Privacy Policy
Last updated: 3 July 2026
Searchumrah ("we", "us", "Searchumrah") connects pilgrims with verified travel agents offering Umrah packages. This policy explains what personal data we collect, why we collect it, who we share it with, and the choices you have. It applies to searchumrah.com and any subdomain we operate.
1. Information we collect
- Account information — name, email, phone number, profile photo, and (for agents) business details, KYC documents, and city.
- Reviews and content — ratings, written reviews, and any media you upload. Reviews can be marked anonymous; in that case identity is hidden in public views but retained server-side so the preference is reversible.
- Lead information — when you "show interest" in or contact an agent, we record your name, email, and phone so the agent can reach you.
- Travel documents (only after you book) — once a booking is confirmed and only if your trip requires it, we collect the traveller details and documents needed to process your Umrah visa and travel — such as passport scans, passport number, and a photo. These are collected solely to fulfil that trip, stored encrypted in a private, access-restricted store, and automatically and permanently deleted shortly after your departure (see section 5). We do not keep your travel documents long-term.
- Payment information (only if you pay through Searchumrah) — when you choose the "Pay via Searchumrah" option on a booking, the payment is processed by our payment partner Razorpay. We never see or store your card number, UPI PIN, or banking credentials; we store the transaction metadata Razorpay returns (payment ID, amount, method type such as card/UPI/netbanking, and status) to track, release, or refund the payment. Paying the agent directly remains available, and in that case Searchumrah processes no payment data at all.
- Tax (GST) information — at checkout we ask (optionally) for your Indian state; under GST law this is the "address on record" that determines the place of supply on your booking's tax invoice. For each confirmed booking we generate a tax invoice serial on the agent's behalf (and a credit note if it is later cancelled) and record the booking's GST breakup (taxable value, rate, and tax amount). Agents additionally provide their business GST details — GSTIN, registered legal name, and GST scheme — which we use solely to prepare that agent's own GST filing reports.
- Usage data — pages viewed, search filters, device and browser type, approximate location derived from IP, and timestamps.
- Cookies and similar technologies — for sign-in sessions, theme preferences, and analytics (Google Analytics and Microsoft Clarity, described below).
- Behavioural analytics (Microsoft Clarity) — we use Microsoft Clarity to understand how visitors interact with the site through behavioural metrics, heatmaps, and session replay (a reconstructed recording of page interactions such as mouse movement, clicks, scrolls, and pages visited). This data is captured using first- and third-party cookies and other tracking technologies. Clarity masks the text you type into form fields (including login and checkout fields) by default, so we do not capture the contents of those fields. You can opt out of analytics and Clarity at any time using the "Manage cookies" link in the footer; essential cookies needed to sign in are not affected.
2. How we use it
- Operate the platform: profiles, listings, search, reviews, bookings.
- Pass leads to the specific agent you contact or book.
- Verify agents (KYC) and prevent fraud or abuse.
- Send transactional notifications (booking status, sign-in codes, WhatsApp updates you opt into).
- Process, hold, release, or refund payments you choose to make through Searchumrah (via Razorpay), and keep the transaction records both parties need.
- Meet tax-law obligations: issue tax invoices and credit notes for bookings on the agent's behalf, and prepare each agent's GST filing reports from their own bookings.
- Improve the product, fix bugs, and analyze usage trends in aggregate.
3. Who we share it with
- The agent you contact or book. Your contact details are visible to that agent once you reveal interest or submit a booking, along with the booking and tax-invoice details of your booking (which the agent needs for their own GST filings). For payment you can either pay the agent directly (Searchumrah processes no payment data) or choose "Pay via Searchumrah", in which case Razorpay processes the payment and we hold the funds until your trip per the escrow terms shown at payment time.
- Service providers we rely on to run the platform: Supabase (database, auth, storage), Vercel (hosting), Razorpay (payment processing when you pay through Searchumrah), Meta WhatsApp Business (notifications you opt in to), Google Analytics (aggregate usage analytics), and Microsoft Clarity (behavioural analytics, heatmaps, and session replay used to improve the site). Each acts as a processor under contract. You can opt out of Google Analytics and Microsoft Clarity at any time via the "Manage cookies" link in the footer. For more information about how Microsoft collects and uses your data, see the Microsoft Privacy Statement.
