Privacy Policy

• We collect only what we need to run the Platform — your name, email, WhatsApp (optional), bookings, and payout details.
• We never sell your data.
• We use one referral cookie (60 days) for affiliate tracking, plus essential session cookies.
• Payments go directly to Razorpay; we don’t store full card details.
• You can request your data or deletion any time at hello@thebookingadvisor.com.

The Booking Advisor (“we”, “us”) is the data controller for information collected through www.thebookingadvisor.com. For any privacy question, email hello@thebookingadvisor.com.

2.1 Account information

When you sign up as a guest, host, hotel, or affiliate, we collect: name, email, password (hashed, never in plain text), optional WhatsApp number, and — for hosts/affiliates — payout method and payout details (UPI ID, bank details, or PayPal email).

2.2 Booking information

When you make a booking, we collect: your name, email, optional WhatsApp, country, the experience / hotel / dates / guest count, and any notes you provide. This is shared with the host or hotel fulfilling the booking.

2.3 Listing content (hosts + hotels)

Listings, photos, videos, descriptions, availability, and pricing you upload are stored to display on the Platform. See our Terms for the licence you grant us.

2.4 Usage data

Standard web logs: IP address (hashed for affiliate click tracking), user agent, referring URL, pages visited. Retained for 90 days for security and abuse prevention.

2.5 Device information

Browser type, device type, screen size, timezone — used for responsive rendering and fraud prevention.

We use a small number of cookies:

• tba_session — httpOnly authentication cookie. Required to stay logged in. 30 days.
• tba_ref — referral attribution for the affiliate program. 60 days. Set when you arrive via a partner link.

We do not use third-party advertising or analytics cookies. We do not sell or share cookie data with advertisers.

When you click a third-party booking partner (Aviasales, Hotellook, KiwiTaxi, GetYourGuide, Viator, etc.), that partner may set their own cookies — governed by their privacy policy, not ours.

• Deliver the Platform — sign you in, accept bookings, process payments, pay out hosts and affiliates.
• Communicate with you — booking confirmations, payout notifications, receipts.
• Protect the Platform — detect fraud, abuse, off-platform circumvention.
• Improve the Platform — aggregated, non-identifying analytics.
• Comply with legal obligations — tax, accounting, law-enforcement requests where legally required.

We do not use your data to train AI models. We do not sell your data. We do not share it for advertising.

We share the minimum necessary data with:

• Hosts and hotels — your name, contact, booking details — so they can deliver your booking.
• Razorpay — to process payments. Razorpay is PCI-DSS compliant.
• Turso and Vercel — our database and hosting providers, based in the EU/US with standard data-processing terms.
• Resend — to send transactional emails (booking confirmations, etc.).
• Law enforcement — only when compelled by valid legal process.

Third-party booking partners (Aviasales, Hotellook, KiwiTaxi, etc.) receive the booking information you enter on their sites when you click through. We only share an anonymised tracking marker for commission attribution.

Depending on your country, you may have the right to:

• Access the data we hold about you;
• Correct inaccurate data;
• Delete your data (subject to legal retention periods — e.g. tax records must be kept 6 years in India);
• Object to processing or withdraw consent;
• Export your data in a portable format;
• Lodge a complaint with your local data-protection authority.

Exercise any right by emailing hello@thebookingadvisor.com. We respond within 30 days.

Account data is kept while your account is active and for 6 years thereafter, to comply with Indian tax law. Booking records are retained for the same period. Referral-cookie data and aggregated click logs are retained for 90 days. Listing content you delete is removed from public view immediately and from backups within 30 days.

We take reasonable technical and organisational measures: passwords are hashed with bcrypt, transport is HTTPS-only, database access is limited to the least-privileged keys, sessions are short-lived JWTs with httpOnly cookies, and contact details in public listings are automatically filtered to prevent leakage.

No system is perfectly secure. If we become aware of a breach affecting your data we will notify you within 72 hours as required by applicable law.

The Platform is not intended for users under 18. We don’t knowingly collect data from minors. If you believe we have, email us and we’ll delete it.

Our hosting and processing partners are based in the EU, US, and Asia-Pacific. Where data crosses borders we rely on standard contractual clauses or the partner’s own adequacy frameworks.

We may update this policy. The “Last updated” date at the top shows when. Material changes will be emailed to users with an account.

For any privacy question, concern, or request: hello@thebookingadvisor.com.