Privacy Policy

Policy update Date: 22 Oct 2025

Website Covered: https://www.extravelmoney.com (the "Website")

Operator: ExTravelMoney Technosol Pvt Ltd ("ExTravelMoney", "we", "us", "our")

Contact / Grievance Handling (India DPDP)

George Zachariah, Grievance Officer,ExTravelMoney Technosol Pvt Ltd
Unit Nos: 7 & 8, Eighth Floor, Vismaya Infopark, Phase 1 Campus, Infopark-Kochi PO, Kakkanad, Ernakulam, Kerala, India – 682042
Email: hello@extravelmoney.com | Phone: 0484 2886900

Grievance timelines: we acknowledge within 48 hours and aim to resolve within 15 days. For execution-related issues, ExTravelMoney will coordinate with the executing Authorised Dealer (AD) on your behalf your escalation path remains within ExTravelMoney (see Section 20).

We don't sell your personal data. We also don't share it for cross-context behavioural advertising.

Welcome to ExTravelMoney.com ("Website"), operated by ExTravelMoney Technosol Pvt Ltd. We are committed to protecting your personal information and respecting your privacy.

1. Introduction

ExTravelMoney respects its users' privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Website and related communications channels (email, SMS, WhatsApp Business, and phone/IVR/PBX). By accessing the Website, you agree to this Policy. This Policy relies on your explicit consent captured during order placement for processing your data and sharing it with the listed Authorised Dealer(s) to fulfil your request. If you do not agree, please do not use the Website.

Details of our Authorised Dealer (AD) partners are listed on our Partners page.

This service is intended for individuals 18 years and older. If a parent/guardian books on behalf of a minor, the adult provides the minor’s data and the required consents and is responsible for the accuracy of that information.

We may update this Policy from time to time. Updates become effective when posted on this page.

2. Definitions

• Personal data: Information that identifies or can identify you (e.g., name, phone, email).
• Processing: Anything done with data - collecting, storing, using, sharing, deleting.
• Service providers/processors: Trusted companies we use to run parts of our service (e.g., hosting, payments).
• Applicable law: India's Digital Personal Data Protection Act, 2023 (DPDP) and other laws that apply.

3. What we collect

3.1 Personal information you provide

• Account & contact: Name, email, phone, address, date of travel.
• KYC & compliance: Images/e-copy of required KYC documents. Stored only in India (see Section 8) and shared only with the Executing Authorised Dealer (AD) for KYC/AML checks, comply with applicable laws and banking/AD requirements.
• Transactions: beneficiary name and address, bank details (account/IBAN/SWIFT), amount/ and currency type, source of funds proof details.
• Visa & Insurance: If you click through to a visa or insurance partner from our Website, you provide information directly to that partner on their forms. We do not collect, receive, or transfer your application data to those partners. visa-related details processed by our visa partner Visa2Fly, and insurance policy details processed by our insurance partner, ICICI Lombard.
• Communications: Emails, SMS (for OTPs/notifications), WhatsApp Business chats (orders & support), and call recordings (iPBX/IVR) for quality and dispute resolution.

3.2 Billing & invoice data (AD - issued)

We process billing and invoice information issued by the Executing Authorised Dealer (AD) to fulfil your order and meet tax/accounting obligations (e.g., customer name, contact details, invoice number/date, amount, exchange rate applied, and applicable taxes such as GST/TCS). These records are stored in India (see Section 8) and retained as required by law.

3.3 Payment information

We do not store card numbers, CVVs, or net-banking credentials. For gateway transactions, payments are processed by our payment gateway provider; ExTravelMoney receives limited payment metadata (e.g., payment ID, method type, masked account details/last 4 digits, amount, status, timestamps, and reconciliation/settlement identifiers) to route funds to the Executing AD, reconcile settlements, and process refunds.

