REMTRIP – PRIVACY POLICY

Last Updated: 06-12-2025

 

This Privacy Policy explains how Remitrip Private Limited, a company incorporated in India with its registered office at 3rd Floor, AMV Park, NH 47 Bypass, Kundannoor, Maradu – 682304, Kerala (“Remitrip”, “we”, “us”, “our”), collects, uses, stores, processes, protects, and shares personal information when you use the Remitrip mobile application (“App”), website www.remitrip.com (“Website”), or other services we operate (“Services”).

 

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must discontinue using the App or Website.

 

This Policy complies with:

- Information Technology Act, 2000

- Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”)

- CERT-In Cybersecurity Directions (2022)

- Digital Personal Data Protection Act, 2023 (“DPDP Act”), to the extent applicable

- IRCTC Partner Guidelines

- Industry standards followed by leading train and travel platforms

 

1. DEFINITIONS

 

For the purpose of this Policy:

 

“Personal Information” means any information relating to an identified or identifiable individual, including name, age, gender, address, email, phone number, IRCTC user ID, travel preferences, and identification information.

 

“Sensitive Personal Data or Information (SPDI)” includes passwords, financial information (such as bank account or card details), biometric information, and any other data defined under the SPDI Rules.

 

“Processing” means any operation performed on data, including collection, recording, storage, organization, use, analysis, adaptation, alteration, transfer, disclosure, or deletion.

 

“User” or “You” means any person who accesses or uses the Services offered by Remitrip.

 

“Third-Party Service Providers” means third-party entities engaged by Remitrip to support hosting, payment processing, SMS and email communication, analytics, customer support, fraud detection, and related services.

 

2. INFORMATION WE COLLECT

 

We collect and process information to operate our Services effectively, comply with IRCTC requirements, and provide you with a secure and reliable experience.

 

2.1 Information You Provide Directly

 

You may provide information to us when you:

- Register or log in through the App or Website.

- Enter passenger details for ticket booking (such as name, age, gender, berth preference, and contact details).

- Provide your mobile number and email address for OTP verification, alerts, and communication.

- Log in using your IRCTC user ID and password (which are transmitted securely to IRCTC and not stored by Remitrip).

- Update your user profile or preferences within the App or Website.

- Contact our customer support via phone, email, chat, or in-app messages.

- Respond to surveys, feedback forms, or participate in promotions, contests, or referral programs.

 

We do not store your IRCTC password in our systems. It is used only for secure transmission to IRCTC for processing your booking requests.

 

2.2 Information Collected Automatically

 

When you use the App or Website, we automatically collect certain technical and usage information, including:

- Device details such as device type, hardware model, operating system and version, unique device identifiers.

- Network and connection information such as IP address, telecom operator, approximate location derived from IP or network data.

- App usage data such as screens visited, features used, time spent, clicks, and navigation patterns.

- Log and diagnostic information such as crash reports, performance metrics, error logs.

- Cookies, tags, pixels, and similar technologies used to maintain sessions, remember preferences, and personalize content.

 

This information helps us improve performance, enhance security, understand user behavior, and resolve technical issues.

 

2.3 Payment and Transaction Information

 

When you make payments using our Services, payments are processed through RBI-compliant payment gateways and partners (such as PayU or any similar provider). We may receive limited payment-related information such as:

- Transaction or reference ID.

- Payment method type (e.g., UPI, card, net banking), with only masked card or account information.

- Payment status (success, failure, pending).

- Refund details and settlement confirmations.

- Time and date of transaction.

 

We do not collect or store full card numbers, CVV, PIN, or net banking passwords. All such sensitive financial information is handled exclusively by PCI-DSS compliant payment gateways.

 

3. LEGAL BASES FOR PROCESSING

 

We process your personal information under the following legal bases, as applicable:

 

- Performance of Contract: To process your train ticket bookings, cancellations, modifications, and related services through IRCTC.

- Legal Obligation: To comply with applicable laws, regulations, IRCTC guidelines, tax and audit requirements, and law enforcement directions.

- Legitimate Interests: To prevent fraud, ensure network and information security, improve our Services, perform analytics, and enhance the user experience in a manner that does not override your fundamental rights.

- Consent: For sending marketing communications, promotional messages, and for any processing that is not strictly necessary for providing the Services or fulfilling a legal obligation.

