Plan365Trip
FeaturesHow It WorksPricingAbout
Sign In
Plan365Trip

We help friend groups stop "planning" trips and actually take them. Built by someone who got tired of trips that never happened.

Product

  • Features
  • How It Works
  • Pricing
  • FAQ

Company

  • About
  • Contact

Legal

  • Privacy
  • Terms
  • Guidelines

© 2026 Plan365Trip. Made with love for travelers who mean it.

Built in India

Privacy Policy

Last updated: January 20, 2026

1. Introduction

Welcome to Plan365Trip, a product of VCXOS Management and Technologies LLP ("we," "our," or "us"). We are committed to protecting your privacy and personal information in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), Information Technology Act, 2000, and other applicable laws of India.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our group travel coordination platform. We process your personal data only for legitimate purposes with your explicit consent.

By using Plan365Trip, you consent to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use our service.

2. Definitions

  • Personal Data: Any data about an individual who is identifiable by or in relation to such data.
  • Data Principal: You, the individual whose personal data is being processed.
  • Data Fiduciary: VCXOS Management and Technologies LLP, which determines the purpose and means of processing personal data.
  • Processing: Any operation performed on personal data, including collection, storage, use, sharing, and deletion.

3. Information We Collect

3.1 Information You Provide Directly

  • Account Information: Name, email address, username, and password when you register.
  • Profile Information: Date of birth (for age verification only), current location (city), and weekend schedule preferences.
  • Holiday Data: Dates you mark as available for travel planning.
  • Group Data: Group names, descriptions, and membership information.
  • Messages: Content you share in group chats.
  • Trip Information: Trip proposals, responses, and planning details.

3.2 Information Collected Automatically

  • Device Information: Browser type, operating system, and device identifiers.
  • Usage Data: Pages visited, features used, and interaction patterns.
  • IP Address: For security purposes, rate limiting, and fraud prevention.
  • Cookies: Essential session cookies for authentication only.

3.3 Location Data

We collect your city/location only when you explicitly provide it during onboarding or in settings. We do not track your real-time location, GPS coordinates, or movement patterns. Location data is used solely for calculating travel distances and providing trip recommendations.

3.4 Sensitive Personal Data

We do not collect sensitive personal data including financial information, health data, biometric data, religious or political beliefs, sexual orientation, caste, or genetic data.

4. Legal Basis for Processing

Under the DPDP Act 2023, we process your personal data based on the following lawful grounds:

  • Consent: You provide explicit consent when creating an account and using our services.
  • Contractual Necessity: Processing necessary to provide the services you requested.
  • Legitimate Interests: Processing necessary for security, fraud prevention, and service improvement.
  • Legal Obligations: Processing required to comply with applicable laws.

5. How We Use Your Information

We use your information only for the following specified purposes:

  • To create, maintain, and secure your account
  • To provide group travel coordination and availability visualization
  • To calculate bridge leave opportunities and optimal trip windows
  • To enable communication within groups you join
  • To send essential transactional emails (password resets, security alerts)
  • To detect, prevent, and respond to fraud, abuse, and security incidents
  • To comply with legal obligations and respond to lawful requests

We will never use your data for purposes beyond what is stated here without obtaining your explicit consent first.

6. Information Sharing and Disclosure

6.1 Within Groups (User-Controlled)

When you join a group, other approved members can see your name, username, holiday availability, and messages you send. The following are never shared with other users:

  • Your email address
  • Your date of birth
  • Your precise location coordinates
  • Your IP address

6.2 Third-Party Service Providers

We use trusted third-party services to operate Plan365Trip. These providers process data only on our behalf and are contractually bound to protect your information:

  • Cloud Database Provider (USA): Database hosting and authentication
  • Cloud Hosting Provider (USA): Website hosting and serverless functions
  • Email Service Provider (USA): Transactional email delivery
  • Content Management Provider (EU): Content management for destination information
  • Location Search Provider: Location search (no personal data transmitted)

6.3 We Do Not Sell Your Data

We never sell, rent, trade, or otherwise monetize your personal information. We do not share your data with advertisers or data brokers.

6.4 Legal Requirements

We may disclose your information if required by law, court order, or government authority, or if necessary to protect the rights, property, or safety of Plan365Trip, our users, or others. We will notify you of such requests unless legally prohibited from doing so.