3.4 Usage data & cookies

• Usage/Device: IP address, device information, geolocation (approx.), pages viewed, and logs.
• Analytics: We use Google Analytics to understand site usage. We do not send personally identifiable information to analytics tools.
• Cookies: Essential cookies (for sign-in/session/security) and analytics cookies. You can manage cookies in your browser. We currently do not run advertising/retargeting pixels and do not show a cookie banner; analytics collection is disclosed here.

3.5 Public comments (third-party social plugin)

Public commenting on our Website Blog is provided by a third-party social media comments plugin. ExTravelMoney does not collect or store your comment content or account details from that plugin. When you view or use comment areas:

• The plugin provider may collect and process data (e.g., your comment, displayed name/username, timestamps, IP address, cookies, logged-in status) under its own privacy policy and terms.
• Your comments (and displayed name/username) may be publicly visible and indexable by search engines.
• Please avoid posting sensitive personal information in public comments.

If you want a comment removed, please use the removal/report tools provided by the plugin provider. You may also contact us; where feasible, we can hide or remove embedded comment sections on our pages, but we do not control the provider's storage.

4. How we use your information

We use data to:

• Provide services: facilitate forex & remittance services; manage to add beneficiaries; enable rate alerts (if opted); refer & coordinate visa and insurance requests via partners; send order updates.
• Verify & support: identity/KYC checks, order verification
• Communications:place transaction-related calls (verification, clarifications, delivery coordination, fraud/security checks) and provide support for your ongoing order. Send OTPs/service updates via SMS, notifications/support via WhatsApp, email, and occasional promotional emails (with an unsubscribe option)
• Compliance & security: assist our licensed banking and forex partners in meeting their regulatory Know Your Customer (KYC) and Anti-Money Laundering (AML) obligations, including the verification of your identity and source of funds.
• Billing & accounting: process AD-issued billing/invoice information to fulfil your order, provide customer support, and comply with tax/accounting laws.
• Payments & reconciliation: use limited gateway/payment metadata to route funds to the Executing AD, reconcile and account for settlements, and handle refunds as described in the Terms of Use and Refund Policy.
• KYC/Tax compliance: Images/e-copy of required KYC documents y to meet legal, banking, and AD requirements (KYC/AML/FEMA, GST/TCS), to verify identity/purpose, and to facilitate your order with the Executing AD. We do not use these IDs for marketing or profiling.
• Improve: Analyse usage, maintain and enhance Website performance and reliability.
• Communicate marketing: occasionally email promotional content and offers. You can unsubscribe anytime via the link in those emails.

Automated checks: We may run automated risk and fraud checks. No solely-automated decisions with legal or similarly significant effects are taken without human review.

5. Lawful bases/grounds (summary)

We process data under grounds such as: to perform a service you requested, comply with applicable Indian laws and to support our regulated partners in fulfilling their legal KYC/AML compliance obligations.

6. Sharing & disclosure

We do not sell personal data. We may share information as follows:

• With service providers (categories):
  • Payments (process transactions and refunds)
  • Hosting/CDN & infrastructure (Website operation, storage, backups)
  • SMS/Email/WhatsApp (OTP, alerts, support, limited marketing)
  • Analytics & monitoring (site performance and usage)
  • KYC/eSign (identity verification, document signing)
  • PBX/IVR (call handling and recordings)
• With our licensed banking and regulated forex partners: where required to complete forex transactions and for those partners to perform their own KYC and Anti-Money Laundering (AML) checks, including verifying your identity and source of funds, as mandated by law.
• For legal reasons: to comply with laws, regulations, government requests, court orders; to enforce our terms; to protect rights, security, and property of users and ExTravelMoney.
• Business transfers: in a merger, acquisition, or asset sale, data may transfer subject to this Policy.

Scope of sharing: We do not share personal data with any third party other than: (i) the Authorised Dealer(s) you select to execute your forex/remittance order, and (ii) service providers acting as processors under our instructions (e.g., hosting/CDN for non-PII assets, email/SMS delivery, IVR/telephony). We do not disclose personal data to visa or insurance partners; if you access those services, you provide information to them directly. Testimonials and reviews are handled as described in Section 10 (Marketing & testimonials).

