Privacy Policy

Last updated: 15 May 2026

Searchumrah ("we", "us", "Searchumrah") connects pilgrims with verified travel agents offering Hajj and Umrah packages. This policy explains what personal data we collect, why we collect it, who we share it with, and the choices you have. It applies to searchumrah.com and any subdomain we operate.

1. Information we collect

Account information — name, email, phone number, profile photo, and (for agents) business details, KYC documents, and city.
Reviews and content — ratings, written reviews, and any media you upload. Reviews can be marked anonymous; in that case identity is hidden in public views but retained server-side so the preference is reversible.
Lead information — when you "show interest" in or contact an agent, we record your name, email, and phone so the agent can reach you.
Usage data — pages viewed, search filters, device and browser type, approximate location derived from IP, and timestamps.
Cookies — for sign-in sessions, theme preferences, and basic analytics.

2. How we use it

Operate the platform: profiles, listings, search, reviews, bookings.
Pass leads to the specific agent you contact or book.
Verify agents (KYC) and prevent fraud or abuse.
Send transactional notifications (booking status, password resets, WhatsApp updates you opt into).
Improve the product, fix bugs, and analyze usage trends in aggregate.

3. Who we share it with

The agent you contact or book. Searchumrah does not process payments; booking and payment happen directly between you and the agent. Your contact details are visible to that agent once you reveal interest or submit a booking.
Service providers we rely on to run the platform: Supabase (database, auth, storage), Vercel (hosting), and Meta WhatsApp Business (notifications you opt in to). Each acts as a processor under contract.
Authorities when required by law, court order, or to protect rights, property, or safety.

We do not sell personal data.

4. Data retention

Account data is retained while your account is active and for a reasonable period after deletion to satisfy legal, tax, and dispute-resolution obligations. Booking and lead records are retained for at least 3 years from creation. You may request deletion of your account at any time (see section 6).

5. Security

We use TLS in transit, encrypted storage at rest via our cloud providers, row-level-security on all user-scoped tables, and least-privilege access for staff. No system is perfectly secure; if you suspect a vulnerability, please email security@searchumrah.com.

6. Your rights

Subject to applicable law (including the Indian Digital Personal Data Protection Act, 2023), you may request access to, correction of, or deletion of your personal data, and withdraw consent for processing where consent is the legal basis. To exercise any right, email privacy@searchumrah.com from the address on your account. We will respond within 30 days.

7. International transfers

Our infrastructure providers may store data in countries outside India. Where this happens, we rely on the providers' standard contractual safeguards.

8. Children

Searchumrah is not directed at children under 16. If you believe a child has provided us personal data, contact us and we will delete it.

9. Changes

We may update this policy. Material changes will be announced on the site and the "Last updated" date above will change.

10. Contact

Questions about this policy? Email privacy@searchumrah.com.