Privacy Policy

Last updated: January 15, 2025

1. Who we are

Bucefelus Technologies Private Limited ("Bucefelus", "we", "us") operates the Bucefelus platform — a travel services platform providing flight booking, railway ticketing, international eSIM activation, and forex services. Our registered office is at Noida, Uttar Pradesh – 201301, India.

2. Information we collect

We collect the following categories of personal information:

  • Account data: name, email address, phone number, and password hash.
  • Identity data: date of birth and passport number (required by telecom regulations for international eSIM KYC).
  • Travel data: travel dates, destinations, and booking details.
  • Payment data: transaction IDs and payment method type. Card numbers are handled exclusively by Razorpay and are never stored on our servers.
  • Device and usage data: IP address, browser type, pages visited, and time spent, collected via analytics cookies.

3. How we use your information

  • To process bookings and fulfil services you request.
  • To verify your identity as required by law for eSIM activation (KYC under Indian telecom regulations).
  • To send transactional emails (booking confirmations, receipts).
  • To provide customer support.
  • To improve the platform through aggregated, anonymised analytics.
  • To comply with applicable laws and respond to legal requests.

4. Sharing your information

We share personal data only in the following circumstances:

  • Matrix Cellular: passport details shared solely for eSIM KYC, as mandated by the Indian Department of Telecommunications.
  • Razorpay: payment data shared with Razorpay Financial Services for processing payments, under their PCI-DSS-compliant systems.
  • Supabase: our database infrastructure provider, bound by a data processing agreement.
  • We do not sell your personal data to third parties. Ever.

5. Data retention

Account data is retained for the duration of your account. Booking records are retained for 7 years as required by Indian tax law. KYC documents are retained for 5 years as required by telecom regulations. You may request deletion of non-mandatory data by contacting us.

6. Your rights

Under the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable laws, you have the right to access, correct, and request deletion of your personal data. Contact us at info@bucefelus.com to exercise these rights.

7. Security

We use 256-bit TLS encryption for all data in transit and AES-256 encryption for data at rest. Our infrastructure follows ISO 27001 security controls. Passwords are hashed with bcrypt and never stored in plain text.

8. Cookies

We use strictly necessary cookies for session management and optional analytics cookies (disabled by default). You can manage cookie preferences in your browser settings.

9. Contact

For privacy-related queries, contact our Data Protection Officer at info@bucefelus.com or write to us at our registered office in Noida.