Back to Footprints

Legal

Privacy Policy

Last updated: 14 May 2026

Contents

Last Updated: 23 May 2026 Effective Date: Upon publication

This Privacy Policy explains how PEAKSERVE GLOBAL PRIVATE LIMITED, a company incorporated under the Companies Act, 2013 of India, with its registered office at 2639/197, Onkar Nagar, Tri Nagar, Delhi, North West Delhi, India - 110035 (“FootPrints”, “Company”, “we”, “us”, or “our”), collects, uses, shares, and protects personal data when you use the FootPrints mobile applications, the website at https://www.footprints.travel, and related services (the “Services”).

We are the data controller (under the EU General Data Protection Regulation and UK GDPR), business (under the California Consumer Privacy Act as amended by the California Privacy Rights Act, “CCPA/CPRA”), and data fiduciary (under the Indian Digital Personal Data Protection Act 2023, “DPDPA”) for the personal data described in this Policy.

Please read this Policy together with our Terms of Service and, where applicable, our Cookie Policy.

Summary of Key Points

  • What we collect: Account, trip, document, location, AI input, and technical data — depending on which features you use.
  • What we do with it: Run the Services, personalise your experience, process subscription payments via Apple and Google, prevent abuse, and meet legal obligations.
  • What we don’t do: We do not sell your personal information. We do not use your User Content to train generative AI foundation models without your separate opt-in.
  • Your rights: Access, correct, delete, port, and object to processing. Withdraw consent at any time. Email info@footprints.travel.
  • Sensitive data (Travel Wallet): Optional, encrypted, never used to train AI, and you can delete it at any time.
  • Where your data goes: Stored on cloud infrastructure in multiple regions, with Standard Contractual Clauses and similar safeguards for international transfers.

1Scope of This Policy

In Short: This Policy covers your use of FootPrints. It doesn’t cover third-party services you reach through us — those have their own policies.

This Policy applies to personal data we process when you use the Services, visit our website, or otherwise interact with us. It does not apply to:

  • Third-party websites, apps, or services linked from the Services (including Source Platforms such as Instagram, TikTok, and YouTube), which have their own privacy practices;
  • Information you choose to share publicly within the Services;
  • Anonymised or aggregated data that cannot reasonably identify you.

2Data Controller and Contact Points

In Short: Here’s who we are and how to reach us for any privacy question.

Data controller / business / data fiduciary: PEAKSERVE GLOBAL PRIVATE LIMITED
2639/197, Onkar Nagar, Tri Nagar
Delhi, North West Delhi, India - 110035

Privacy contact: info@footprints.travel Legal and complaints: info@footprints.travel Grievance Officer (India, DPDPA / IT Rules 2021): reachable at info@footprints.travel — see Section 18.

3Categories of Personal Data We Collect

In Short: Depending on how you use FootPrints, we collect account info, trip data, documents you upload, location (with permission), AI prompts, technical signals, and communications. Nothing we don’t need.

We collect the following categories of personal data. The specific data within each category depends on which features you use.

3.1 Account and Profile Data

Name, email address, phone number (optional), profile photo (optional), password (stored as a hash), account preferences, language and region settings, and authentication identifiers from Apple, Google, or other federated login providers if you sign in that way.

3.2 Trip and Itinerary Data

Destinations, dates, places saved or visited, notes, photos you attach, names and contact details of co-travellers you choose to invite, sharing settings, and collaborative edits made by you or those you share with.

3.3 Travel Wallet Data — Sensitive Personal Information

If you choose to use the Travel Wallet, we process the documents you upload, which may include passports, government-issued identification, visas, boarding passes, hotel bookings, insurance policies, vaccination records, and emergency contact details. This is “sensitive personal information” under the CCPA/CPRA, “sensitive personal data” under the DPDPA, and is treated with elevated safeguards under the GDPR.

Upload is entirely optional. You can use FootPrints without uploading any documents to the Travel Wallet.