We require service providers to protect your information and use it only for the instructed purposes.

7. Restrictions on Use of Customer Data

We limit the collection and use of customer data strictly to what is necessary for providing and improving our services.

• Personal data will be used only for the purposes described in this Policy or as required by law.
• We do not sell, lease, or trade customer data.
• We do not use personal information for marketing or profiling without consent.
• Access to customer data is restricted to authorized employees and partners who need it to perform their work.
• All employees handling customer data are bound by confidentiality agreements and subject to disciplinary action for violations.
• Third-party service providers are contractually bound to use the data solely for the purpose of delivering their service to ExTravelMoney and must maintain comparable privacy and security standards.

8. International data transfers

We store personal data, including identity and contact details, KYC documents, beneficiary/transaction records, chat transcripts, and call recordings, only on servers physically located in India. Backups are also stored in India. We do not maintain or permit persistent storage of personal data outside India. However, certain service providers that assist us in operating our Website, such as content delivery networks, analytics, email delivery, and messaging platforms. They may process data on servers located in other countries.

These providers operate under industry-standard contractual and technical safeguards, including encryption, secure transfer protocols, and internationally recognised data protection frameworks such as the Standard Contractual Clauses (SCCs) adopted under the GDPR.

We rely on these providers' certified security and compliance programs (including ISO 27001 and GDPR adherence) to ensure appropriate protection for personal data that may be transferred or processed outside India.

ExTravelMoney itself does not maintain servers or storage systems outside India.

9. Contests, Surveys & Promotions

From time to time, we may run optional contests, giveaways, or surveys. If you participate, we process the information you provide (e.g., name, contact details, entries/responses) to administer the activity, verify eligibility, prevent abuse, contact winners, and comply with legal obligations (such as required announcements or tax disclosures). Participation is voluntary and subject to the specific terms communicated at the time. We may publish winners' names and cities where required by law or promotion rules.

10. Marketing & Testimonials

• Internal feedback (not publicly available): If you share feedback with us privately (e.g., through our forms, chats, calls), we will publish it only with your permission. We may use limited information such as your name, city, or testimonial text on our Website, social media pages, or marketing materials to highlight customer experiences.
• Public reviews (e.g., Google Business Profile, Trustpilot): We may reproduce or reference publicly available reviews for marketing or on our Website without seeking additional permission, consistent with the review platform’s terms and applicable law. When we do so, we display only what is publicly shown (e.g., your display name, city if shown, review text) and, where feasible, include attribution to the platform.
• Edits & removal:We may make light edits for grammar or length without changing the meaning. If you want us to stop displaying your public review on our channels (outside the original platform), email care@extravelmoney.com and we’ll remove it where feasible. Removal from the original review platform must be requested on that platform.

We do not edit or modify your submitted testimonials other than for grammar or length, and we remove any testimonial upon verified request from the individual concerned.

11. User Content & Public Areas

Information you post in public areas of the Website (including comments rendered by third-party plugins) is public and may be indexed by search engines. Do not share sensitive personal data in public posts. We may moderate or hide embedded comment sections on our pages; however, storage and primary moderation tools are provided by the plugin provider.

12. Data retention

We keep data only as long as needed for the purposes described or as required by law:

• KYC & transaction records (our systems): retained for 180 days, then deleted.
• Note: Regulated Forex partners who execute the actual transaction may retain KYC/transaction data under their own policies and laws.
• Payment gateway transaction metadata & reconciliation records: retained for the legal record-keeping period required for accounting/tax and payment scheme rules, then deleted or anonymised.
• Account/profile & support records: for the life of your account + 3 years (or earlier if not needed and not legally required).
• Call recordings & WhatsApp chats: 12 months.
• Marketing email lists & consent logs: 3 years after last activity or until you unsubscribe, whichever is earlier.
• Analytics: retained and archived per Google's own policies; we do not control Google's internal retention.