- Authorities when required by law, court order, or to protect rights, property, or safety.
We do not sell personal data.
4. Google Business Profile data (for agents)
If you are an agent on a plan that offers it, you can connect your Google Business Profile so your existing Google reviews appear on your Searchumrah agency profile alongside reviews left on Searchumrah. This is optional and is initiated by you.
- What we access — with your authorisation and on your behalf, your Google Business account and location details and your Google reviews (reviewer name, star rating, comment, your reply, and date). Access is read-only: we never create, edit, delete, or reply to reviews, and never modify your listing.
- Why — solely to display your reviews on your public Searchumrah profile, consolidated with your Searchumrah reviews.
- Storage and deletion — the access token used to refresh your reviews is stored encrypted. You can disconnect at any time from Account Settings, which revokes our access at Google and deletes the imported reviews and stored token from our systems.
Limited Use. Searchumrah's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not sell this data, do not use it for advertising, and do not share it with third parties except to display it publicly on your agency profile.
5. Data minimisation, travel documents, and retention
We practise data minimisation: we collect only what a task needs, and we do not hold sensitive travel data any longer than necessary to deliver your trip.
Travel documents are deleted after your trip. The documents and traveller details collected to process a booking — passport scans (front, back, or combined), passport number, traveller photo, and any visa, ticket, or related files — are stored encrypted in a private, access-restricted store and used only to fulfil that specific trip. Once your trip's departure date has passed (after a short grace window, currently 7 days), these documents and their associated records are permanently and irreversibly deleted from our systems — images and data alike. We do not retain your passport scans, photos, or travel documents long-term, and we never use them for any purpose beyond processing your trip.
Saved travellers are yours to control. For convenience, you may save a traveller's basic reusable details (such as name, date of birth, passport number, and contact details) to your own profile so you don't have to re-enter them for a future booking. These saved profiles hold text details only — no document scans or images — and you can edit or permanently delete any saved traveller at any time from your account. If you delete one, it is removed from our systems.
Other data. While your account is active, we retain your account and activity data so the Platform works for you. Booking and lead transaction records (without the deleted travel documents) are retained for at least 3 years from creation to meet legal, tax, and dispute-resolution obligations, unless you delete your account sooner.
Tax records last longer. Tax invoices, credit notes, the GST breakup of a booking, and payment transaction records are financial records that Indian tax law requires to be preserved — currently at least 72 months (6 years) under GST law. These records are kept for that legally required period even if you delete your account earlier; they are then deleted.
Deleting your account. When you delete your account from Account Settings, it is deactivated and hidden from the Platform immediately, then kept for a 90-day grace period. If you sign back in with the same email within those 90 days, your account and all associated data are fully restored. If you do not, your account and its personal data are permanently deleted after 90 days and cannot be recovered. The same process applies to both pilgrim and agent accounts; for agents, your public profile and packages are hidden immediately on deletion.
We may retain limited records beyond this only where the law requires it (for example, certain tax or financial records), and our payment processor independently retains transaction records as required by applicable regulation. Such records are kept only for the legally required period and then deleted. You may also request deletion of your account or data at any time (see section 7).
6. Security
We use TLS in transit, encrypted storage at rest via our cloud providers, row-level-security on all user-scoped tables, and least-privilege access for staff. No system is perfectly secure; if you suspect a vulnerability, please email info@searchumrah.com.
7. Your rights
Subject to applicable law (including the Indian Digital Personal Data Protection Act, 2023), you may request access to, correction of, or deletion of your personal data, and withdraw consent for processing where consent is the legal basis. To exercise any right, email info@searchumrah.com from the address on your account. We will respond within 30 days.
8. International transfers
Our infrastructure providers may store data in countries outside India. Where this happens, we rely on the providers' standard contractual safeguards.
9. Children
Searchumrah is not directed at children under 16. If you believe a child has provided us personal data, contact us and we will delete it.
10. Changes
We may update this policy. Material changes will be announced on the site and the "Last updated" date above will change.
11. Contact
Questions about this policy? Email info@searchumrah.com.