top of page

Privacy Policy

1. Introduction

​

Mirai Labs Inc. (“TravelX”) acknowledges the paramount importance of protecting personal data and privacy rights of individuals who interact with its services and platforms. This Privacy Policy serves as a binding and enforceable statement of our commitment to upholding data protection and privacy in accordance with internationally recognized standards, including the General Data Protection Regulation (GDPR), SOC 2 Trust Services Criteria for privacy, the Health Insurance Portability and Accountability Act (HIPAA) where applicable, and relevant national laws.

This policy defines the governance framework for managing personal information collected, processed, or retained by TravelX, and is enforceable across all employees, partners, contractors, vendors, affiliates, and associated data processors. Non-compliance with this policy may result in disciplinary action or legal consequences.

​

2. Scope

​

This Privacy Policy applies universally to:

  • All personal information collected or processed through TravelX digital assets, including but not limited to the vip.travelx.ai website and TravelX VIP mobile applications.

  • All internal and external personnel including full-time employees, contractual staff, temporary hires, third-party vendors, technology partners, and service providers who may interact with or have access to personal data.

  • All individuals whose data is collected or processed including customers, users, business contacts, and prospective clients (collectively “data subjects”).

This policy encompasses all data-handling activities throughout the lifecycle: from collection and storage to usage, sharing, archival, and disposal.

​

3. Categories of Personal Information Collected

​

TravelX classifies and collects personal data under the following categories:

  • Identity & Contact Information: Full legal name, date of birth, email address, phone number, physical address, passport and government-issued ID numbers.

  • Location & Device Data: IP addresses, browser identifiers, GPS-based geolocation, mobile device identifiers (IDFA, AAID).

  • Transactional Data: Booking history, payment history, reward redemptions, loyalty status, and product/service consumption patterns.

  • Behavioral & Technical Data: Cookie identifiers, session logs, navigation history, heatmaps, device type, operating system, crash logs.

  • Account Data: Account creation timestamps, login activity, authentication tokens, user preferences, consent timestamps.

Data is collected directly from the data subject or indirectly via cookies, third-party affiliates, and system logs, under lawful bases for processing.

​

4. Purpose of Data Collection and Use

​

TravelX collects and uses personal data solely for legitimate business purposes, including:

  • Fulfillment of contractual obligations for travel bookings, membership benefits, and user-initiated services.

  • Communication related to account activity, confirmations, cancellations, and service updates.

  • Analytics, personalization, and enhancement of user experience.

  • Compliance with financial, tax, AML/KYC, and regulatory requirements.

  • Investigation and prevention of fraud, abuse, security threats, and violations of terms of service.

  • Marketing, subject to user consent, to deliver promotional offers, surveys, and updates.

All usage of data is restricted to stated purposes unless further consent is obtained or legally required.

​

5. Retention and Disposal

​

TravelX maintains a comprehensive data retention schedule defining retention periods based on data type, legal requirements, and operational needs:

  • Retention: Personal data is retained no longer than necessary to fulfill the processing purposes or as mandated by law.

  • Review: Retention timelines are reviewed annually to ensure relevance and necessity.

  • Secure Disposal: Upon expiration of retention period, data is securely erased using cryptographic erasure, data shredding (for physical records), or secure deletion tools validated for effectiveness.

6. Consent Management

TravelX implements explicit and informed consent mechanisms:

  • Consent is collected during account registration, opt-in to promotional services, and acceptance of terms.

  • Consent is tracked with time stamps and IP logs.

  • Users may withdraw or modify consent at any time via app settings or by submitting a written request to the Data Protection Officer.

Consent is not required where legal or contractual obligations necessitate the processing of data.

7. User Rights

Data subjects are granted the following rights under applicable data privacy laws:

  • Right to Access: Obtain confirmation of data being processed and receive a copy in electronic format.

  • Right to Rectification: Request correction of incorrect or outdated information.

  • Right to Erasure (“Right to be Forgotten”): Request deletion of personal data unless retention is legally required.

  • Right to Restriction of Processing: Request restriction of data use under specified conditions.

  • Right to Data Portability: Receive data in a structured, commonly used format to transfer to another controller.

All requests are verified and fulfilled within 30 business days unless restricted by law.

8. Notification of Changes & Breaches

  • TravelX will notify users of material changes to this policy at least 15 days in advance using email, in-app popups, and banners.

  • In the event of a data breach involving personal information, users and appropriate regulators will be notified within legally mandated timeframes, including:

    • Description of the breach

    • Types of information compromised

    • Protective steps taken

    • Remediation plan

9. Data Quality, Accuracy, and Monitoring

To ensure accuracy, TravelX employs:

  • Automated validation rules for key fields (e.g., email, phone, passport number).

  • Manual data reviews for compliance monitoring.

  • Data cleansing routines and verification campaigns.

Users are periodically prompted to review and update their personal data.

10. Cookies & Tracking

TravelX uses cookies and tracking technologies to:

  • Maintain secure sessions

  • Analyze usage patterns

  • Personalize services and content

  • Monitor fraudulent behavior

Users may accept or decline cookies at any time. Cookie consent banners and detailed cookie management tools are provided on the website.

11. Data Sharing & Cross-border Transfers

TravelX may share personal data only in the following circumstances:

  • With service providers under binding contractual clauses (DPAs, NDAs).

  • With government, regulatory, or law enforcement bodies when legally compelled.

  • With international partners under approved cross-border safeguards (e.g., SCCs, BCRs).

Transfers are subject to adequacy decisions, encryption protocols, and access limitation.

12. Security Safeguards

The following controls are enforced to secure personal data:

  • AES-256 encryption at rest and TLS 1.2/1.3 in transit

  • Multi-factor authentication (MFA) for user and admin accounts

  • Periodic penetration testing and vulnerability management

  • Segregation of development and production environments

  • 24x7 intrusion detection and monitoring

  • Logging and audit trails of all data access and modifications

13. Incident Monitoring and Enforcement

  • All incidents are logged in a central IR (incident response) platform

  • Post-incident reviews (“lessons learned”) are documented and shared internally

  • Disciplinary actions include:

    • Warning letters

    • Account suspension or revocation

    • Contract termination

    • Legal action in cases of gross negligence or willful misconduct

14. Grievance Redressal

TravelX provides the following contact methods for complaints or rights exercises:

  • Email: privacy@travelx.ai

  • Phone: +91 97664 58747

  • Postal: Data Protection Officer, AP81, 902, Koregaon Park, Pune 14, Maharashtra, India

Complaints are logged, tracked, and resolved within 30 working days. Users can escalate unresolved matters to the Privacy & Compliance Committee.

15. Review and Change Management

This Privacy Policy is formally reviewed twice annually and following major regulatory or operational changes. Each change is tracked in the version control table below:

VersionDateSummary of ChangesReviewed By

1.015 Dec 2024Initial releaseCompliance Team

2.012 May 2025Detailed enhancements for SOC 2 alignment, user rights, breach handlingPrivacy & Compliance Team

This document is legally binding and governs all activities of TravelX personnel and affiliates with access to personal data. All stakeholders must comply fully with this policy.

bottom of page