3.4 Location Data

If you grant permission, we collect approximate or precise location to show nearby places, plot itinerary points on a map, and provide location-aware AI recommendations. You can revoke location permission at any time through your device settings. We do not track your location in the background unless you separately enable that permission.

3.5 AI Feature Inputs

The prompts, messages, photos, and contextual signals (such as your current trip and preferences) you provide when using AI place chat, AI itinerary generation, or AI recommendations. See Section 7 for how AI Features process your data.

3.6 Content Submitted from Source Platforms

When you submit a link to a public post on a Source Platform (such as an Instagram Reel, a TikTok video, or a YouTube video), we process information derived from that public content — for example, place names, geographic references, captions, and metadata — to extract structured travel data. We do not store the underlying video or image. See Section 7.4 and our Terms of Service for further detail.

3.7 Payment Data

We do not directly collect or store your credit card, bank account, or payment instrument details. All subscription payments are processed by Apple App Store or Google Play Store under their own privacy policies and terms. We receive only confirmation of payment status, subscription tier, and renewal information.

3.8 Device, Technical, and Usage Data

IP address, device identifiers, operating system, app version, language, time zone, crash reports, performance diagnostics, in-app actions (such as which features you use), session timestamps, referral source, and similar telemetry. Collected automatically when you use the Services.

3.9 Communications

Messages you send us (via email, in-app support, or web forms), survey responses, feedback, and our records of your support requests and our replies.

3.10 Marketing Preferences

Your opt-in or opt-out status for marketing emails, push notifications, and other communications.

4How We Collect Personal Data

In Short: Some data comes directly from you, some is collected automatically when you use FootPrints, and some comes from Apple, Google, or other providers when you sign in.

We collect personal data:

  • Directly from you — when you create an Account, complete your profile, build itineraries, upload to the Travel Wallet, submit a Source Platform link, contact us, or otherwise interact with the Services.
  • Automatically — through cookies, software development kits (“SDKs”), and similar technologies that record device and usage data when you use the app or website. See Section 14.
  • From third parties — including authentication providers (Apple, Google) if you use federated login, App Store providers (for purchase confirmations), and analytics, crash-reporting, and infrastructureAC providers that operate on our behalf.

5Purposes and Legal Bases for Processing

In Short: Every time we process your data, we have a specific purpose and a valid legal basis under the GDPR. The table below shows what we do, why, and on what legal grounds.

We process personal data for the purposes described below. Under the GDPR and UK GDPR, every processing activity must have a legal basis. The table below summarises ours.

PurposeCategories of DataLegal Basis (GDPR / UK GDPR)
Creating and managing your Account3.1, 3.7, 3.8Performance of a contract (Art. 6(1)(b))
Providing core travel-planning features3.2, 3.4, 3.5, 3.6Performance of a contract (Art. 6(1)(b))
Storing documents in the Travel Wallet3.3Explicit consent (Art. 6(1)(a) and, where applicable, Art. 9(2)(a))
Personalising recommendations and AI outputs3.2, 3.4, 3.5, 3.8Performance of a contract (Art. 6(1)(b)); legitimate interests (Art. 6(1)(f))
Processing payments and managing subscriptions3.1, 3.7Performance of a contract (Art. 6(1)(b)); legal obligation (Art. 6(1)(c))
Communicating with you about service updates and security3.1, 3.9Performance of a contract (Art. 6(1)(b)); legitimate interests (Art. 6(1)(f))
Sending marketing communications3.1, 3.10Consent (Art. 6(1)(a)) — withdrawable at any time
Improving the Services, analytics, and crash debugging3.8Legitimate interests (Art. 6(1)(f)) — keeping the Services functional and secure
Preventing fraud, abuse, and security threatsAllLegitimate interests (Art. 6(1)(f)); legal obligation (Art. 6(1)(c))
Processing data from publicly available Source Platform content you submit3.6Legitimate interests (Art. 6(1)(f)) — see Section 7.4 below
Complying with legal, regulatory, and tax obligationsAs neededLegal obligation (Art. 6(1)(c))
Establishing, exercising, or defending legal claimsAs neededLegitimate interests (Art. 6(1)(f))

Where our basis is legitimate interests, we have conducted a balancing assessment and concluded that our interests are not overridden by your rights and freedoms. You can request a summary of any such assessment by emailing info@footprints.travel.

