Privacy Policy

Last updated: 1 March 2026

1. Introduction

Quests.Travel ("we", "us", "our", or the "Company") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, store, disclose, and safeguard information when you access or use our website located at quests.travel (the "Site"), subscribe to our newsletter, or otherwise interact with our services (collectively, the "Services").

This policy is published in compliance with the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDPA") of India. Where applicable, we also endeavour to comply with the General Data Protection Regulation ("GDPR") of the European Union for users located in the European Economic Area ("EEA").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not access or use the Services.

2. Data Controller

For the purposes of applicable data protection legislation, the data controller is:

Quests.Travel
Mumbai, Maharashtra, India
Email: marketing@quests.travel

3. Information We Collect

3.1 Information You Provide Directly

  • Newsletter subscription data: first name, last name, email address, and phone/WhatsApp number when you subscribe to our newsletter.
  • Survey responses: any information you voluntarily provide through surveys or feedback forms we may present from time to time.
  • Communications: any information you include in correspondence when you contact us by email or other means.

3.2 Information Collected Automatically

  • Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, and language preference.
  • Usage data: pages visited, time and date of access, time spent on pages, click-through data, referral URLs, and navigation paths, collected via Google Analytics 4 ("GA4").
  • Cookies and similar technologies: we use cookies and local storage to facilitate essential Site functionality and analytics. Please refer to our Cookie Policy for comprehensive details.

3.3 Information from Third Parties

  • Newsletter platform: Beehiiv may provide us with aggregated engagement data such as open rates, click rates, and subscription status changes related to your newsletter subscription.
  • UTM and referral data: campaign source, medium, campaign name, and referring site URL captured from link parameters when you arrive at the Site.

4. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Consent: when you voluntarily provide your information (e.g., subscribing to the newsletter or completing a survey). You may withdraw consent at any time.
  • Contractual necessity: to deliver the newsletter and Services you have requested.
  • Legitimate interests: to improve our Services, analyse usage patterns, ensure security, and prevent fraud, provided such interests are not overridden by your data protection rights.
  • Legal obligation: where processing is necessary to comply with applicable laws, regulations, or court orders.

5. How We Use Your Information

We use the information collected for the following purposes:

  • To deliver our newsletter and travel intelligence content to your email and/or WhatsApp.
  • To manage your subscription, including confirming sign-up, processing unsubscribe requests, and handling tier changes.
  • To personalise your experience and tailor content to your interests.
  • To analyse website traffic, usage patterns, and engagement to improve the quality and relevance of our Services.
  • To respond to your enquiries, feedback, or survey submissions.
  • To detect, prevent, and address technical issues, fraud, or security threats.
  • To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
  • To enforce our Terms of Use and protect the rights, property, or safety of Quests.Travel, our users, or the public.

6. Disclosure of Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your data in the following limited circumstances:

6.1 Service Providers

We engage trusted third-party service providers who process data on our behalf, subject to contractual obligations of confidentiality and data protection:

  • Beehiiv Inc. — newsletter delivery, subscription management, and email analytics.
  • Google LLC (Google Analytics 4) — website analytics and usage tracking.
  • Vercel Inc. — website hosting, edge delivery, and serverless infrastructure.
  • MongoDB Inc. (MongoDB Atlas) — cloud database hosting and data storage.

6.2 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a lawful request.

6.3 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction, subject to the acquirer being bound by the terms of this Privacy Policy.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside India, including the United States, where our service providers operate. These countries may have data protection laws that differ from those in India. When we transfer data internationally, we take appropriate safeguards to ensure that your information receives an adequate level of protection, including relying on standard contractual clauses, adequacy decisions, or the service provider's privacy certifications where applicable.

8. Data Retention

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected:

  • Active subscribers: your data is retained for the duration of your active subscription.
  • Unsubscribed users: upon unsubscribing, your personal data is retained for up to 24 months to allow for re-subscription, maintain audit trails, and fulfil legal compliance obligations, after which it is anonymised or deleted.
  • Analytics data: aggregated and anonymised analytics data may be retained indefinitely as it cannot be used to identify you.
  • Webhook and audit logs: retained for up to 36 months for debugging, security investigation, and compliance purposes.

You may request earlier deletion of your data at any time by contacting us (see Section 12 below). Upon receiving a valid deletion request, we will delete or anonymise your personal data within 30 days, except where retention is required by law or for the establishment, exercise, or defence of legal claims.

9. Data Security

We implement reasonable technical, administrative, and organisational security measures designed to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include but are not limited to:

  • Transport Layer Security (TLS/HTTPS) encryption for all data transmitted between your browser and our servers.
  • Encryption at rest for database storage via MongoDB Atlas.
  • Role-based access controls limiting who can access personal data.
  • API key authentication and webhook signature verification for backend integrations.
  • Regular security assessments and dependency audits.

Notwithstanding the foregoing, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with applicable law.

10. Your Rights

Depending on your location and applicable law (including the DPDPA, GDPR, and other jurisdictional frameworks), you may have the following rights regarding your personal data:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data, subject to legal retention requirements.
  • Right to restrict processing: request that we limit the processing of your data in certain circumstances.
  • Right to data portability: request that your data be provided in a structured, machine-readable format (where technically feasible).
  • Right to object: object to the processing of your data based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out prior to withdrawal.
  • Right to unsubscribe: you may unsubscribe from our newsletter at any time by clicking the unsubscribe link included in every email we send.

To exercise any of these rights, please contact us at marketing@quests.travel. We will respond to your request within 30 days, or within the timeframe prescribed by applicable law. We may request verification of your identity before processing your request.

11. Children's Privacy

Our Services are intended for business professionals and are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected personal data from a person under 18, we will take prompt steps to delete such information. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

12. Grievance Redressal

In accordance with the IT Act and the SPDI Rules, we have designated a Grievance Officer to address any concerns or complaints regarding the processing of your personal data. You may contact the Grievance Officer at:

Email: marketing@quests.travel
Subject line: "Privacy Grievance"

We shall endeavour to resolve your grievance within 30 days of receipt. If you are not satisfied with our response, you may escalate your complaint to the appropriate regulatory authority or the Data Protection Board of India, as applicable.

13. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, provide additional notice (such as a statement on our Site or a notification to your email address). Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

14. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of India, including but not limited to the Information Technology Act, 2000, the SPDI Rules, 2011, and the Digital Personal Data Protection Act, 2023. Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts in Mumbai, Maharashtra, India.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Quests.Travel
Email: marketing@quests.travel
Website: quests.travel