Privacy Policy

Last updated on Mar 29 2026

This privacy policy sets out how EXPATLY FINANCIAL SERVICES PRIVATE LIMITED ("Expatly", "we", "us", or "our") uses and protects any information that you provide when you use our website at expatly.in and/or our mobile application ("Expatly App") available on Android and iOS.

EXPATLY FINANCIAL SERVICES PRIVATE LIMITED is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement.

EXPATLY FINANCIAL SERVICES PRIVATE LIMITED may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are aware of any changes.

Information We Collect

We may collect the following information through our website and mobile application:

  • Name and contact details — including email address, phone/WhatsApp number
  • Date of birth — for identity verification purposes
  • Passport details (optional) — passport number, nationality, and expiry date, collected only when required for flight or hotel bookings
  • Demographic information — such as city, preferences and travel interests
  • Travel history — records of past bookings and trips made through the platform
  • Chat messages — conversations with the Expatly AI travel assistant, stored to maintain context across sessions
  • Booking and transaction data — details of services you book through our platform
  • Payment information — processed securely via our payment partners; we do not store card details on our servers
  • Device push notification tokens — collected via Expo to deliver booking confirmations and service updates
  • Device information — device type, operating system, app version
  • Crash and error data — diagnostic reports (including user ID, email, and device information) captured automatically when the app encounters an error, to help us identify and fix issues
  • Other information relevant to customer surveys and/or offers

Mobile App Permissions & Data

When you use the Expatly mobile application, we request the following device permissions and collect associated data:

  • Location (Precise GPS): Used to suggest nearby cab pickup points, show relevant experiences in your city, and provide location-based services. Location is collected only when the app is actively in use and you have granted permission.
  • Camera: Used to capture passport and visa documents during onboarding for travel KYC verification. Photos are uploaded securely to our servers and are not shared with third parties except as required for verification or by law.
  • Photos / Storage: Used to allow you to select existing photos of identity documents from your device gallery for upload.
  • Calendar: Used to sync your travel itinerary with your device calendar so you receive reminders for upcoming bookings. We do not read, store, or share your personal calendar events.
  • Microphone: Used by the AI travel assistant to accept voice input. Voice is converted to text on your device and sent to Google Gemini for processing. No audio recordings are stored by Expatly or transmitted beyond the on-device speech-to-text conversion.
  • Biometric Data: Used solely for device-level authentication (fingerprint or face unlock) to secure access to the app. Biometric data is processed entirely on your device by the operating system and is never transmitted to or stored on our servers.
  • Push Notifications: We send booking confirmations, travel reminders, and service updates via push notifications. We collect your device push notification token (via Firebase Cloud Messaging) to deliver these messages. You may disable notifications at any time through your device settings.
  • Identity Documents (Passport & Visa): Images of your travel documents are collected for KYC verification and stored securely. These documents are not shared with third parties except as required by applicable law or for the specific service you have requested.

What We Do With the Information We Gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • To process and manage your bookings for experiences, cabs, flights, hotels, and other services.
  • To verify your identity as required for travel and financial services.
  • To send booking confirmations, travel reminders, and service updates.
  • To improve our products, services, and user experience.
  • To personalise your experience based on your travel preferences and interests.
  • To contact you for market research or promotional purposes (you may opt out at any time).
  • Internal record keeping and regulatory compliance.

Third-Party Services

We use the following third-party services that may collect or process your personal data as part of delivering our services. Each is subject to their own privacy policy:

