Legal

Privacy Policy

This Privacy Policy explains how Krtiv.ai (“Krtiv”, “we”, “us”, or “our”), operated in connection with Maharashtra Tourism experiences and services by eFlag Corp, collects, uses, shares, and protects information when you use https://krtiv.ai and related features.

Last updated: 14 July 2026

1. Who we are

Krtiv.ai is a digital platform that helps travellers explore Maharashtra — destinations, curated itineraries, experiences, maps, galleries, and AI-assisted trip planning. This policy applies to the website, account features, and related online services we operate at krtiv.ai.

2. Information we collect

Depending on how you use Krtiv, we may collect the following categories of information:

  • Account details: name, email address, mobile number, password (stored in hashed form), and profile photo when you provide them or when they are shared by a sign-in provider.
  • Sign-in provider data: if you sign in with Google or Facebook, we receive basic profile information permitted by that provider (such as name, email, and profile image) according to your provider settings and consent.
  • Travel preferences and trip data: itinerary inputs, saved places, saved itineraries, favourites, and related planner content you create or store in your account.
  • Communications: messages you send through contact or support channels, contest or registration forms, and related correspondence.
  • Technical and usage data: IP address, browser type, device information, pages viewed, approximate location derived from network or map tools, cookies, and analytics events used to operate and improve the service.

3. How we use your information

We use personal information to:

  • Create and manage your account, authenticate sign-in (including OTP, email/password, Google, and Facebook), and secure access to the dashboard.
  • Provide itinerary generation, saved trips and places, destination content, maps, and personalised recommendations.
  • Respond to enquiries, process contest or event registrations, and send service-related notices.
  • Monitor performance, prevent abuse or fraud, diagnose issues, and improve content and product experience.
  • Comply with applicable law and enforce our Terms of Service.

5. How we share information

We do not sell your personal information. We may share information with:

  • Service providers who help us host, send OTP/SMS, send email, run analytics, deliver maps or media, or support authentication (such as Google or Facebook Login), under appropriate contractual safeguards.
  • Authorities or third parties when required by law, court order, or to protect rights, safety, and security.
  • Successors in connection with a merger, acquisition, or reorganisation, subject to continued protection consistent with this policy.

6. Facebook Login and Google sign-in

If you choose Facebook Login or Google sign-in, those providers authenticate you and may share limited profile information with us. Their own privacy policies govern how they process your data. You can disconnect or manage permissions in your Facebook or Google account settings. For Facebook app users, you may also request deletion of data we hold as described in our User Data Deletion Request page.

7. Cookies and analytics

We use cookies and similar technologies for essential site functions (such as keeping you signed in), remembering preferences, and understanding how the site is used (including analytics tools such as Google Analytics where enabled). You can control cookies through your browser settings; disabling some cookies may limit certain features.

8. Data retention

We retain account and trip-related information for as long as your account remains active or as needed to provide the service, resolve disputes, enforce agreements, and meet legal, tax, or security requirements. When you request deletion, we delete or anonymise personal data subject to lawful retention needs, as described on the User Data Deletion Request page.

9. Security

We use reasonable administrative, technical, and organisational measures to protect personal information (including encrypted connections and hashed passwords). No method of transmission or storage is completely secure; please use a strong password and protect your credentials.

10. Your choices and rights

Subject to applicable law, you may request access, correction, or deletion of your personal information, withdraw consent where processing is consent-based, or object to certain processing. You can update some profile details in your account dashboard, contact us using the details below, or follow the steps on our User Data Deletion Request page.

11. Children’s privacy

Krtiv is intended for users who can form a binding contract under applicable Indian law. We do not knowingly collect personal information from children under 13 (or a higher age if required by local law). If you believe a child has provided us personal data, please contact us and we will take appropriate steps.

12. International processing

Our servers and service providers may process data in India or other countries. Where data is transferred internationally, we take steps designed to provide appropriate protection consistent with this policy and applicable law.

13. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Continued use of Krtiv after an update constitutes acceptance of the revised policy, except where additional consent is required by law.

14. Contact us

For privacy questions, access requests, or deletion requests, contact us at diot@maharashtratourism.gov.in or through the Contact page on krtiv.ai. Please include enough detail for us to verify your request and locate your account (for example, the email or mobile number used to sign in).