Privacy Policy

This policy applies to personal data processed when you access or use the Platform, communicate with us, or interact with listings, bookings, or host tools we offer. It is written primarily for individuals in India (“you”, “users”, “data principals”). If you access the Platform from elsewhere, additional local laws may also apply.

For personal data covered by this policy, the data fiduciary responsible is the legal entity operating MayaSTR in India. You may contact us for privacy questions through our Contact page. Please include “Privacy” or “Data protection” in your message so we can route it correctly.

If you publish a dedicated privacy inbox or statutory grievance officer details under Indian law, add those details here alongside your registered business name and Indian address.

“Personal data” means data about an individual who is directly or indirectly identifiable. This can include name, phone number, email address, account identifiers, payment-related metadata, stay and booking details, messages you send us, and technical identifiers such as device or browser information, where they can be linked to you.

4.1 You provide directly

• Contact and profile details when you register, log in, complete forms, or become a host (for example, name, email, phone).
• Booking and stay-related information needed to complete reservations (for example, guest count, dates, special requests, and similar details you choose to add).
• Content you upload or send (for example, messages to us, reviews if you submit them, or images if supported by the Platform).

4.2 Collected automatically

• Log and usage data such as approximate location from IP address, pages viewed, referral source, timestamps, and diagnostic data that help us operate and debug the service.
• Cookies and similar technologies (see below) that remember preferences or measure basic traffic.

4.3 From others

We may receive information from service providers that help us host the Platform, send email, process payments, verify accounts, or prevent fraud, strictly as needed to provide the service you requested.

We process personal data only where permitted by law, including:

• Consent, where we ask for it (for example, non-essential marketing cookies or optional communications), which you may withdraw in line with our cookie controls and unsubscribe options.
• Providing the service you request—creating and maintaining accounts, displaying listings, processing bookings, sending transactional notices, and customer support.
• Legal compliance and protection—responding to lawful requests, securing the Platform, preventing fraud or abuse, enforcing our terms, and protecting rights, safety, and property.
• Improvement and analytics—understanding how the Platform is used, improving features, and measuring performance using aggregated or de-identified information where appropriate.

We do not use sensitive personal data (such as health data) unless you voluntarily provide it and we have a clear, lawful basis to process it. Avoid sending unnecessary sensitive information in free-text fields.

We may share personal data with:

• Hosts and guests, to the extent needed to complete a booking or enquiry you initiate (for example, contact details or stay instructions you choose to share through the Platform).
• Service providers under written contracts that require them to protect data and use it only on our instructions (hosting, email delivery, analytics, payment partners if integrated).
• Authorities when we believe disclosure is required by applicable Indian law, court order, or governmental request, or to prevent harm.
• Business transfers—if we merge, are acquired, or sell assets, personal data may transfer as part of that transaction subject to confidentiality and notice requirements under law.

We do not sell personal data in the conventional sense of selling lists to unknown third parties.

We may use session and persistent cookies to keep you signed in (if applicable), remember preferences, and understand aggregated traffic. You can control cookies through your browser settings. Strictly necessary cookies may remain active for core functionality.

We keep personal data only as long as needed for the purposes above, including legal, tax, and accounting obligations, dispute resolution, and enforcement of agreements. When retention is no longer required, we delete or de-identify data in line with our internal policies and reasonable security practices.

We implement reasonable technical and organisational measures appropriate to the nature of the processing, including access controls, encryption in transit where standard for web traffic, monitoring, and vendor diligence. No online service can guarantee absolute security; please protect your credentials and notify us promptly of any suspected unauthorised access.

Depending on the final rules and notifications under the Digital Personal Data Protection Act, 2023, you may have rights such as:

• Access to personal data we hold about you, subject to lawful exceptions.
• Correction of inaccurate or incomplete data.
• Erasure where conditions under law are met.
• Nomination of another individual to exercise rights on your behalf in case of death or incapacity.
• Grievance redressal and escalation to the Data Protection Board of India as prescribed.

To exercise rights, contact us as described below. We may need to verify your identity before fulfilling a request. You may also have rights to withdraw consent for processing that is solely consent-based.

If we or our processors store or process personal data outside India, we will do so in compliance with Chapter V and related provisions of the Digital Personal Data Protection Act, 2023 and any government notifications on permitted territories or approved safeguards. We will update this section if our transfers materially change.

The Platform is not directed at children under 18. We do not knowingly collect personal data from children without verifiable parental consent where such consent is required by law. If you believe we have collected data from a child improperly, please contact us and we will take appropriate steps.

Grievance Officer (India)

Name and contact details to be published as per applicable law once finalised. Until then, please use the Contact page with subject line “Privacy grievance”.

We will acknowledge and address complaints in line with applicable timelines under Indian law once those timelines are fully notified. You may also have the right to approach the Data Protection Board of India as prescribed.

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last updated” date. Where the law requires, we will provide additional notice or obtain refreshed consent before we expand uses of your personal data.