Privacy Policy

Effective and Last Updated: August 20, 2025

Introduction

ThrillTime ("Platform", "we", "us", or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy describes how we collect, use, maintain, and disclose information when you use our website and booking services for adventure activities and experiences.

IMPORTANT: We are a booking facilitation platform that connects customers with independent activity providers and vendors. We do not directly provide adventure activities, experiences, or entertainment services. All activities are provided by independent vendors/operators who are solely responsible for their services, safety standards, age restrictions, and service delivery.

This Privacy Policy applies to information collected through our website, mobile applications (if any), and related services. By using our Platform, you consent to the collection and use of your information as described in this policy.

Information We Collect

Personal Information You Provide: When you use our Platform, we may collect personal information including account information such as full name, email address, mobile phone number, encrypted password, profile preferences, and communication preferences (account creation is optional). For booking purposes, we collect primary booker's name and contact information, activity preferences and selections, booking dates and times, number of participants, special requirements or requests, emergency contact information when required, and payment information processed securely through Razorpay.

We also collect communication information including customer service inquiries via email, phone support conversations and recordings for training and quality purposes, feedback and suggestions, and survey responses when provided. Future features not currently active may include reviews and ratings for activities as a planned feature, and user-generated content and photos.

Information Collected Automatically: We automatically collect technical information including IP address and general location data, browser type and version, operating system and device information, pages visited and time spent on our Platform, referral sources and search queries, and click-through patterns and user behavior.

Analytics and tracking data may include Google Analytics data if implemented, website performance metrics, user interaction patterns, and conversion tracking for bookings. We use cookies and similar technologies including essential cookies for Platform functionality, preference cookies for user settings, analytics cookies if analytics tools are implemented, and session management cookies.

How We Use Your Information: We use collected information for primary platform services including booking facilitation to process and manage your activity bookings with vendors, payment processing to facilitate secure payments through Razorpay and other payment partners, communication to send booking confirmations, activity details, and important updates, customer support to respond to inquiries via email, and safety information to communicate age restrictions, medical warnings, and safety requirements.

For platform improvement and analytics, we analyze usage patterns to improve our Platform functionality, understand user preferences for better activity recommendations, test and develop new features and services, and conduct research on user behaviour and market trends.

With your consent, we use information for marketing and promotion including sending promotional offers about new activities and special deals, email newsletters about exciting activities and Platform updates, targeted recommendations based on your activity interests, and promotional communications (you can opt-out anytime).

For legal, safety, and security purposes, we comply with legal obligations and regulations, prevent fraud and ensure Platform security, enforce our Terms of Service and vendor agreements, protect user safety and maintain Platform integrity, and maintain records for business and legal purposes.

Information Sharing and Disclosure

With Activity Providers and Vendors: When you make a booking, we share necessary information with the relevant activity provider including primary booker's name and contact information, booking details (activity, date, time, number of participants), special requirements, medical considerations, or accessibility needs, payment confirmation status (not actual payment details), and emergency contact information when required for safety.

Important Note: Activity providers are independent businesses operating under their own privacy practices. We require them to protect your information, but recommend reviewing their individual privacy policies for activities involving additional data collection.

With Service Providers and Partners: For payment processing, we work with Razorpay and other secure payment gateways for transaction processing. We do not store complete credit/debit card information on our systems and payment data is processed according to PCI DSS standards.

For technology and platform services, we work with web hosting providers for Platform infrastructure, cloud storage services for data backup and security, email service providers for transactional and marketing communications, customer support platforms for managing inquiries, and analytics services like Google Analytics if implemented for Platform improvement.

Communication services include SMS service providers for booking confirmations and updates, email marketing platforms with your explicit consent, and phone service providers for customer support where calls may be recorded.

Legal and Regulatory Requirements: We may disclose information when required by law or to protect our legitimate interests including legal processes, court orders, or government requests, law enforcement investigations or regulatory compliance, protection of our rights, property, users, or public safety, prevention of fraud, illegal activities, or Platform abuse, and compliance with Indian data protection and privacy laws.

For business operations, in case of business merger, acquisition, or sale of assets, user information may be transferred as part of business assets. We may also share with professional advisors (lawyers, accountants) under confidentiality agreements and with insurance providers for business protection and liability coverage.

Data Security and Protection

We implement comprehensive security measures to protect your information through technical safeguards including SSL/TLS encryption for all data transmission, secure data storage with restricted access controls, regular security audits and system updates, PCI DSS compliant payment processing, and firewall protection and intrusion detection.

Administrative safeguards include limited employee access to personal information on need-to-know basis, employee training on data protection and privacy practices, comprehensive privacy and security policies, incident response procedures for data breaches, and regular review and update of security practices.

Physical safeguards include secure data centers with controlled access, environmental protection for servers and systems, and backup and disaster recovery procedures.

