Privacy Policy
This Privacy Policy applies to all users of Vilora's globally, including users in India (governed by the Digital Personal Data Protection Act, 2023), the European Union (GDPR), the United Kingdom (UK GDPR), the United States, and other jurisdictions. By using Vilora's, you agree to the practices described in this policy.
1. Who We Are
Vilora's ("we," "us," or "our") is a luxury villa rental platform operated by Vilora's, Inc. Our registered address is available upon request at legal@viloras.in. For users in India, our Data Fiduciary contact is privacy@viloras.in.
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, phone number, profile photo when you register
- Identity verification: Government-issued ID, passport details (for hosts)
- Payment information: Credit/debit card details, UPI IDs, bank account details (processed via Razorpay — we do not store card numbers)
- Listing information: Property details, photos, pricing, availability (for hosts)
- Communications: Messages between guests and hosts, support tickets, reviews
2.2 Information Collected Automatically
- IP address, browser type, device information, operating system
- Pages visited, time spent, search queries on Vilora's
- Cookies and similar tracking technologies
- Location data (with your permission) for property search
2.3 Information from Third Parties
- Social login data from Google or Apple (if you sign in via these providers)
- Identity verification services
- Payment processors (Razorpay)
3. How We Use Your Information
- To create and manage your account
- To process bookings and payments
- To facilitate communication between guests and hosts
- To send booking confirmations, receipts, and important service updates
- To send marketing communications (with your consent)
- To improve our platform, detect fraud, and ensure security
- To comply with legal obligations under applicable laws
- To resolve disputes and enforce our Terms of Service
4. Legal Basis for Processing (GDPR / UK GDPR)
For users in the EU and UK, we process your data on the following legal bases:
- Contract performance: Processing necessary to fulfil your booking
- Legitimate interests: Fraud prevention, platform security, service improvement
- Consent: Marketing communications, non-essential cookies
- Legal obligation: Compliance with tax, financial, and regulatory requirements
5. Data Protection — India (DPDP Act 2023)
For users in India, we comply with the Digital Personal Data Protection Act, 2023:
- We process your personal data only for lawful purposes with your consent
- You have the right to access, correct, and erase your personal data
- You may withdraw consent at any time by contacting privacy@viloras.in
- We appoint a Data Protection Officer reachable at dpo@viloras.in
- We do not transfer your data outside India without adequate safeguards
- In case of a data breach, we will notify affected users within 72 hours
6. Sharing Your Information
We share your information in the following circumstances:
- With hosts/guests: Name, profile photo, and booking details are shared to complete your reservation
- Service providers: Razorpay (payments), AWS S3 (photo storage), Resend (email), Clerk (authentication), Supabase (database), Vercel (hosting)
- Legal requirements: When required by law, court order, or government authority
- Business transfers: In case of merger, acquisition, or sale of assets
We do not sell your personal data to third parties.
7. Data Retention
- Account data is retained while your account is active
- Booking records are retained for 7 years for legal and tax compliance
- Marketing data is retained until you unsubscribe or withdraw consent
- You may request deletion of your account at any time
8. Cookies
We use the following types of cookies:
- Essential cookies: Required for the platform to function (login, security)
- Analytics cookies: Help us understand how users interact with Vilora's
- Marketing cookies: Used to show relevant advertisements (with consent)
You can manage cookie preferences in your browser settings or via our Cookie Settings page.
9. Your Rights
Depending on your location, you may have the following rights:
- Access: Request a copy of your personal data
- Correction: Correct inaccurate or incomplete data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Receive your data in a machine-readable format
- Objection: Object to processing based on legitimate interests
- Restriction: Request restriction of processing in certain circumstances
- Withdraw consent: At any time, for consent-based processing
To exercise these rights, contact us at privacy@viloras.in. We will respond within 30 days.
10. International Data Transfers
Vilora's operates globally. Your data may be transferred to and processed in countries outside your home country. We ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) for EU/UK transfers and compliance with applicable Indian data localisation requirements.
11. Children's Privacy
Vilora's is not directed at children under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us at privacy@viloras.in.
12. Security
We implement industry-standard security measures including SSL/TLS encryption, secure payment processing via Razorpay, access controls, and regular security audits. However, no system is completely secure, and we cannot guarantee absolute security.
13. Contact Us
For privacy-related queries, contact:
- Email: privacy@viloras.in
- Data Protection Officer: dpo@viloras.in
- General: support@viloras.in
If you are in the EU/UK and unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.