Privacy Policy

2. Information We Collect

To execute our high-ticket infrastructure services and comply with local Indian laws, we mandate the collection of specific data points:

• Identity and Contact Data: Full legal name, professional title, corporate affiliation, email address, and primary phone number.
• Travel and Legal Documentation: Passport copies, Indian e-Tourist Visa details, and emergency contact information. This is strictly required for processing mandatory Protected Area Permits (PAP) for the Ladakh region.
• Financial Data: Billing address and transaction history. Note: SyncRetreat does not process or store full credit card numbers. All financial transactions are securely tokenized and processed by our PCI-DSS compliant third-party gateways (Stripe and RazorpayX).
• Technical Data: IP addresses, browser types, and usage data collected via our frontend architecture for security monitoring and localized performance tracking.

3. Purpose of Data Processing

We do not monetize your data. Your PII is processed strictly for the following operational imperatives:

• Service Execution: To reserve real estate, configure on-site infrastructure, and manage your 28-day allocation.
• Legal Compliance: To submit required documentation to the District Magistrate in Leh and relevant Indian border authorities to secure your PAP.
• Financial Processing: To manage invoicing, track deposits, and execute the final $1,300 USD balance collection via Stripe/RazorpayX.
• Operational Communication: To dispatch critical pre-arrival briefings, high-altitude health protocols, and logistical updates.

4. Data Sharing and Third-Party Disclosures

We operate a lean, zero-capital model and share your data only when operationally or legally necessary:

• Government Authorities: Your passport and visa data will be shared with local Indian authorities exclusively to procure regional permits.
• Local Operational Partners: Your name and dietary requirements will be shared with our Ladakhi boutique hotel partners and private chefs to fulfill our infrastructure obligations.
• Service Providers: Data is routed through our enterprise infrastructure partners (e.g., payment gateways, secure cloud hosting).

5. International Data Transfers

SyncRetreat operates in India. By utilizing our services, Western clients (from the US, UK, and EU) acknowledge and consent to the transfer, storage, and processing of their PII within Indian jurisdiction. We implement commercially reasonable, enterprise-grade security protocols to protect this data during transit and at rest.

6. Data Retention Protocols

We retain your PII only for as long as necessary to fulfill the operational requirements of the Camp and to satisfy any prevailing legal, accounting, or tax reporting mandates under Indian law. Upon expiration of these legal requirements, your personal data will be securely permanently deleted from our servers.

7. Client Rights (GDPR and CCPA Compliance)

Depending on your jurisdiction, you possess specific rights regarding your personal data:

• The right to request access to the PII we hold about you.
• The right to request corrections to inaccurate or incomplete data.
• The right to request the deletion of your data, subject to our overriding legal obligations (e.g., Indian tax retention laws).

8. Contact and Legal Controller

For any inquiries regarding this Privacy Policy or to exercise your data rights, you must contact our compliance team directly.