6Sensitive Data — Travel Wallet

In Short: Documents you upload to the Travel Wallet (passports, IDs, visas) get extra protection. We only process them with your consent, they’re encrypted, and we don’t use them to train AI.

The Travel Wallet allows you to store documents that may contain sensitive personal information (passports, government identification, visas, insurance, medical or vaccination records, emergency contacts).

  • We process Travel Wallet data only on your explicit consent, given when you upload a document or enable the feature.
  • You can withdraw consent at any time by deleting the document or disabling the feature in app settings.
  • Travel Wallet data is encrypted in transit and at rest using industry-standard encryption.
  • Access to Travel Wallet data is strictly limited to a minimum number of authorised personnel and automated systems for the purpose of providing the feature.
  • We do not use Travel Wallet documents to train AI models, generate recommendations, or for any purpose unrelated to providing the Travel Wallet feature to you.
  • We have conducted, or will conduct, a Data Protection Impact Assessment (DPIA) for the Travel Wallet under Article 35 GDPR. A summary is available on request.

7AI Features

In Short: When you use FootPrints’ AI features, you’re interacting with an AI system. We process your prompts to give you recommendations and itineraries. We never use your User Content to train generative AI models without your separate opt-in consent.

7.1 Transparency

You are interacting with an artificial intelligence system when you use AI Features. This disclosure is provided in accordance with Article 50 of the EU AI Act and similar transparency obligations.

7.2 How AI Features Use Your Data

When you use AI Features, we process:

  • The prompts and messages you submit;
  • Trip context (destinations, dates, preferences);
  • Approximate or precise location (only if you grant permission);
  • Past interactions within the same session, to maintain context.

AI Features rely on large language models and other AI systems operated by us and by third-party AI service providers. Your prompts may be sent to those providers under contract, who are bound to use the data only to provide the service to us and not to train their own models on your inputs.

7.3 No Training on User Content Without Consent

We do not use your User Content (itineraries, Travel Wallet documents, AI prompts, photos, or other identifiable inputs) to train generative AI foundation models without your separate, opt-in consent. You can grant or withdraw this consent at any time in app settings.

We may use anonymised, aggregated usage data to improve the Services and the quality of AI Features without separate consent, in accordance with applicable law.

7.4 Data from Source Platform Content

When you submit a link to public content on a Source Platform, we process limited personal data from that content — typically the creator’s publicly available username, caption text, and location tags — for the purpose of extracting structured travel data (place names, coordinates).

We rely on legitimate interests (Article 6(1)(f) GDPR) for this processing, applying the three-part test required by the French CNIL and the European Data Protection Board:

  • Legitimate interest — providing a useful travel-planning tool to users who have affirmatively chosen to extract place data from public content.
  • Necessity — the processing is limited to the minimum information needed to identify places mentioned in the content; the underlying video or image is not stored.
  • Balancing — the data is publicly available, the creator can reasonably expect that publicly posted travel content may be discussed and indexed, and we offer creators an opt-out mechanism (see below).

Creator opt-out. If you are a content creator and wish to have your public content excluded from FootPrints’ Source Platform ingestion, contact info@footprints.travel with your handle and Source Platform, and we will block ingestion of your content within 30 days.

7.5 No Automated Decisions with Legal Effect

AI Features generate suggestions, recommendations, and itineraries that do not produce legal effects concerning you or similarly significantly affect you. We do not use AI to make automated decisions about creditworthiness, employment, insurance, or other consequential matters under Article 22 GDPR.

8How We Share Personal Data

In Short: We share with service providers who help us run the Services, with people you choose to share with, and with App Stores for billing. We don’t sell your data. We don’t share for behavioural advertising.

We share personal data only in the circumstances described below. We do not sell your personal information.