13. Data Destruction & Secure Disposal

When personal data is no longer required for the purposes stated in this Policy or for compliance with legal obligations, it is securely destroyed or anonymized.

• Digital data is deleted using secure erasure methods that make recovery impossible.
• Backup copies are automatically overwritten or purged within the standard retention window of our cloud systems.
• Paper records (if any) containing personal data are shredded or incinerated under supervision.
• Upon termination of relationships with service providers or partners, we ensure that all shared data is deleted or returned in accordance with contractual agreements.
• Records of deletion are maintained for audit and compliance purposes.

14. Security

We use a combination of administrative, technical and physical measures to protect personal data, including:

• Transport & session security: HTTPS/TLS (1.2+) everywhere, HSTS, secure cookies, login/OTP protections, rate-limiting and bot/WAF controls.
• Encryption at rest: Data and backups encrypted at rest; keys managed in India.
• Access control:Role-based access and least privilege, MFA for staff/admins, quarterly access reviews, device hardening and endpoint protection for staff systems.
• Application & infra: Code/dependency reviews, vulnerability scanning/pen-tests, secrets management, separate staging/production, change logs.
• Payment securityvia our PCI-DSS compliant payment gateway (we don’t store card/bank details)
• Backups & DR: Encrypted backups stored in India; periodic restore tests.
• Monitoring & logging:Centralized monitoring, alerts for suspicious activity, audit trails for access/actions.
• People & process:Employee confidentiality, security awareness training (incl. phishing/data-handling), vendor due-diligence and contracts that bind processors to our security and India-residency requirements.
• Opt-out controls: We maintain and honor an SMS/Email opt-out/suppression list and apply it before sending promotional messages.

Your data security is our top priority. We are committed to safeguarding your information through encryption technologies, secure servers, and regular updates to our security protocols to ensure your information remains safe.

15. Security Incident & Breach Response

We maintain a structured protocol for detecting, reporting, and responding to data breaches or security incidents.

• Detection & Monitoring: Automated and manual systems monitor network activity for potential breaches or unauthorized access.
• Containment: If a breach is detected, affected systems are isolated and secured to prevent further compromise.
• Investigation: Our technical and compliance teams assess the scope, cause, and impact of the incident.
• Notification: If personal data is impacted, we notify affected users and any relevant counterparties (e.g., the Executing AD if shared data is involved), and regulatory authorities as required by applicable Indian law or contract. Notifications are made via email/phone or other appropriate channels and describe what happened, what we are doing, and recommended user actions.
• Remediation: Corrective measures are implemented to strengthen security controls and prevent recurrence. We patch vulnerabilities, harden controls, and recover systems/data from clean backups where needed.
• Post-incident review: All incidents are logged, reviewed, and reported to senior management for accountability and improvement.

16. Your choices & rights

16.1 Access, correction, deletion

You can request access, correction, or deletion of your personal data by emailing care@extravelmoney.com.

• We will verify your identity using your registered email and/or OTP to your registered mobile.
• We will delete marketing/account/support data unless we must retain it for legal or operational reasons.
• KYC/transaction data may be retained for the legal retention period stated above. Regulated Partners who executed the transaction may retain their own copies under their policies.
• Minors’ data (provided by an adult): Where a parent/guardian has provided a minor’s personal data to place an order, the parent/guardian may exercise access/correction/deletion requests on the minor’s behalf, subject to legal KYC/record-keeping requirements.