 

You may withdraw your consent at any time for consent-based processing, without affecting the lawfulness of processing carried out prior to such withdrawal.

 

4. PURPOSE OF PROCESSING

 

We use the information we collect for the following purposes:

 

- Ticket Booking and Travel Services: To process ticket bookings, cancellations, modifications, PNR generation, seat allocation, and other train-related services through IRCTC.

- Communication and Alerts: To send booking confirmations, PNR updates, journey alerts, refund notifications, service updates, and security alerts via SMS, email, or in-app notifications.

- Payment Processing: To facilitate secure payments, verify payment status, generate invoices, process refunds, and carry out reconciliation with payment gateways and banks.

- Customer Support: To respond to your queries, resolve complaints, troubleshoot problems, and provide assistance related to bookings or the App.

- Security and Fraud Prevention: To monitor transactions and usage for suspicious activity, detect and prevent fraud, abuse, unauthorized access, or other harmful activities.

- App Improvement and Analytics: To understand how users interact with our Services, improve features, optimize performance, and enhance user experience using aggregated and anonymized analytics.

- Legal and Regulatory Compliance: To maintain records as required by IRCTC, authorities, and applicable laws for audit, reporting, and dispute resolution.

 

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

 

5. SHARING AND DISCLOSURE OF INFORMATION

 

We share your information only when necessary and in accordance with this Policy.

 

5.1 With IRCTC

 

As an IRCTC-authorized partner, we are required to share certain information with IRCTC, including:

- Passenger details and journey information.

- IRCTC user ID (password transmitted securely but not stored).

- Booking, cancellation, and modification requests.

- PNR and ticketing information.

 

This sharing is essential to process your bookings and is done in compliance with IRCTC guidelines.

 

5.2 With Payment Gateways and Financial Institutions

 

We share limited information with payment gateways, banks, and financial institutions to:

- Process payments and verify transactions.

- Handle refunds, chargebacks, and settlements.

- Comply with payment regulations, audits, and anti-fraud checks.

 

5.3 With Third-Party Service Providers

 

We engage third-party service providers to support our operations, including:

- Cloud hosting and data storage providers.

- SMS and email delivery services.

- Analytics, performance monitoring, and crash reporting tools.

- Customer support platforms and helpdesk systems.

- Security and anti-fraud solutions.

 

These providers act on our instructions, are bound by confidentiality obligations, and are not permitted to use your information for their own purposes.

 

5.4 Legal, Regulatory, and Safety Requirements

 

We may disclose your information when:

- Required by law, court order, or government/regulatory request.

- Necessary to enforce our Terms of Use or other agreements.

- Necessary to detect, prevent, or address security, fraud, or technical issues.

- Necessary to protect the rights, property, or safety of Remitrip, our users, IRCTC, or the public.

 

6. DATA RETENTION POLICY

 

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected or as required by law, including for audit, tax, accounting, or regulatory purposes. Indicatively:

- Booking and travel-related information is retained for at least one year or for such longer period as may be mandated by IRCTC or applicable law.

- Transaction and payment-related records are retained for 5 to 7 years for tax, regulatory, and audit purposes.

- Customer support records and communications may be retained for 12 to 24 months to resolve disputes and improve services.

- Analytics and log data is typically retained for 6 to 12 months, after which it may be aggregated or anonymized.

- IRCTC passwords are not stored at any time.

- Card details and sensitive payment data are not collected or stored by Remitrip.

 

After the expiry of the retention period, personal information is securely deleted, anonymized, or archived in accordance with applicable law and our data retention practices.

 

7. DATA SECURITY AND PROTECTION MEASURES

 

We implement reasonable security practices and procedures, as required under the IT Act, SPDI Rules, and CERT-In directions, to protect your personal information against unauthorized access, disclosure, alteration, or destruction. Our measures include:

- Use of encryption technologies such as HTTPS/TLS to protect data in transit.

- Secure server infrastructure and hardened cloud environments.

- Access controls and role-based permissions to restrict data access to authorized personnel only.

- Regular vulnerability assessment and penetration testing (VAPT) and security audits.

- Logging and monitoring of critical systems and access events.

- Backup and disaster recovery processes.

 

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. However, we continuously improve our safeguards to maintain a high level of security.