8.1 Service Providers (Processors)

We engage trusted third parties to provide infrastructure, analytics, support, and other services on our behalf. These providers process personal data only on our instructions and under written data processing agreements that include the safeguards required by the GDPR (Article 28), UK GDPR, CCPA service-provider obligations, and equivalent laws.

Categories of service provider include:

  • Cloud hosting and storage — Supabase (managed PostgreSQL database, authentication, and file storage), and Google Cloud infrastructure;
  • Analytics and product telemetry — limited first-party usage analytics used to operate and improve the Services;
  • Crash and error reporting — application crash and error-monitoring tooling;
  • AI model providers — Google (Gemini) and OpenAI — bound not to train on your inputs;
  • Source Platform extraction services — third-party providers that fetch publicly accessible content from Source Platforms on our behalf, operating in logged-off mode and bound by contract to access only public data;
  • Email and customer support — email delivery and customer-support tooling;
  • Push notifications — Apple Push Notification service and Firebase Cloud Messaging;
  • Fraud and abuse prevention — fraud and abuse-prevention tooling;
  • Professional advisers — accountants, auditors, lawyers, insurers, where strictly necessary.

A current list of subprocessors is available on request at info@footprints.travel.

8.2 Other Users

When you share an itinerary or invite a co-traveller, the people you share with can see the information you have chosen to share. You control the scope of sharing through the in-app settings.

8.3 Source Platforms

When you submit a link to a Source Platform, we fetch the publicly available content from that platform’s servers. This may result in technical request information (such as our service’s IP address) being visible to the platform. We do not share your personal data with Source Platforms beyond what is necessary to retrieve the public content.

8.4 App Stores (Apple and Google)

Subscription purchases, refunds, and billing are handled by Apple App Store or Google Play Store. We share with them only the information necessary to provide and bill for the Services. Apple and Google operate as independent controllers for that data under their own privacy policies.

8.5 Legal Requirements and Safety

We may disclose personal data when we believe in good faith that disclosure is necessary to comply with a legal obligation, respond to lawful requests from public authorities, protect the rights, property, or safety of FootPrints, our users, or others, or enforce our Terms of Service.

8.6 Business Transfers

If FootPrints is involved in a merger, acquisition, financing, reorganisation, or sale of assets, personal data may be transferred to the relevant party as part of the transaction, subject to confidentiality undertakings and continued application of this Policy (or equivalent protection).

8.7 With Your Consent

We may share personal data for any other purpose with your consent.

9International Data Transfers

In Short: Your data may be stored or processed in countries other than where you live. We apply Standard Contractual Clauses and similar safeguards to protect it.

The Services are operated from India, and personal data may be transferred to, stored in, and processed in India, the European Economic Area, the United Kingdom, the United States, and other regions where our service providers operate.

Where we transfer personal data outside the EEA, UK, or any other jurisdiction with data export rules:

  • EEA and UK transfers — we rely on the European Commission’s Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum, supplemented by additional safeguards (encryption, access controls, transfer impact assessments) where required;
  • India — under the DPDPA, the Government of India may designate countries to which transfers are restricted; we comply with any such restrictions when notified;
  • Other transfer mechanisms (adequacy decisions, binding corporate rules, derogations) are used where appropriate.

You can request a copy of the safeguards we apply by emailing info@footprints.travel.

10Data Retention

In Short: We keep data only as long as we need to. Account data lasts while your Account is active plus a short period after; everything else has its own retention period.

We retain personal data only as long as necessary for the purposes for which it was collected, including to comply with legal, accounting, or reporting requirements.

CategoryRetention period
Account and profile dataWhile your Account is active, plus 90 days after closure (for recovery), then deleted or anonymised
Trip and itinerary dataWhile your Account is active, or until you delete the itinerary
Travel Wallet documentsUntil you delete the document, or 90 days after Account closure
Location dataReal-time use only; aggregated location signals retained for analytics for up to 24 months
AI Feature inputsUp to 90 days for service improvement and abuse prevention, then deleted or anonymised
Source Platform extracted dataWhile the relevant itinerary exists, or until you delete it
Payment confirmations7 years (Indian tax and accounting law) or as required by applicable law
Device, technical, and usage dataTypically up to 24 months
Support communicationsUp to 3 years after the last interaction
Marketing preferencesUntil you opt out, plus a suppression record to honour your opt-out
BackupsRoutinely overwritten on a rolling basis (typically within 90 days)

We may retain certain data for longer where required by law, to resolve disputes, or to enforce our agreements.

