within 24 hours of receipt and resolve them within 15 days as required under the Information Technology Rules 2021 and India DPDP Act 2023.
Travdigi is committed to full compliance in every market we enter. We expand our compliance framework progressively and deliberately:
India — Live at Launch
Fully compliant with India DPDP Act 2023 and IT Act 2000. Main database on AWS Mumbai. Indian citizen documents on India S3 bucket. Grievance officer appointed.
Oceania & Small Asia — Year 1
Australia, New Zealand, Pacific Islands, Maldives, Nepal, Sri Lanka. Compliance additions being built progressively. Australian documents on Sydney S3 bucket. Singapore S3 for Asian citizens.
GCC / Middle East — Year 2
UAE, Saudi Arabia, Qatar. UAE PDPL compliance. Dedicated GCC regional server. Formal government authorizations obtained before launch in each country.
Europe — Year 2-3
Full GDPR compliance including DPIA for verification media processing. EU Representative appointed. European citizen documents already on Germany S3 bucket. Formal GDPR legal review completed before EU market entry.
Americas & East Asia — Year 3+
Brazil LGPD, Canada PIPEDA, US state laws, Japan APPI, South Korea PIPA. Full compliance review for each market before entry.
Our website www.Travdigi.com uses essential cookies for basic functionality only. We do not use advertising, tracking, or third-party analytics cookies without your explicit consent.
- Essential cookies: Required for the website to function correctly. Cannot be disabled.
- Analytics cookies: Used only with your explicit consent to understand website usage patterns and improve our service.
You can manage cookie preferences through your browser settings at any time. Rejecting non-essential cookies will not affect your ability to use our core services.
We update this Privacy Policy as we expand to new markets, add new features, or when applicable laws change. When we make material changes:
- We will update the Effective Date at the top of this policy
- "We will notify registered users of significant changes to this policy in advance through app notifications or email. Minor updates will be reflected in the Last Updated date. Continued use of Travdigi after any update constitutes acceptance."
- We will maintain a version history of this policy available on request
- Continued use of Travdigi after the effective date of changes constitutes acceptance of the updated policy
We encourage you to review this policy periodically, especially when we announce entry into new international markets.
Language: All Travdigi legal documents including this Privacy Policy, Hotel Privacy Policy, and Terms and Conditions are maintained in English only. English is the internationally recognized language for legal documents. For assistance understanding this policy in your language, please contact hello@Travdigi.com
The Travdigi traveler app is available globally. We respect the data protection rights of users from every country. Your identity documents and verification video are stored on the regional server corresponding to your citizenship as described in Section 6. Below is our jurisdiction-specific framework:
EUROPEAN UNION & EUROPEAN ECONOMIC AREA
EU and EEA residents are protected under the General Data Protection Regulation (GDPR). Your identity documents and verification video are stored exclusively on our Frankfurt, Germany server and are not transferred outside the EU under any circumstances. Our lawful basis for processing EU resident data is Article 6(1)(a) — explicit consent — and Article 9(2)(a) for biometric and identity data. EU residents have full GDPR rights including the right to erasure subject to legal retention obligations described in Section 12. Your supervisory authority is your local EU Data Protection Authority — full list at edpb.europa.eu
UNITED KINGDOM
UK residents are protected under UK GDPR and the Data Protection Act 2018. Your identity documents and verification video are stored on our Frankfurt, Germany server. You have the same rights as EU residents described above. Your supervisory authority is the Information Commissioner's Office — ico.org.uk
UNITED STATES
US residents — including California residents under the California Consumer Privacy Act (CCPA) — have the following rights: right to know what personal data is collected, right to request deletion, right to opt out of sale of personal data, and right to non-discrimination. Travdigi does not sell personal data to any third party under any circumstances. US resident identity documents are stored on our US East server. Exercise your rights by contacting hello@Travdigi.com. For California residents — we do not share personal information for cross-context behavioral advertising.