16.2 Marketing & communication choices

• Email: Unsubscribe from promotional emails any time using the link in those emails. Service/transactional emails (OTPs, order updates) will continue as needed.
• WhatsApp: To stop WhatsApp notifications/support, reply on WhatsApp or email care@extravelmoney.com and we’ll discontinue WhatsApp messages for your number.
• SMS: We send OTPs and essential service updates. We may also send occasional promotional SMS to numbers you’ve provided to us during service interactions. Every promotional SMS includes an easy opt-out (reply STOP or email us). We maintain an opt-out/suppression list and respect applicable telecom preferences. OTPs/service updates are necessary for certain features and cannot be opted out of while using those features.
• Calls: We do not make promotional/telemarketing calls. Calls are used only for order/service purposes and may be required to complete your transaction.

16.3 Cookies & analytics

You can manage or delete cookies via your browser settings. Disabling cookies may affect some features. We currently use analytics only and no ad pixels.

16.4 Explicit consent for processing & sharing

At order placement, we obtain your explicit consent to collect and use the personal data you provide and to share it with the listed Authorised Dealer(s) (AD Cat-I/AD Cat-II/FFMC) solely to process your forex/remittance request and to meet KYC/AML requirements under Indian law. You may withdraw this consent at any time by emailing care@extravelmoney.com. Upon verified withdrawal, we will stop optional processing and, where feasible, instruct our processors to cease further use, subject to legal/operational retention obligations (for example, statutory record-keeping). Sharing required by law or a regulatory authority may continue irrespective of consent.

17. EU/UK GDPR add-on (visitors from the EU/UK)

Although our services are provided in India, visitors from the EU/UK have certain rights under GDPR/UK GDPR, including: access, rectification, erasure, restriction, objection, and data portability (in certain cases). Where we rely on consent, you can withdraw consent at any time.

To exercise rights, contact care@extravelmoney.com. We may ask for identity verification and may decline requests where an exemption applies (e.g., legal retention).

18. Third-party sites & services

Our Website may link to third-party sites or services (e.g., banks, AD2s, visa and insurance partners, universities, social comments plugin). Their privacy practices are their own. Please review their policies.

19. Changes to this Policy

We may modify this Policy at any time. Changes take effect upon posting on this page. Please review periodically for updates.

20. Contact & grievance

For questions, requests, or complaints about your personal data or our service, contact our Grievance Officer (Privacy & Service):

George Zachariah, Grievance Officer, ExTravelMoney Technosol Pvt Ltd
Unit Nos: 7 & 8, Eighth Floor, Vismaya Infopark, Phase 1 Campus, Infopark-Kochi PO, Kakkanad, Ernakulam, Kerala, India – 682042
Email: hello@extravelmoney.com | Phone: 0484 2886900

Acknowledgement & resolution timelines: We acknowledge within 48 hours and aim to resolve within 15 days.

Role of the Grievance Officer:The Grievance Officer is responsible for receiving and addressing user complaints related to the services as a third-party aggregator hosted or linked through their customer acquisition platforms. This includes investigating reported issues, coordinating with the concerned regulated AD1/AD2 license holders, ensuring compliance with applicable regulations, and resolving user grievances within prescribed timelines.

Scope:

• Privacy / DPDP: access, correction, deletion, consent withdrawal, or questions about how we process data
• Service / order issues: order status, charges/fees shown by the AD, FX rate quoted by the AD, time to credit, beneficiary/account problems.

How to Lodge a Grievance:Users can submit their grievances by emailing them to the Grievance Officer with the following details:

1. Name and contact information (Email & Contact Number) of the complainant
2. Description of the service issue or grievance
3. Relevant order number/documents/screenshots supporting the complaint

Escalation path (if not satisfied):

1. ExTravelMoney Support (use the contacts above).
2. Grievance Officer

We coordinate with the executing Authorised Dealer (AD) as needed to resolve execution-related issues; your escalation path remains within ExTravelMoney.

About ExTravelMoney.com: ExTravelMoney.com is an online platform that lets customers compare and place forex or remittance orders with RBI-licensed money changers and authorised dealers. We only provide the interface and customer support for order placement — all foreign exchange related transactions are executed directly by the authorised dealers (AD-I/AD-II), not by ExTravelMoney itself.