11Security

In Short: We encrypt your data, restrict access, and follow industry-standard security practices. No system is fully secure, so you should also use a strong password and keep your device safe.

We implement technical and organisational measures designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These include:

  • Encryption of data in transit (TLS) and at rest (AES-256 or equivalent);
  • Strict access controls based on the principle of least privilege;
  • Periodic security testing, monitoring, and patching;
  • Mandatory security training for personnel;
  • Incident response procedures and breach notification consistent with Article 33–34 GDPR, the CCPA/CPRA breach laws, and the DPDPA.

No system is completely secure. Despite our safeguards, we cannot guarantee absolute security. You play an important role by maintaining a strong password, enabling two-factor authentication when available, and keeping your device secure.

12Your Privacy Rights

In Short: Depending on where you live, you have rights to see, correct, delete, port, and object to processing of your data. Email info@footprints.travel to exercise them — we’ll respond within the time your law requires.

Depending on where you live, you have the following rights with respect to your personal data:

12.1 Rights Under the GDPR / UK GDPR (EU and UK)

  • Access — obtain a copy of the personal data we hold about you.
  • Rectification — correct inaccurate or incomplete data.
  • Erasure (“right to be forgotten”) — request deletion in certain circumstances.
  • Restriction — limit how we process your data while a complaint or correction is pending.
  • Portability — receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Object — object to processing based on legitimate interests, including profiling.
  • Withdraw consent — at any time, where processing is based on consent.
  • Lodge a complaint with your local supervisory authority — see Section 17.

12.2 Rights Under the CCPA/CPRA (California)

  • Right to know — what categories of personal information we collect, the sources, purposes, and categories of third parties we share with.
  • Right to access — a copy of specific pieces of personal information.
  • Right to delete — request deletion, subject to exceptions.
  • Right to correct — inaccurate personal information.
  • Right to opt out of sale or sharing — we do not sell or share for cross-context behavioural advertising, but you have the right to direct us not to do so in future.
  • Right to limit use of sensitive personal information — request that we limit use of sensitive personal information to what is necessary to perform the Services.
  • Right to non-discrimination — for exercising any of these rights.

12.3 Rights Under Other US State Privacy Laws

If you are a resident of Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia (or any other US state with a comprehensive privacy law that comes into force), you have rights that closely parallel those under the CCPA/CPRA, including:

  • The right to know whether we process personal data about you;
  • The right to access and obtain a portable copy of your personal data;
  • The right to correct inaccuracies;
  • The right to delete personal data;
  • The right to opt out of targeted advertising, the sale of personal data, and certain profiling;
  • The right to non-discrimination for exercising your rights;
  • Depending on the state, the right to a list of categories of third parties (California, Delaware) or specific third parties (Oregon) to whom we have disclosed personal data; and
  • Depending on the state, additional rights regarding sensitive data and biometric or voice/facial-recognition features (California, Florida).

These rights are subject to exceptions and verification requirements under each state’s law.

12.4 Rights Under the DPDPA (India)

  • Right to access the personal data we process about you.
  • Right to correction and erasure of personal data.
  • Right to grievance redressal — see Section 18.
  • Right to nominate — designate another person to exercise rights in case of death or incapacity.

12.5 Rights Under the LGPD (Brazil), POPIA (South Africa), PIPEDA (Canada), Privacy Act 1988 (Australia), and Other Laws

If you reside in a jurisdiction with applicable data protection law, you have analogous rights. Contact info@footprints.travel and we will respond in accordance with the law of your jurisdiction.

