Legal
Privacy Policy
This Privacy Policy explains how Krtiv.ai (“Krtiv”, “we”, “us”, or “our”), operated in connection with Maharashtra Tourism experiences and services by eFlag Corp, collects, uses, shares, and protects information when you use https://krtiv.ai and related features.
Last updated: 14 July 2026
1. Who we are
Krtiv.ai is a digital platform that helps travellers explore Maharashtra — destinations, curated itineraries, experiences, maps, galleries, and AI-assisted trip planning. This policy applies to the website, account features, and related online services we operate at krtiv.ai.
2. Information we collect
Depending on how you use Krtiv, we may collect the following categories of information:
- Account details: name, email address, mobile number, password (stored in hashed form), and profile photo when you provide them or when they are shared by a sign-in provider.
- Sign-in provider data: if you sign in with Google or Facebook, we receive basic profile information permitted by that provider (such as name, email, and profile image) according to your provider settings and consent.
- Travel preferences and trip data: itinerary inputs, saved places, saved itineraries, favourites, and related planner content you create or store in your account.
- Communications: messages you send through contact or support channels, contest or registration forms, and related correspondence.
- Technical and usage data: IP address, browser type, device information, pages viewed, approximate location derived from network or map tools, cookies, and analytics events used to operate and improve the service.
3. How we use your information
We use personal information to:
- Create and manage your account, authenticate sign-in (including OTP, email/password, Google, and Facebook), and secure access to the dashboard.
- Provide itinerary generation, saved trips and places, destination content, maps, and personalised recommendations.
- Respond to enquiries, process contest or event registrations, and send service-related notices.
- Monitor performance, prevent abuse or fraud, diagnose issues, and improve content and product experience.
- Comply with applicable law and enforce our Terms of Service.
4. Legal bases (where applicable)
Where required by applicable privacy law, we process personal data based on one or more of: your consent; performance of a contract with you (providing the service you request); our legitimate interests in operating, securing, and improving Krtiv; and compliance with legal obligations.
6. Facebook Login and Google sign-in
If you choose Facebook Login or Google sign-in, those providers authenticate you and may share limited profile information with us. Their own privacy policies govern how they process your data. You can disconnect or manage permissions in your Facebook or Google account settings. For Facebook app users, you may also request deletion of data we hold as described in our User Data Deletion Request page.
8. Data retention
We retain account and trip-related information for as long as your account remains active or as needed to provide the service, resolve disputes, enforce agreements, and meet legal, tax, or security requirements. When you request deletion, we delete or anonymise personal data subject to lawful retention needs, as described on the User Data Deletion Request page.
9. Security
We use reasonable administrative, technical, and organisational measures to protect personal information (including encrypted connections and hashed passwords). No method of transmission or storage is completely secure; please use a strong password and protect your credentials.
10. Your choices and rights
Subject to applicable law, you may request access, correction, or deletion of your personal information, withdraw consent where processing is consent-based, or object to certain processing. You can update some profile details in your account dashboard, contact us using the details below, or follow the steps on our User Data Deletion Request page.
11. Children’s privacy
Krtiv is intended for users who can form a binding contract under applicable Indian law. We do not knowingly collect personal information from children under 13 (or a higher age if required by local law). If you believe a child has provided us personal data, please contact us and we will take appropriate steps.
12. International processing
Our servers and service providers may process data in India or other countries. Where data is transferred internationally, we take steps designed to provide appropriate protection consistent with this policy and applicable law.
13. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top will change when we do. Continued use of Krtiv after an update constitutes acceptance of the revised policy, except where additional consent is required by law.
14. Contact us
For privacy questions, access requests, or deletion requests, contact us at diot@maharashtratourism.gov.in or through the Contact page on krtiv.ai. Please include enough detail for us to verify your request and locate your account (for example, the email or mobile number used to sign in).