 

We do not store IRCTC passwords or sensitive card information in our systems.

 

8. CROSS-BORDER DATA TRANSFERS

 

Some of our third-party service providers or cloud infrastructure partners may be located outside India. Where your personal information is transferred outside India, we ensure that:

- The recipient country has adequate data protection laws, or

- Contractual safeguards and data protection measures are in place to ensure an equivalent level of protection.

 

IRCTC login credentials are not stored and are not transferred to any third country for storage purposes.

 

9. YOUR RIGHTS

 

Subject to applicable law, you have the following rights in relation to your personal information:

 

- Right of Access: You may request details of the personal information we hold about you.

- Right of Correction: You may request correction or update of inaccurate or incomplete information.

- Right to Deletion: You may request deletion of your personal information, subject to legal, regulatory, or contractual obligations (for example, where information must be retained for audit or IRCTC requirements).

- Right to Withdraw Consent: Where processing is based on consent (such as marketing communication), you may withdraw your consent at any time.

- Right to Opt-Out of Marketing: You may opt out of receiving promotional or marketing messages from us by using the unsubscribe option in communications or by contacting us.

 

To exercise any of these rights, you may contact us at support@remitrip.com. We may need to verify your identity before responding to such requests.

 

10. COOKIES AND TRACKING TECHNOLOGIES

 

We use cookies and similar tracking technologies on our Website and within the App to:

- Maintain your login session and preferences.

- Remember your settings and choices.

- Improve the performance, speed, and usability of the Services.

- Analyze usage patterns to enhance features and user experience.

- Detect and prevent fraudulent or abusive activity.

 

You may control cookies through your browser settings. However, disabling cookies may affect the availability or functionality of certain features.

 

11. LINKS TO THIRD-PARTY WEBSITES

 

Our App or Website may contain links to third-party websites, including IRCTC or other external services. These third-party sites are governed by their own privacy policies. We are not responsible for the content, security, or privacy practices of such external websites. You are advised to review their respective privacy policies before providing any personal information.

 

12. CHILDREN’S PRIVACY

 

Our Services are intended for users who are 18 years of age or older. We do not knowingly collect personal information from children below 18 years of age. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information promptly.

 

13. GRIEVANCE REDRESSAL AND DATA PROTECTION OFFICER

 

In accordance with applicable Indian law, we have designated a Grievance Officer / Data Protection Officer (“DPO”) to address any concerns, complaints, or disputes relating to your personal information and this Privacy Policy.

 

Grievance Officer / Data Protection Officer

Remitrip Private Limited

3rd Floor, AMV Park, NH 47 Bypass, Kundannoor, Maradu – 682304, Kerala, India

Email: support@remitrip.com

Expected Response Time: Within 15 (fifteen) days from the date of receipt of your complaint or request.

 

14. LIMITATION OF LIABILITY

 

To the fullest extent permitted by law:

- Remitrip shall not be responsible for any issues arising from IRCTC systems, including server downtime, delays, booking rejections, or technical failures.

- Remitrip shall not be liable for network-related issues, connectivity problems, or failures attributable to telecom operators, internet service providers, or payment gateways.

- Remitrip shall not be responsible for unauthorized access to your account due to your failure to safeguard login credentials, devices, or OTPs.

- Remitrip shall not be liable for any indirect, incidental, consequential, or punitive damages arising out of or in connection with the use of the Services or this Policy.

 

15. DISPUTE RESOLUTION AND GOVERNING LAW

 

This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising in connection with this Policy, the Services, or the handling of personal information shall be subject to the exclusive jurisdiction of the competent courts at Ernakulam, Kerala, India.

 

16. CHANGES TO THIS PRIVACY POLICY

 

We may update or modify this Privacy Policy from time to time to reflect changes in legal requirements, technology, or our business practices. When we do so, we will post the updated Policy on the App and Website and, where appropriate, notify you by email or in-app notification.

 

Your continued use of the Services after any such changes become effective will signify your acceptance of the updated Privacy Policy.

 

17. CONTACT US

 

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data practices, you may contact us at:

 

Remitrip Private Limited

3rd Floor, AMV Park, NH 47 Bypass

Kundannoor, Maradu – 682304

Kerala, India

Email: support@remitrip.com

Phone: 8137948474