Legal

Privacy Policy

We believe in transparency everywhere — including how we handle your data. This policy is written in plain English, not legalese, because you deserve to actually understand it.

Last updated: 29 March 2026
The short version
  • We collect only what we need to book your Umrah and process your visa.
  • We share your data only with airlines, hotels, and visa authorities — never with advertisers.
  • We never sell your personal information. To anyone. For any reason.
  • You can request deletion of your data at any time.
  • We use cookies only for essential site functionality and analytics — no ad tracking.
In this policy
  1. Who we are
  2. What data we collect
  3. Why we collect it
  4. Who we share it with
  5. Cookies & analytics
  6. How we store & protect your data
  7. How long we keep your data
  8. Your rights
  9. Children's privacy
  10. Changes to this policy
  11. Contact us

1. Who we are

Niyyah Travel (referred to as "Niyyah," "we," "us," or "our") operates the website niyyahti.com and provides Umrah booking services for pilgrims travelling from India to Saudi Arabia. We are registered in India and headquartered in Mumbai.

When you use our website, book a trip, or interact with us via WhatsApp, email, or phone, we act as the data controller for the personal information described in this policy.

2. What data we collect

We collect only what is necessary to book your Umrah and provide you with our services. Here is exactly what we collect and why:

DataWhen collectedWhy needed
Full nameAccount creation / bookingVisa application, flight ticket, hotel reservation
Email addressAccount creationBooking confirmations, e-tickets, communication
Phone numberAccount creationWhatsApp support, OTP verification, emergency contact
Passport detailsBooking checkoutVisa processing (required by Saudi authorities)
Date of birthBooking checkoutVisa application, airline requirement
GenderBooking checkoutSaudi visa requirement, hotel room allocation
Departure cityBooking selectionFlight routing, price calculation
Payment informationCheckoutProcessing your payment (handled by Razorpay — we never see your full card number)
Special requirementsBooking (optional)Wheelchair assistance, dietary needs, medical notes
Device & browser infoWebsite visitSite functionality, analytics, bug fixing

What we don't collect: We do not collect your religion, caste, political opinions, biometric data, or any information beyond what is listed above. We do not use facial recognition. We do not track your location.

3. Why we collect it

We use your data for these specific purposes and no others:

To provide our service

Processing your booking, submitting your visa application, issuing flight tickets, confirming hotel reservations, and providing customer support via WhatsApp and email. This is the primary purpose — without this data, we cannot book your Umrah.

To communicate with you

Sending booking confirmations, visa status updates, travel reminders, and post-trip follow-ups. We also send your referral code and occasional service updates. We will never send unsolicited marketing emails without your explicit consent.

To improve our service

Analysing aggregate, anonymised usage data to understand how pilgrims use our website and digital guide, which helps us improve the experience. This data is never linked to your identity.

To comply with legal obligations

Maintaining financial records as required by Indian tax law, and sharing passenger data with airlines and Saudi authorities as required for visa processing and immigration.

4. Who we share your data with

We share your personal data only with the following parties, only for the purposes stated, and only to the extent necessary:

Shared withWhat dataWhy
Airlines (e.g., IndiGo, Saudia)Name, passport details, DOB, genderFlight ticket issuance (legally required)
Hotels in Makkah & MadinahName, check-in/out dates, special requirementsRoom reservation
Saudi Ministry of Hajj & UmrahName, passport, DOB, gender, photoUmrah visa processing (legally required)
Razorpay (payment processor)Payment detailsSecure payment processing
Google AnalyticsAnonymised usage data (no personal identifiers)Website improvement

We never sell your data. We do not share your information with advertisers, data brokers, or any third party for marketing purposes. We do not allow third parties to place tracking pixels or advertising cookies on our website.

