Legal

Privacy Policy

Last updated: 1 May 2025

Where Peri Goes is a travel publication operated by Prerika Chauhan(an individual sole proprietor, not a registered company), based in Ghaziabad, Uttar Pradesh, India. “Peri” is a pen name used for the brand voice. Prerika Chauhan is the data controller for the purposes of this policy.

This policy explains what personal data we collect when you use this website, why we collect it, how we use it, and your rights. If you have any questions, email us at prerikaucl@gmail.com.

1. What we collect

When you buy an itinerary

At checkout we collect your name, email address, and country (to determine your payment currency, either INR or USD). We do not receive or store your card details; those are handled entirely by Razorpay on their servers.

After a successful payment Razorpay sends us payment metadata: payment ID, order ID, amount, currency, and timestamp. We store this server-side for order fulfilment, customer support, and accounting purposes.

When you subscribe to the newsletter

We collect your email address. Newsletter sign-up is always optional.

Site analytics

We use Vercel Web Analytics. This is cookieless and privacy-friendly: it collects aggregate, anonymised page-view data: URL, referrer, approximate country, and device type. No cookies are written, no fingerprinting occurs, and no cross-site tracking takes place.

Server logs

Our hosting provider Vercel may retain standard server access logs (IP address, timestamp, URL requested). These are outside our control and are retained per Vercel's own privacy policy.

2. How we use your data

  • Order fulfilment: deliver your itinerary PDF by email (via Resend) and generate a signed download link if the file exceeds 15 MB.
  • Customer support: resolve delivery issues, re-send PDFs, or process exceptional refund requests.
  • Accounting: retain order records for our own bookkeeping.
  • Newsletter: send travel updates and new itinerary announcements, but only if you opted in. You can unsubscribe at any time via the link in any email.
  • Fraud & abuse prevention: detect and block misuse of download links and checkout endpoints.
  • Site improvement: understand aggregate traffic patterns via Vercel Analytics.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Where your data is stored: sub-processors

We use the following third-party services. Each processes personal data only to the extent necessary for the purpose described.

  • Razorpay: payment processing. Receives your name, email, and country at checkout; handles all card data.
  • Resend: transactional email (PDF delivery) and newsletter. Stores your email address on their platform.
  • Upstash Redis: order records (2-year TTL) and signed PDF download tokens (2-year TTL, scoped to your purchase). Stores order metadata server-side.
  • Sanity: content management system. Stores only published content (blog posts, itinerary descriptions, images). Does not store buyer data.
  • Vercel: website hosting, serverless functions, and Vercel Web Analytics (cookieless, aggregate page-view metrics).

4. Retention

  • Order records: 2 years from purchase date.
  • Download tokens: retained for 2 years to allow re-downloads, then deleted automatically.
  • Newsletter subscription: until you unsubscribe.
  • Vercel Analytics data: per Vercel's own retention schedule (aggregate, not personal).

5. International transfers

Our sub-processors operate data centres globally. Your data may therefore be processed outside India, the UK, or the European Economic Area. Where this occurs, the relevant sub-processor is responsible for maintaining appropriate safeguards under their own data protection commitments.

6. Your rights

India (Digital Personal Data Protection Act 2023)

You have the right to access, correct, and erase your personal data, and to raise a grievance. To exercise any of these rights, email prerikaucl@gmail.com (Prerika Chauhan acts as the Grievance Officer for this website).

UK & European Economic Area (UK GDPR / GDPR)

If you are in the UK or EEA you also have the right to: access your data; rectify inaccuracies; request erasure; restrict or object to processing; data portability; and withdraw consent at any time without affecting prior processing. You may also lodge a complaint with the Information Commissioner's Office (ICO) or your local supervisory authority.

California (CCPA)

We do not sell your personal information.

7. Children

This website is not directed at children under 16. We do not knowingly collect personal data from anyone under 16.

8. Security

All data is transmitted over TLS. Server-side secrets (API keys, database tokens) are never exposed to the browser. Paid PDF files are never served via a public URL; they are delivered by email attachment or via signed download links scoped to your purchase. Links remain valid for 2 years so you can re-download from any device.

9. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of this page will reflect any changes. Continued use of the site after an update constitutes acceptance of the revised policy.

10. Contact

For any privacy-related queries or to exercise your rights, email prerikaucl@gmail.com.

Terms of ServiceCookies Policy