SaveTrip

Privacy Policy

Last updated: 2026-04-24

SaveTrip operates the pax.savetrip.in platform (the “Platform”). We take the privacy of our users seriously. This policy explains what personal information we collect, how we use it, and the choices you have.

1. Information we collect

  • Booking details: name, 10-digit mobile number and optional email address supplied at the time of booking.
  • Travel intent: origin and destination station, travel date and passenger count. This is passed to the Seller NP as part of the ONDC /search, /select, /init and /confirm calls.
  • Payment metadata: the merchant transaction id, the payment status and the PhonePe transaction reference. We do not receive or store your card number, UPI PIN or banking credentials.
  • Device and log data: IP address, user agent and anonymized usage telemetry collected by our CDN (CloudFront) and server logs for security and reliability.

2. How we use your information

  • To create a booking on the ONDC network and share the minimum necessary details with the Seller NP to issue a ticket.
  • To process payment, trigger refunds when applicable, and reconcile transactions with PhonePe.
  • To send booking confirmations and cancellation notices to the mobile number or email provided.
  • To comply with applicable law, respond to lawful requests, and prevent fraud or abuse of the Platform.

3. Sharing of information

We share only the data strictly required to fulfill a booking with the relevant ONDC network participants (Seller NP, gateway and registry where required for verification). We do not sell your personal information to advertisers. Processors we rely on — CloudFront, AWS (hosting), PhonePe (payments) — are contractually bound to handle data only for the purpose for which it was shared.

4. Data retention

Booking and transaction records are retained as long as required for reconciliation, audit, tax and regulatory purposes (typically seven years from the booking date). Device and log data is retained for up to 90 days unless required longer for security investigations.

5. Your rights

You can request access, correction or deletion of your booking data by writing to us. Deletion requests are honoured subject to the retention periods set out above and to any obligation to retain records for a completed booking.

6. Cookies and local storage

The Platform uses local storage on your device to hold the current booking flow (origin, destination, fare and order id). We do not deploy third-party advertising cookies.

7. Security

All traffic between your device and the Platform is served over HTTPS with TLS 1.2+. ONDC messages are signed with Ed25519 and verified against the ONDC registry. Payment redirection is handled entirely on PhonePe's whitelisted domain.

8. Children

The Platform is not intended for children below the age of 13. Please do not submit information about a minor unless you are the legal guardian booking on their behalf.

9. Changes to this policy

We will update the “Last updated” date above when this policy changes. Material changes will be notified on the booking flow itself.

10. Contact

Questions about your data? Write to us at /legal/contact.