7. Cross-Border Data Transfers

Your personal data may be transferred to and processed in countries outside India, including the United States and European Union, where our service providers operate. These transfers are necessary to provide you with the service.

We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place, including:

  • Contractual obligations requiring recipients to protect your data
  • Use of service providers with strong privacy certifications
  • Data encryption in transit and at rest

By using Plan365Trip, you consent to these international data transfers.

8. Data Security

We implement robust technical and organizational measures to protect your personal data:

  • Encryption: All data transmitted over HTTPS/TLS; database encryption at rest
  • Password Security: Passwords hashed using bcrypt (never stored in plain text)
  • Access Control: Row-level security policies ensure strict data isolation
  • Rate Limiting: Protection against brute-force and abuse attacks
  • Audit Logging: Security-relevant actions are logged for monitoring
  • Regular Reviews: Periodic security assessments and updates

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we commit to:

  • Notify you within 72 hours of becoming aware of the breach via email
  • Report to authorities as required under the DPDP Act and IT Act
  • Provide details including the nature of the breach, data affected, and remedial actions
  • Take immediate steps to contain the breach and prevent further unauthorized access

We maintain an incident response plan and conduct regular security training to minimize breach risks.

10. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods are:

  • Account Data: Retained while your account is active, deleted within 30 days of account closure
  • Holiday Data: Retained until you delete it or close your account
  • Messages: Retained until deleted by you/admin, or within 30 days of account closure
  • Security Logs (IP/Rate Limiting): Retained for 24 hours, then automatically purged
  • Audit Logs: Retained for 1 year for security and compliance
  • Backup Data: Retained for up to 30 days, then permanently deleted

After the retention period expires, data is securely deleted or anonymized.

11. Your Rights as a Data Principal

Under the DPDP Act 2023 and applicable laws, you have the following rights:

  • Right to Access: Obtain confirmation of whether we process your data and request a copy
  • Right to Correction: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
  • Right to Data Portability: Receive your data in a structured, commonly used format
  • Right to Withdraw Consent: Withdraw your consent at any time for future processing
  • Right to Grievance Redressal: Lodge a complaint with our Grievance Officer or the Data Protection Board

How to Exercise Your Rights

To exercise any of these rights:

  • Email us at hello@plan365trip.com with subject "Data Rights Request"
  • We will verify your identity before processing the request
  • We will respond within 30 days of receiving your request
  • There is no fee for exercising your rights (unless requests are manifestly unfounded or excessive)

Consent Withdrawal

You may withdraw your consent at any time by:

  • Deleting your account through Settings → Delete Account
  • Emailing us with a withdrawal request

Note: Withdrawal of consent does not affect the lawfulness of processing done before withdrawal. Some data may be retained if required by law.

12. Cookies

We use only essential cookies required for the service to function:

  • Authentication Cookies: To keep you logged in securely
  • Session Cookies: To maintain your session state

We do not use:

  • Advertising or marketing cookies
  • Third-party tracking cookies
  • Analytics cookies that track individual behavior

13. Children's Privacy

Plan365Trip is not intended for users under 16 years of age. We do not knowingly collect personal information from children under 16.

If we discover that we have collected data from a user under 16 without proper consent, we will immediately delete such information. If you believe a child under 16 has provided us with personal data, please contact us immediately.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last updated" date at the top
  • For significant changes, we will notify you via email and/or a prominent notice on the service
  • We will provide at least 7 days notice before significant changes take effect
  • Your continued use after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically.

15. Grievance Officer

In accordance with the Information Technology Act, 2000, IT Rules 2021, and DPDP Act 2023, we have appointed a Grievance Officer to address your concerns:

  • Name: Shashwat Tiwari
  • Email: shash@bizfinlabs.com

Response Commitment:

  • Acknowledgment within 24 hours of receiving your complaint
  • Resolution within 15 days from the date of receipt

If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India as established under the DPDP Act 2023.

16. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • VCXOS Management and Technologies LLP
  • LLP Identification Number: ACP-9422
  • Registered Address: Flat No. 10074, Tower 10, Habitat Iluminar, Kengeri, Bangalore South, Bangalore Rural - 560060, Karnataka, India
  • Email: hello@plan365trip.com

By using Plan365Trip, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Back to Home