  • Supabase (Database, Authentication & Backend) — all app data, including your profile, bookings, chat history, travel documents, and uploaded files, is stored in Supabase's cloud infrastructure, operated by Supabase Inc. (USA). Data is encrypted at rest and in transit.
  • PayU (Payment Processing) — your transaction data, including order amount, contact details, and payment status, is shared with PayU India Pvt. Ltd. to process payments for bookings. Card details are handled directly by PayU and are never stored on our servers. See PayU's privacy policy at payu.in.
  • Google Gemini (AI Travel Assistant) — when you use the Expatly AI assistant, your text messages, images you share in chat, and voice input (converted to text on-device before transmission) are sent to Google Gemini's API to generate travel recommendations. No additional personally identifiable information is included in these requests beyond the content of your message. Conversation history is stored in Expatly's secure database. Google's privacy policy applies to data processed by Gemini: policies.google.com/privacy. You can delete your chat history at any time by contacting support@expatly.in.
  • Sentry (Crash & Error Monitoring) — when the app encounters an error or crash, diagnostic reports are automatically sent to Sentry (Functional Software Inc., USA). These reports may include your user ID, email address, device model, OS version, and the app state at the time of the error. This data is used solely to diagnose and fix bugs. See Sentry's privacy policy at sentry.io/privacy/.
  • Amadeus (Flight & Hotel Search) — when you search for or book flights or hotels, passenger details including names, passport information (where required), travel dates, and contact details are transmitted to Amadeus IT Group SA to retrieve availability and complete bookings. See Amadeus's privacy policy at amadeus.com/en/policies/privacy-policy.
  • Expo (Push Notifications) — your device push notification token is registered with Expo (Expo Technology Inc., USA) to deliver booking confirmations, travel reminders, and service updates. Expo does not receive your personal information beyond the notification token and message payload. See Expo's privacy policy at expo.dev/privacy.
  • Google Maps / Google Places — used to display maps, location search, and autocomplete for addresses. Subject to Google's Privacy Policy at policies.google.com/privacy.
  • Firebase Cloud Messaging (FCM) — used in conjunction with Expo to deliver push notifications to Android and iOS devices. Subject to Google's Privacy Policy.
  • Google Sign-In — optional social sign-in method. If used, Google shares your name and email address with us.

We will not sell, distribute, or lease your personal information to any other third parties unless we have your permission or are required by law to do so.

Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

  • Account data — retained for the duration of your account and up to 2 years after account closure.
  • Booking and transaction records — retained for 7 years as required under Indian financial regulations.
  • Identity documents — retained for the period required for KYC compliance and deleted upon verified request thereafter.
  • Push notification tokens — retained while your account is active; deleted upon account deletion.

Security

We are committed to ensuring that your information is secure. We use industry-standard measures including HTTPS/TLS encryption for all data in transit, secure cloud storage, and access controls to prevent unauthorised access or disclosure. Identity documents are stored with additional encryption and restricted access.

How We Use Cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Cookies allow web applications to respond to you as an individual by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used and to analyze data about webpage traffic to improve our website. We only use this information for statistical analysis purposes. You can choose to accept or decline cookies through your browser settings, though this may limit certain features of the website.

Account & Data Deletion

You have the right to request deletion of your account and all associated personal data at any time. You can do this in two ways:

  • In-app (recommended): Open the Expatly app → ProfileSecurity & PrivacyDelete Account. This initiates immediate deletion.
  • By email: Send a request to support@expatly.in with the subject line "Data Deletion Request", including the email address associated with your account.

We will delete your account and personal data within 30 days of your verified request. Please note that we may be required to retain certain transaction records under applicable Indian financial laws (e.g., booking and payment history for up to 7 years); these will be retained only for the legally mandated period and then permanently deleted.

Children's Privacy

The Expatly website and mobile application are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at support@expatly.in and we will take steps to delete such information.

Revoking Consent & Controlling Your Personal Information

You may choose to restrict the collection or use of your personal information at any time:

  • Revoke app consent / delete account: Go to Profile → Security & Privacy → Delete Account in the Expatly app. This removes your account and queues all associated personal data for deletion within 30 days.
  • Device permissions (location, camera, microphone, calendar, notifications): You may revoke any of these at any time through your device's Settings → Apps → Expatly → Permissions. Revoking a permission disables the related feature but does not affect your account or other data.
  • Push notifications: Disable via your device's notification settings or within the app under Profile → Notifications.
  • Promotional communications: If you have agreed to receive marketing emails or messages, you may opt out at any time by contacting us at support@expatly.in or using the unsubscribe link in any marketing email.
  • Data access: You may request a copy of all personal data we hold about you by emailing support@expatly.in.

If you believe that any information we are holding on you is incorrect or incomplete, please write to us at #74, 15th Cross, J P Nagar 3rd Phase, Bangalore, Karnataka 560078 or contact us at support@expatly.in. We will promptly correct any information found to be incorrect.