Privacy Policy

Go Waya Tech Private Limited ("Away", "we", "us", or "our") operates the Away platform accessible at heyaway.ai and associated mobile applications (collectively, the "Platform"). This Privacy Policy explains how we collect, use, store, share, transfer, and protect your personal data when you use our travel services.

By accessing or using our Platform, you acknowledge this Privacy Policy. If you do not agree with this policy, you should not use the Platform.

• This policy applies to website visitors, app users, registered customers, and travellers whose bookings are made through our Platform.

• This policy covers data collected directly from you, from your use of the Platform, and from suppliers or partners involved in processing bookings.

• Supplier systems (airlines, hotels, insurers, etc.) may have their own privacy notices; those notices apply to supplier-controlled processing.

• Booking Fulfilment: To search, reserve, issue, manage, and service travel bookings, cancellations, and modifications.

• Customer Support: To assist with booking questions, schedule changes, refunds, and grievance handling.

• Personalisation: To display relevant destinations, offers, and recommendations based on your preferences and usage patterns.

• Payments and Reconciliation: To process payments, refunds, chargebacks, and transaction reconciliation with suppliers and payment partners.

• Legal and Regulatory Compliance: To meet legal obligations, including tax, audit, reporting, and law-enforcement requests where applicable.

• Security and Abuse Prevention: To detect and prevent fraud, account misuse, abnormal activity, and platform abuse.

• Marketing Communications: To share offers and updates where permitted. You can opt out of promotional communications at any time.

We process personal data in accordance with applicable data protection law, including the Digital Personal Data Protection Act, 2023 and relevant rules, based on:

Our privacy program is structured around Indian law and operations. We do not adopt GDPR as the governing privacy framework for this Platform, and GDPR-specific rights are not offered except where mandatory law requires otherwise.

• Your consent for specified purposes, including optional marketing communications and certain device permissions.

• Performance of services requested by you, including booking fulfilment and support operations.

• Legitimate uses and legal obligations, including fraud prevention, dispute resolution, tax compliance, and regulatory reporting.

Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect processing already carried out before withdrawal.

You can manage cookies through browser settings and, where available, consent controls on our Platform. Disabling some cookies may impact functionality.

We do not sell your personal data. We may share your data with:

• Travel Suppliers and Partners: Airlines, hotels, transport providers, insurers, and activity operators for booking fulfilment.

• Booking and Distribution Systems: GDS, consolidators, and reservation networks that process or relay travel inventory and booking data.

• Payment and Banking Partners: Payment gateways, banks, fraud prevention tools, and settlement partners.

• Service Providers: Cloud hosting, communications, analytics, customer support, and operational vendors under contractual safeguards.

• Government and Regulatory Authorities: Where required by law, immigration rules, court orders, or lawful official requests.

• Corporate Transactions: In connection with merger, acquisition, restructuring, financing, or sale of business assets.

We use automated and manual controls to identify suspicious activity, prevent payment fraud, secure accounts, and protect the Platform. This may include risk scoring, velocity checks, and verification workflows.

Where necessary, we may request additional information to confirm account ownership or payment validity. We may share relevant data with payment partners and law enforcement where legally required.

As a travel platform, we may transfer personal data across jurisdictions, including to countries where airlines, hotels, or service providers are located. Such transfers are performed only for permitted purposes and with safeguards required under applicable law.

• Encryption in transit (TLS or SSL) and security controls for systems and access.

• Role-based access controls and periodic audit and monitoring practices.

• Secure development and vulnerability management processes.

• Incident response procedures for security events.

No method of transmission or storage is completely risk-free, and we cannot guarantee absolute security.

After the relevant retention period, data is deleted, anonymised, or de-identified unless further retention is required by law.

Subject to applicable law, you may have the right to:

• Access and Summary: Request a summary of personal data processed by us.

• Correction and Update: Request correction of inaccurate or incomplete personal data.

• Erasure: Request deletion of personal data, subject to legal retention requirements.

• Withdraw Consent: Withdraw consent for specific processing where consent is the legal basis.

• Marketing Opt-Out: Unsubscribe from promotional messages at any time.

• Nomination and Grievance: Nominate an authorised person as permitted by law and raise grievances through the channels listed below.

To exercise rights, contact us at support@heyaway.ai. We aim to respond within 30 days, subject to legal timelines and request complexity.

Our Platform is not intended for children under 18. We do not knowingly collect personal data from children without appropriate authorisation where required by law. If you believe a child has provided personal data to us, please contact us so we can review and take appropriate action.

Our Platform may include links to third-party websites, apps, and services. We are not responsible for third-party privacy practices. We encourage you to review their privacy notices before sharing personal data.

We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. Material updates will be communicated through the Platform or other appropriate channels. Your continued use of the Platform after updates become effective means you accept the revised policy.

For privacy-related complaints or escalation under applicable Indian law, you may contact our Grievance Officer using the details below. Please include relevant account and booking references.

If you have questions about this policy or our data practices, contact us: