Legal

Privacy Policy

Last updated: March 28, 2026 · Version 3.0

Contact DPO

What you need to know

What We Collect

Hotel and business data, booking information and usage analytics to run our services.

How We Use It

To operate DJUBO, improve our products, provide support and send relevant communications.

Who We Share With

Trusted service providers only — AWS, Razorpay, PayU, PayPal, ZeptoMail. Never sold to third parties.

Your Rights

Access, correct, port or delete your data. Contact privacy@djubo.com to exercise any right.

Table of Contents

1. Introduction

DJUBO ("we", "our", or "us") is committed to protecting the privacy and security of personal information entrusted to us by our users, clients, and website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit www.djubo.com, use our hotel technology platform, or interact with any of our services.

This policy applies where we act as a Data Controller (determining the purposes and means of processing) for our website visitors and direct clients. For hotel guest data processed through our platform, we act as a Data Processor on behalf of the hotel (the Data Controller).

By accessing our Services, you acknowledge that you have read, understood, and agree to these practices. If you do not agree, please discontinue use of our Services immediately.

2. Information we collect

We collect several categories of information depending on how you interact with our platform.

Personal & account data

Directly provided: Name, email address, phone number, company name, job title, billing address, and payment details provided during registration, demo requests, or newsletter subscriptions.

Customer relationship data: Information relating to our business relationship, including communications between you (or your employer) and DJUBO.

Publication data: Information you post for publication on our website or through our services.

Hotel & guest data

When hotels use our platform (PMS, Channel Manager, Booking Engine), we process operational data including reservation details, guest names, contact details, stay preferences, room inventory, and financial records. This data is processed strictly as directed by the hotel.

Automatically collected data

Usage data: IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, and website navigation paths.

This data is primarily gathered via Google Analytics to analyse website performance.

3. How we use your information

We process personal data based on consent, performance of a contract, compliance with legal obligations, or our legitimate business interests. Purposes include:

  • Service delivery: Providing and improving our PMS, Revenue Management tools, and APIs.
  • Communication: Responding to enquiries, sending service updates, and providing support.
  • Marketing: Sending promotional materials and newsletters (subject to your consent).
  • Operations: Billing, accounting, auditing, and maintaining database backups.
  • Legal & risk: Establishing or defending legal claims, complying with laws, obtaining professional advice, or managing risks.

4. Cookies & tracking technologies

We use cookies to identify you, store preferences, and analyse traffic.

Types of cookies used

  1. Strictly necessary: Essential for authentication, security, and website functionality.
  2. Performance & analysis: Google Analytics helps us understand how visitors interact with our site.
  3. Functional: Remember your settings (language, region) for a personalised experience.
  4. Marketing & advertising: Track behaviour across websites to deliver relevant advertisements.

Managing cookies

You can manage or block cookies through your browser settings. Note that blocking all cookies may negatively impact website usability.

Links to browser cookie settings:

5. Data sharing & third parties

We do not sell your personal information.

We may share data with:

  • Service providers: Cloud hosting (AWS), payment processors (Razorpay, PayU, PayPal), and email services (ZeptoMail).
  • Company network: Our subsidiaries, ultimate holding company, and distributor network.
  • Channel partners: OTAs and distribution channels as directed by the hotel client.
  • Professional advisers: Insurers, lawyers, or auditors for risk management and legal defence.
  • Legal requirements: Law enforcement or regulatory bodies when required by law.

6. Data security

We implement rigorous technical and organisational measures:

  • Encryption: TLS/SSL for data in transit and AES-256 for data at rest.
  • Infrastructure: Secure data centres with SOC 2 Type II certification and protection against DDoS, bot, and evasion attacks.
  • Access control: Role-based access and multi-factor authentication (MFA) for staff.
  • Resilience: Automated backups and disaster recovery procedures.

7. Data retention

We retain personal information only as long as necessary:

  • Account and client data: Retained for the duration of your active relationship with us.
  • Transaction records: Retained for 7 years for financial and tax compliance.
  • Marketing data: Retained until you withdraw consent.
  • Criteria-based: If a specific period is not defined, retention is based on the frequency of your interaction and communication with us.

8. Your rights

Depending on your jurisdiction (including GDPR protections), you have the right to:

  • Access & rectification: Request a copy of your data or correct inaccuracies.
  • Erasure ("right to be forgotten"): Request deletion of data when no longer necessary.
  • Restriction & objection: Limit how we process data or object to processing based on legitimate interests or direct marketing.
  • Data portability: Request a machine-readable copy of your information.
  • Withdraw consent: Revoke permission at any time without affecting previous lawful processing.

To exercise these rights, contact our Data Protection Officer at privacy@djubo.com.

9. International data transfers

DJUBO operates globally. Our primary processing facilities are in India and the United States. We ensure compliance through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable
  • Explicit consent for specific transfers

10. Contact us

For any questions regarding this policy or your data, please contact:

Legal and jurisdiction

Governing law and jurisdiction

This Privacy Policy is governed by the laws of India. By using DJUBO services, you consent to the jurisdiction of the District Court of New Delhi, India for any disputes arising from this policy.

For international users: By accessing DJUBO services from outside India, you acknowledge that your data will be processed in accordance with Indian law and that any disputes will be subject to the exclusive jurisdiction of the District Court of New Delhi, India.

For users in the European Union:DJUBO processes EU personal data using Standard Contractual Clauses (SCCs) and adequacy decisions where applicable. Our legal bases for processing are contract performance, legitimate interests, legal obligation, and consent. Data is hosted on AWS ap-southeast-1 (Singapore) under AWS's data processing addendum which includes Standard Contractual Clauses for EU data transfers.