Legal

Privacy Policy

Last updated: May 6, 2025

Banjaro (“we”, “our”, or “us”) operates banjaro.in — a free link-in-bio platform for India travel creators. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using Banjaro you agree to this policy.

1. Information We Collect

Information you provide

  • Account data: name, email address, and password (stored as a bcrypt hash).
  • Profile data: public handle, display name, bio, avatar, Instagram / YouTube links.
  • Itinerary content: destinations, day/stop details, photos, videos, notes, and booking links you add.

Information collected automatically

  • Affiliate click logs: IP address, user-agent, timestamp, and destination URL whenever a “Book Now” link is clicked. This is our primary revenue signal.
  • Usage data: page views on itinerary and profile pages (aggregate counts only).
  • Follow-up requests: name, email, and phone number if a traveler follows a creator to receive trip alerts.

2. How We Use Your Information

  • Authenticate your account and display your public profile and itineraries.
  • Track affiliate link performance so we can attribute revenue and improve the product.
  • Send trip-update emails to travelers who have opted in by following a creator.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

We do not sell your personal data to third parties.

3. Affiliate Links & Third-Party Platforms

When you click a “Book Now” button we redirect you through our affiliate tracker (/api/affiliate/click) to a third-party booking site (Booking.com, Hostelworld, GetYourGuide, Airbnb, etc.). Each destination site has its own privacy policy. We inject our affiliate parameters to earn a commission — we do not share your name or email with these platforms beyond what the booking flow requires.

4. Instagram / Facebook Integration

Creators may paste an Instagram Reel URL into the itinerary builder. We call Instagram's public oEmbed API (graph.facebook.com/instagram_oembed) to fetch the reel's thumbnail and caption. We do not request or store your Instagram credentials or access tokens. The only token used is Banjaro's own app token for the oEmbed API.

Banjaro does not use Facebook Login and does not access Facebook user data.

5. Cookies & Sessions

We use a single session cookie issued by NextAuth to keep you logged in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

6. Data Retention

  • Account and profile data: retained while your account is active.
  • Affiliate click logs: retained for up to 24 months for revenue reporting.
  • Deleted accounts: data removed within 30 days of a deletion request.

7. Your Rights

You may request access to, correction of, or deletion of your personal data at any time by emailing us. Residents of jurisdictions with specific rights (GDPR, IT Act 2023) may also request data portability or lodge a complaint with a supervisory authority.

8. Data Deletion

To delete all your data, email privacy@banjaro.in with the subject line “Delete my account”. We will process your request within 30 days. You can also use our automated data deletion page.

9. Security

Passwords are hashed with bcrypt. All traffic is served over HTTPS. Our database is hosted on Neon (Postgres) with encryption at rest. We follow principle-of-least-privilege for internal access.

10. Changes to This Policy

We may update this policy. The “last updated” date at the top will reflect changes. Continued use of Banjaro after a material change constitutes acceptance of the updated policy.

11. Contact Us

Banjaro

House #11, Benheri Mandar Road, Near Bellary Post Office, India

Email: privacy@banjaro.in

Phone: +91 834-949-2780

Terms & ConditionsData Deletion← Back to Banjaro