12.6 How to Exercise Your Rights

Email info@footprints.travel with a clear description of your request. We will:

  1. Acknowledge receipt of your request promptly;
  1. Verify your identity — typically by confirming control of the email address associated with your Account. If we cannot verify your identity from existing information, we may request additional information for verification and security purposes;
  1. Respond within the timelines required by applicable law — within 30 days under the GDPR (extendable by up to 60 additional days where necessary); 45 days under the CCPA/CPRA and most other US state privacy laws (extendable by 45 days where necessary); and within the periods prescribed under the DPDPA, LGPD, and equivalent laws.

You may designate an authorised agent to submit a privacy request on your behalf. The agent must provide signed, written authorisation from you and, in some cases, proof of registration with the relevant state (where required). We may also ask you to verify directly with us that you authorised the request.

There is no charge for exercising your rights, except in the case of manifestly unfounded or excessive requests, where we may charge a reasonable fee or refuse to act, as permitted by law.

12.7 Appeals (US State Privacy Laws)

If we decline to take action on your request, you have the right to appeal that decision. To submit an appeal, email info@footprints.travel with the subject line “Privacy Request Appeal”, reference the original request, and explain why you believe the decision was incorrect.

We will respond in writing within 60 days of receipt of the appeal, informing you of any action taken or not taken and the reasons for our decision. If the appeal is denied and you believe the denial was unlawful, you may submit a complaint to your state Attorney General. Contact information for state Attorneys General is available on each state’s official government website.

13Marketing Communications

In Short: Marketing emails and push notifications are opt-in. You can opt out at any time, but we’ll still send essential service messages (security, billing, policy updates).

We send marketing emails and push notifications only with your consent (or, where permitted by law, on an opt-out basis to existing users for similar services). You can opt out at any time by:

  • Clicking “unsubscribe” in any marketing email;
  • Disabling push notifications in your device settings;
  • Updating your preferences in app settings;
  • Emailing info@footprints.travel.

We will continue to send essential service communications (security alerts, billing receipts, policy updates) regardless of your marketing preferences.

14Cookies and Similar Technologies

In Short: We use cookies and SDKs for essential functions and limited analytics. We don’t do behavioural advertising. We don’t currently respond to Do-Not-Track signals because there’s no industry standard, but you can manage cookie preferences via our banner and device settings.

Our website and app use cookies, SDKs, local storage, and similar technologies to:

  • Operate essential functionality (such as keeping you signed in);
  • Remember your preferences;
  • Measure performance and analytics;
  • Detect and prevent fraud.

We do not use cookies or SDKs for cross-context behavioural advertising.

Where required by law (including the EU ePrivacy Directive and the CCPA/CPRA), we obtain your consent before placing non-essential cookies. You can manage cookie preferences via our cookie consent banner or, on mobile, through your device’s tracking-permission settings (including Apple App Tracking Transparency).

Do-Not-Track signals. Some web browsers and mobile operating systems include a “Do-Not-Track” (“DNT”) feature that signals your preference not to be tracked. There is currently no industry or legal standard for recognising and responding to DNT signals, so we do not respond to DNT signals at this time. California Business and Professions Code §22575(b) requires us to disclose this. If a standard is adopted that we must follow, we will update this Policy accordingly. You can manage tracking preferences through your device and browser settings, including Apple App Tracking Transparency on iOS.

15Children’s Privacy

In Short: FootPrints isn’t for children under 13. If you’re a parent or guardian and think we have your child’s data, contact us and we’ll delete it.

The Services are not directed to children under 13, the minimum age permitted by the COPPA and required by Apple App Store and Google Play Store for general-audience apps, and we do not knowingly collect personal data from children under that age.

If we learn that we have inadvertently collected personal data from a child under the applicable minimum age, we will delete it promptly. Parents and guardians who believe their child has provided us with personal data may contact info@footprints.travel.

For users between 13 and the age of majority, certain processing may require verifiable parental consent under COPPA, GDPR Article 8, or other applicable laws. We design the Services in line with the principles of the UK Age Appropriate Design Code where users in the UK may be minors.