Your Privacy Rights and Choices

Account and Data Control: You have the right to review and update your account information anytime, request copies of personal information we hold about you, update or correct any inaccurate personal information, request deletion of your personal information (subject to legal retention requirements), and request your data in a portable format.

Communication and Marketing Preferences: You can unsubscribe from promotional communications using the unsubscribe link in marketing emails. However, you cannot opt-out of essential booking and account-related communications. You may request to be removed from phone marketing calls and reply STOP to opt out of SMS marketing messages.

Cookie and Tracking Management: You can control cookies through your browser preferences, use browser settings or analytics opt-out tools, and we respect browser Do Not Track settings where technically feasible. When available, you can manage preferences through your account settings.

Data Retention Policies

We retain your information only as long as necessary for legitimate business purposes. Active accounts are retained until you delete your account or request deletion, while inactive accounts are deleted after 3 years of complete inactivity.

Booking details are retained for 3 years for business records and legal compliance, payment transaction logs are retained as required by payment processors and financial regulations, and customer support records are retained for 2 years from last interaction.

Legal and safety records are retained as mandated by applicable laws, safety incident reports are retained for 5 years for liability and insurance purposes, and fraud prevention data is retained as needed for security and fraud prevention.

Age Restrictions and Parental Responsibility

Our Platform is intended for users 18 years and older for making bookings. Many activities have specific age requirements that are clearly stated in activity descriptions, included in booking confirmation emails with age and safety warnings, and verified at the activity venue, not during online booking. Participants may be denied service at the venue if they do not meet age requirements.

Parents/guardians are responsible for ensuring participants meet activity requirements, and refunds for age-related denials at venues are subject to individual vendor policies. Parents must supervise minor participants and ensure they understand safety requirements. We are not responsible for refunds if participants are denied service due to age restrictions that were clearly communicated.

Cookies and Tracking Technologies

We use strictly necessary cookies required for basic Platform functionality and security, preference cookies to remember your settings and enhance user experience, analytics cookies to help us understand how users interact with our Platform if implemented, and marketing cookies to support promotional activities with your consent.

We may integrate with third-party services that use cookies including Google Analytics for website traffic analysis if implemented, payment processors for secure transaction processing, and email marketing platforms for promotional communications. Most browsers allow you to control cookie settings, and you can use industry-standard opt-out mechanisms for analytics and advertising or manage preferences through your account settings when available.

Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our business practices or Platform features, updates to legal or regulatory requirements, introduction of new services or technologies, and user feedback and privacy best practices. We will notify you through email notifications to registered users for material changes and updated "Last Modified" date at the top of this policy. Your continued use of our Platform after policy updates constitutes acceptance of the revised terms.

Platform Limitations and Disclaimers

Our Role as Booking Facilitator: We have limited responsibility as we facilitate bookings but do not provide the actual activities. Activity providers are independent contractors, not our employees. We do not guarantee the quality, safety, or performance of vendor services, and participants engage in activities at their own risk.

Third-Party Services and Links: Our Platform may link to vendor websites with different privacy practices, and we are not responsible for external website privacy policies. Payment processors and other integrated services have their own terms.

Data Processing Limitations: We are not liable for data loss due to technical failures beyond our control, cannot control how vendors handle your information after booking, and we primarily operate in India but may use international service providers.

Contact Information and Support

For privacy-related questions, concerns, or requests:

Privacy and Data Protection:

• Email: privacy@thrilltime.in
• Response Time: We aim to respond within 7 business days
• Data Requests: Include specific details about your request for faster processing

General Customer Support:

• Email: support@thrilltime.in
• Response Time: Email responses within 24-48 hours

Escalation Process: If you're not satisfied with our initial response, you may escalate privacy concerns to our management team by marking your email as "Privacy Escalation."

Grievance Redressal: If you have any complaints regarding processing of your personal data, you may contact our

• Grievance Officer Name: Piyush Bansal
• Email: grievance@thrilltime.in
• Response Time: We acknowledge complaints within 24 hours and aim to resolve within 15 days.

Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India, including the Information Technology Act 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011, the Consumer Protection Act 2019, and other applicable Indian privacy and data protection laws. Any disputes arising from this Privacy Policy will be subject to the exclusive jurisdiction of courts in Mathura, India.

Your Consent and Agreement

By using ThrillTime, you acknowledge that you have read, understood, and agree to the collection and use of your information as described in this policy, the sharing of your information with activity vendors for booking fulfillment, the transfer of your information to our service providers and partners, the processing of your information for the purposes outlined above, and receiving essential communications related to your bookings and account.

You may withdraw your consent at any time by deleting your account where applicable, contacting us to request data deletion, or opting out of marketing communications. Note that withdrawal may limit your ability to use certain Platform features. You cannot opt-out of essential booking confirmations, safety notifications, and account security communications.

This Privacy Policy is effective as of the date listed above. We encourage you to review it periodically for any updates. If you have questions about this policy or our privacy practices, please contact us using the information provided above.