Privacy Policy

1. Introduction

Nandighosh Mobility Private Limited (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and disclose your personal data when you use our website, mobile applications, and bus transportation services.

This policy is drafted in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India and applicable rules framed thereunder. By using our services, you consent to the collection and use of your information as described in this policy.

a) Information You Provide Directly

• Full name, email address, phone number, and age/gender during booking.
• Government-issued ID details for passenger verification (as required under the Motor Vehicles Act, 1988).
• Booking details including travel date, route, seat selection, and co-passenger information.
• Payment information processed through our third-party payment gateway (we do not store your full card details).
• Feedback, complaints, or messages sent to us via phone, email, or WhatsApp.

b) Information Collected Automatically

• Device information (browser type, operating system, device model, screen resolution).
• IP address and approximate geographic location.
• Usage data such as pages visited, time spent on each page, and interaction patterns on our website.
• Cookies and similar tracking technologies (see Section 7 below).
• Referral URLs, search terms, and navigation paths within our site.

We use your personal data for the following lawful purposes:

• To process and confirm bus ticket bookings and tourist package reservations.
• To communicate booking confirmations, schedule changes, delays, and service updates via SMS, email, or WhatsApp.
• To process payments, refunds, and cancellations.
• To verify passenger identity at the time of boarding.
• To enable GPS-based live tracking of buses for passenger safety and convenience (see Section 4).
• To respond to your queries, complaints, and feedback.
• To improve our services, website experience, and operational efficiency through analytics.
• To comply with legal obligations under Indian law, including tax and transportation regulations.
• To detect and prevent fraud, misuse, or unauthorised access to our services.

• All online payments are processed via UPI (Unified Payments Interface), a secure payment method regulated by RBI and NPCI.
• We do not store your bank account details, UPI PIN, or banking credentials on our servers.
• We retain only UPI transaction reference numbers, payment status, and amounts for reconciliation and refund processing purposes.
• All payment verification is done manually by our team to ensure authenticity.

6. Data Storage & Retention

• Your personal data is stored on secure servers within India, in compliance with the data localisation requirements of the DPDP Act, 2023.
• Booking and transaction data is retained for a minimum of 8 years as required under Indian tax laws (Income Tax Act, 1961 and GST Act, 2017).
• Communication records are retained for up to 3 years for service improvement and dispute resolution purposes.
• Account data is retained as long as your account remains active. Upon account deletion or request for erasure, data is deleted within 90 days, except where retention is required by law.

Our website uses cookies and similar technologies to enhance your browsing experience:

• Essential cookies: Required for the basic functionality of our website (e.g., session management, booking flow, authentication).
• Analytics cookies: Help us understand how visitors interact with our website, allowing us to improve user experience. We may use services like Google Analytics.
• Preference cookies: Remember your settings, language preferences, and recently searched routes for future visits.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our website, particularly the booking process.

We do not sell your personal data to third parties. We may share your data only in the following circumstances:

• Payment processors: To facilitate secure payment transactions via UPI (regulated by NPCI/RBI).
• SMS and communication providers: To send booking confirmations, updates, and alerts.
• Bus platform partners: If your booking is facilitated through a third-party bus booking platform, relevant booking data may be shared with that platform for ticketing and service delivery purposes.
• Government and law enforcement authorities: When required by law, court order, or by a competent authority under the DPDP Act, 2023, Motor Vehicles Act, 1988, or other applicable laws.
• Service providers: Third-party vendors who assist us in operating our website, analytics, and customer support, subject to strict confidentiality agreements.
• Insurance companies: In the event of an accident or claim, as required under the Motor Vehicles Act, 1988.

We implement appropriate technical and organisational measures to protect your personal data, including:

• SSL/TLS encryption for all data in transit between your browser and our servers.
• Encrypted storage of sensitive personal data at rest.
• Role-based access controls limiting data access to authorised personnel only.
• Regular security audits and vulnerability assessments.
• Secure backup procedures with encrypted storage.

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections.

10. Your Rights under the DPDP Act, 2023

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

• Right to Access: You may request a summary of the personal data we hold about you and the processing activities undertaken.
• Right to Correction: You may request correction of inaccurate or incomplete personal data.
• Right to Erasure: You may request deletion of your personal data, subject to legal retention requirements.
• Right to Withdraw Consent: You may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing done before the withdrawal.
• Right to Grievance Redressal: You may raise a complaint with our Grievance Officer (details below) or the Data Protection Board of India.
• Right to Nominate: You may nominate an individual to exercise your rights in case of death or incapacity.

To exercise any of these rights, please contact us at hello@nandighoshbus.com. We will respond within 30 days of receiving your request.

Our online services are not directed at children under 18 years of age. We do not knowingly collect personal data from children without verifiable parental consent. Bookings for minors must be made by a parent or legal guardian. If a parent or guardian becomes aware that their child has provided us with personal data without their consent, please contact us at hello@nandighoshbus.com and we will take steps to delete such data promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The updated policy will be published on our website with a revised “Last updated” date. Material changes will be communicated to registered users via email or SMS. We encourage you to review this page periodically.

13. Grievance Officer & Contact

In accordance with the DPDP Act, 2023, the details of our Grievance Officer are as follows:

If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India as constituted under the DPDP Act, 2023.