5. Cookies & analytics

We use a minimal number of cookies to make the website work properly. Here is exactly what they do:

CookiePurposeDurationType
Session cookieKeeps you logged in during your visitUntil you close browserEssential
Auth tokenRemembers your login between visits30 daysEssential
Google Analytics (_ga)Anonymised page visit counting2 yearsAnalytics
Cookie consentRemembers your cookie preferences1 yearEssential

We do not use advertising cookies, retargeting pixels, Facebook Pixel, or any cross-site tracking technology. When you visit niyyahti.com, your browsing is not tracked across other websites.

You can disable cookies in your browser settings. Essential cookies are required for the website to function — disabling them may affect your ability to log in and complete bookings.

6. How we store & protect your data

Your data is stored on secure servers hosted in India. We implement the following security measures:

Encryption

All data transmitted between your browser and our servers is encrypted using 256-bit TLS/SSL. Your data is also encrypted at rest on our servers.

Payment security

We never store your full credit card, debit card, or UPI details. All payment processing is handled by Razorpay, which is PCI-DSS Level 1 compliant — the highest level of payment security certification.

Passport data

Your passport details are stored in an encrypted database with restricted access. Only authorised team members involved in visa processing can access this information. Passport data is permanently deleted 90 days after your trip is completed (see Section 7).

Access controls

Access to customer data is limited to team members who need it to perform their specific role. All access is logged and audited.

No system is perfectly secure. In the unlikely event of a data breach, we will notify affected users within 72 hours and take immediate steps to mitigate any harm.

7. How long we keep your data

Data typeRetention periodReason
Account information (name, email, phone)Until you delete your accountOngoing service access
Passport details90 days after trip completionPost-trip support, then deleted
Booking history7 yearsIndian tax and accounting requirements
Payment transaction records7 yearsIndian tax and accounting requirements
WhatsApp conversation history12 months after tripCustomer support reference, then deleted
Analytics data26 months (Google Analytics default)Anonymised, cannot identify you

When data reaches its retention limit, it is permanently deleted from our systems, including all backups, within 30 days.

8. Your rights

Under Indian data protection law and our own commitment to transparency, you have the following rights:

Right to access

You can request a copy of all personal data we hold about you. We will provide it within 15 working days in a machine-readable format.

Right to correction

If any of your personal data is inaccurate or incomplete, you can request correction at any time. You can also update most information directly in your account settings.

Right to deletion

You can request deletion of your personal data at any time. We will delete your data within 30 days, except where we are legally required to retain it (e.g., financial records for tax purposes). If you have an active booking, we will ask you to complete or cancel it before processing deletion.

Right to withdraw consent

Where we process data based on your consent (e.g., marketing communications), you can withdraw that consent at any time. Withdrawal does not affect the legality of processing before the withdrawal.

Right to object

You can object to our processing of your data for specific purposes. We will stop unless we have compelling legitimate reasons that override your interests.

How to exercise your rights

Email us at privacy@niyyahti.com or WhatsApp us at +91-XXXXX-XXXXX with your request. We will respond within 15 working days. No fees are charged for exercising your rights.

9. Children's privacy

Our services can be used to book Umrah for children (under 18) who are travelling with their parents or legal guardians. We collect children's passport details and date of birth only for the purpose of visa processing and flight booking, as required by airlines and Saudi authorities.

Children cannot create accounts or make bookings independently. A parent or legal guardian must provide consent and submit information on behalf of any minor.

We do not knowingly collect personal information from children under 13 except as part of a family booking made by a parent or guardian.

10. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we will:

1. Update the "Last updated" date at the top of this page.
2. Notify you via email if you have an account with us.
3. Display a notice on our website for 30 days after the change.

We will never reduce your rights under this policy without obtaining your explicit consent first.

11. Contact us

If you have questions about this Privacy Policy, want to exercise any of your rights, or have concerns about how we handle your data, we want to hear from you.

Data Protection Contact

Niyyah Travel

Email: privacy@niyyahti.com

WhatsApp: +91-XXXXX-XXXXX

We respond to all privacy enquiries within 5 working days.