16California Specific Disclosures

In Short: California has detailed disclosure rules. This section spells out what categories of data we collect, why, who we share with, and your specific California rights.

This section provides additional disclosures required by the CCPA/CPRA for California residents.

16.1 Categories of Personal Information Collected (Past 12 Months)

We have collected the following categories of personal information (as defined in CCPA section 1798.140) in the past 12 months:

  • Identifiers — name, email, account ID, IP address, device identifiers.
  • Customer records — payment confirmations (no card data).
  • Commercial information — subscription history.
  • Internet or other network activity — usage data, interaction with the Services.
  • Geolocation data — with permission.
  • Audio, electronic, or visual information — photos you upload, AI input.
  • Inferences — preferences and travel interests derived from your activity.
  • Sensitive personal information — government-issued identification (in Travel Wallet), precise geolocation (with permission), account credentials.

16.2 Sources, Purposes, and Disclosures

Sources: directly from you; automatically through your use of the Services; from authentication and App Store providers.

Purposes: as set out in Section 5.

Categories of third parties we share with for business purposes: as set out in Section 8 (service providers, other users you choose to share with, App Stores, legal authorities).

16.3 No Sale or Sharing

We do not sell personal information for monetary or other valuable consideration, and we do not share personal information for cross-context behavioural advertising.

16.4 Use of Sensitive Personal Information

We use sensitive personal information only for the purposes permitted under CCPA section 1798.121 and as needed to provide the Services you have requested (such as storing your passport in the Travel Wallet). You have the right to limit such use to those purposes by contacting info@footprints.travel.

16.5 Shine the Light

California Civil Code §1798.83 (“Shine the Light”) allows California residents to request information about disclosures of personal information to third parties for direct-marketing purposes. Submit such requests to info@footprints.travel.

16.6 Authorised Agents

You may designate an authorised agent to submit privacy requests on your behalf. The agent must provide written authorisation and we may require you to verify the agent’s authority.

17EU and UK Supervisory Authorities

In Short: If you’re in the EU or UK and think we’re handling your data wrongly, you can complain to your country’s data protection regulator. Our EU representative is named below.

If you are a resident of the EU or UK and believe our processing of your personal data infringes applicable law, you have the right to lodge a complaint with the supervisory authority in your country of residence, place of work, or where the alleged infringement occurred.

A list of EU data protection authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. The UK Information Commissioner’s Office can be contacted at https://ico.org.uk.

18Indian Grievance Officer (DPDPA 2023 and IT Rules 2021)

In Short: Indian users with privacy grievances can contact our designated Grievance Officer. We’ll acknowledge within 24 hours and resolve within the statutory timelines.

For grievances under the Indian Digital Personal Data Protection Act 2023 or the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, contact:

Grievance Officer — Email: info@footprints.travel Address: 2639/197, Onkar Nagar, Tri Nagar, Delhi, North West Delhi, India - 110035

We will acknowledge complaints within 24 hours and resolve them within the timeframes prescribed by Indian law (typically 15 days under the IT Rules and the periods specified under the DPDPA).

19Automated Decision-Making and Profiling

In Short: We don’t use AI to make decisions that legally affect you. FootPrints’ AI gives you suggestions; you decide what to do.

We do not engage in automated decision-making that produces legal effects concerning you or similarly significantly affects you within the meaning of Article 22 GDPR. AI Features generate suggestions and recommendations only; you remain in control of your decisions.

20Changes to This Policy

In Short: We’ll tell you about material changes in advance, by email or in-app notice.

We may update this Privacy Policy from time to time. Where the changes are material, we will notify you in advance by email, in-app notice, or other reasonable means. The “Last Updated” date at the top of this Policy indicates when it was most recently revised. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

21Contact Us

In Short: Different inboxes for different needs. Use the one that matches your question.

General privacy queries: info@footprints.travel Legal and complaints: info@footprints.travel Grievance Officer (India): info@footprints.travel Postal address: PEAKSERVE GLOBAL PRIVATE LIMITED
2639/197, Onkar Nagar, Tri Nagar
Delhi, North West Delhi, India - 110035