AUSTRALIA & NEW ZEALAND
Australian residents are protected under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). New Zealand residents are protected under the Privacy Act 2020. Your identity documents are stored on our Sydney, Australia server. Your supervisory authority is the Office of the Australian Information Commissioner — oaic.gov.au. New Zealand residents may contact the Office of the Privacy Commissioner — privacy.org.nz
SINGAPORE & SOUTHEAST ASIA
Singapore residents are protected under the Personal Data Protection Act 2012 (PDPA). Thailand residents under the Thailand PDPA. Philippines residents under the Data Privacy Act 2012. Malaysia residents under the Personal Data Protection Act 2010. Indonesia residents under the Personal Data Protection Law (UU PDP). Identity documents for all Southeast Asian citizens are stored on our Singapore server. Singapore supervisory authority: Personal Data Protection Commission — pdpc.gov.sg
CHINA
Chinese residents are protected under the Personal Information Protection Law (PIPL) 2021. Chinese citizen identity documents and verification videos are stored exclusively on AWS China servers and are never transferred outside China under any circumstances. This is a strict technical and policy requirement. China supervisory authority: Cyberspace Administration of China — cac.gov.cn
RUSSIA & CIS COUNTRIES
Russian residents are protected under Federal Law 152-FZ on Personal Data. Russian citizen identity documents and verification videos are stored exclusively on AWS Russia servers and are never transferred outside Russia. This complies with Russia's strict data localization requirements. CIS country residents are also stored on the Russia server as the nearest regional infrastructure. Russia supervisory authority: Roskomnadzor — rkn.gov.ru
ISRAEL
Israeli residents are protected under the Privacy Protection Law 5741-1981 and its regulations. Israeli citizen identity documents are stored on our Bahrain, Middle East server. Supervisory authority: Privacy Protection Authority — gov.il/en/departments/the_privacy_protection_authority
UNITED ARAB EMIRATES & GCC
UAE residents are protected under the UAE Personal Data Protection Law (PDPL) Federal Decree-Law No. 45 of 2021. Saudi Arabia, Qatar, Kuwait, Bahrain and Oman residents are covered under their respective national frameworks. GCC citizen identity documents are stored on our Bahrain, Middle East server. UAE supervisory authority: UAE Data Office — uaedataoffice.ae
SOUTH AFRICA & AFRICA
South African residents are protected under the Protection of Personal Information Act (POPIA) 2013. All African citizen identity documents are stored on our Cape Town, South Africa server. Bharath Keshava is appointed as Information Officer for South Africa purposes. Supervisory authority: Information Regulator — inforegulator.org.za
CANADA
Canadian residents are protected under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws. Canadian citizen identity documents are stored on our US East server as nearest available infrastructure. Dedicated Canadian infrastructure will be established at time of active Canada market entry. Supervisory authority: Office of the Privacy Commissioner of Canada — priv.gc.ca
JAPAN & SOUTH KOREA
Japanese residents are protected under the Act on Protection of Personal Information (APPI). South Korean residents under the Personal Information Protection Act (PIPA). Identity documents for both are stored on our Singapore server as nearest available infrastructure. Dedicated infrastructure will be established at time of active East Asia market entry.
BRAZIL & LATIN AMERICA
Brazilian residents are protected under the Lei Geral de Proteção de Dados (LGPD). Other Latin American residents are covered under applicable national laws. Identity documents are stored on our US East server as nearest available infrastructure. Dedicated Latin American infrastructure planned for regional market entry.
ALL OTHER COUNTRIES
For residents of all countries not specifically named above — Travdigi applies the core international principles of data minimization, purpose limitation, security, transparency, and user rights as defined throughout this policy. Your identity documents are stored on the nearest available regional server. You have the right to access, correct, and request deactivation of your account regardless of your jurisdiction. Contact hello@Travdigi.com for any data rights request. We respond to all requests within 30 days.
Universal Commitment: Regardless of your country or jurisdiction — Travdigi will never sell your personal data, never share your identity documents with unauthorized parties, and will always respond to your data rights requests. Your privacy is not dependent on your geography.
"In accordance with the Information Technology Act 2000, India DPDP Act 2023, EU GDPR, and applicable international data protection regulations, Travdigi has appointed a designated officer responsible for all privacy-related complaints, data rights requests, and regulatory communications.
This officer serves as:
- Grievance Officer under India IT Rules 2021 and DPDP Act 2023
- Data Protection Officer under EU GDPR
- Information Officer under South Africa POPIA
- Point of contact for all international data protection authorities
All complaints and data rights requests are acknowledged within 24 hours and resolved within 15 days of receipt as required under Rule 3(2) of the Information Technology Rules 2021. If you are not satisfied with our response, you have the right to approach the relevant supervisory authority in your jurisdiction.
India: Data Protection Board of India (once operational under DPDP Act 2023)
European Union: Your local EU Data Protection Authority — full list at edpb.europa.eu
UAE: UAE Data Office — uaedataoffice.ae
Australia: Office of the Australian Information Commissioner — oaic.gov.au
Singapore: Personal Data Protection Commission — pdpc.gov.sg