Privacy Policy

EcoHikes · effective July 2026 · ecohikes.in

Draft for review. Written in plain language as the Digital Personal Data Protection Act, 2023 (DPDP Act) requires — notices must be clear, specific, and purpose-limited.

Last updated: [DATE]


EcoHikes ("we") operates ecohikes.in. This policy explains what personal data we collect, why, who sees it, how long we keep it, and your rights. It applies to the website, our booking and interest forms, and our WhatsApp/email communication with you.

Data Fiduciary: EcoHikes, [registered entity name and address], Visakhapatnam, Andhra Pradesh · [email] · [phone]

1. What we collect, and why

We collect only what each purpose needs, and we ask your consent at the point of collection.

When you book an experience

When you pay

Payments are processed by Razorpay. Your card/UPI/banking details go directly to Razorpay and its banking partners — we never see or store them. We receive only confirmation of payment and a transaction reference. Razorpay's own privacy policy applies to the payment step.

When you fill the Eco-circle interest form, contact form, or volunteer/join-us form

Name, contact details, and what you tell us about yourself — to respond, review applications, and invite you if selected.

When you buy or redeem a gift card

Purchaser and recipient name and contact — to issue and honour the card.

When you browse the website

Basic analytics (pages visited, device type, approximate location from IP) via [analytics tool — e.g. Wix Analytics/Google Analytics] to understand what content helps people. Cookies used for this are described in Section 6. We do not run third-party advertising trackers.

Photos and videos on experiences

Our team photographs and films experiences. We ask for your consent in the Participation Agreement before using images in which you are identifiable on our website, social media, or promotional material — and you can decline or withdraw at any time (Section 5) without affecting your participation.

2. What we never do

We do not sell or rent your personal data. We do not use your health information for anything except safety. We do not send marketing without an unsubscribe option.

3. Who we share data with

Only what each party needs:

Some processors (e.g. website hosting) may store data outside India; we use providers permitted under the DPDP Act's transfer rules.

4. How long we keep it

5. Your rights (DPDP Act, 2023)

You can, at any time, by writing to [privacy email]:

We respond within the timelines prescribed under the DPDP Rules.

6. Cookies

Essential cookies keep the site and booking flow working (no consent needed). Analytics cookies load only after you accept them via the cookie notice. You can clear or block cookies in your browser; the site keeps working, though forms may need re-entry.

7. Children

Bookings for participants under 18 are made by a parent/guardian, who provides consent for the minor's data as the DPDP Act requires. We do not knowingly collect data directly from children, and we do not use children's data for tracking or advertising.

8. Security

Data lives in access-controlled systems (website CMS, booking records); health information is restricted to those who need it for safety. Payment security is handled end-to-end by Razorpay (PCI-DSS compliant). No internet system is perfectly secure, but if a breach affecting you occurs we will inform you and the Data Protection Board as the law requires.

9. Grievance Officer

Name: Ravi Gutamentla (verify spelling) · Email: mail@ecohikes.in · Phone: +91 93465 66101 · Address: [address]

We acknowledge complaints within 48 hours and aim to resolve within 15 days.

10. Changes

We'll post updates here with a new "last updated" date; material changes will be flagged on the website or by email.

Talk to your trek lead