Privacy Policy

Last Updated: March 22, 2026

At Kinglayang Homestay ("we", "us", or "our"), we care for this property as if it were our own home, and we extend that same deep respect to your digital privacy. This Privacy Policy outlines our strict commitment to transparency and explains how we collect, process, and safeguard your personal data in accordance with the Digital Personal Data Protection Act (DPDP) of India and international best practices like the GDPR.

1. Information We Collect

To provide a seamless booking experience and comply with local regulations, we collect the following categories of data:

  • Identity Data: Full name, username, and government-issued identification (Aadhar, Voter ID, or Passport) required by local authorities for guest check-in (Form-C compliance).
  • Contact Data: Residential address, validated email address, and mobile phone numbers for booking coordination.
  • Transaction Data: Historical records of room bookings, payment status (via secure third-party gateways), and service preferences.
  • Digital Footprint & Analytics: We use privacy-first, cookieless analytics (Matomo) to monitor website performance using anonymized IP addresses. Third-party marketing trackers (like the Meta Pixel) are only ever loaded if you explicitly grant us permission. For more details, see our Cookie Policy.

2. Password Security & Cryptographic Hashing

How we protect your credentials:

We employ a "Zero-Knowledge" security architecture. When you register, your password is immediately transformed into a unique digital fingerprint using Bcrypt—an industry-standard salted hashing algorithm.

By utilizing one-way cryptographic hashing, we ensure that your actual password never exists on our database in a readable format. This protects you in several ways:

  • Irreversibility: A hashed password cannot be converted back into plain text, even by our senior database administrators.
  • Salted Protection: We add unique "salt" values to every password hash to prevent advanced brute-force or "rainbow table" attacks.
  • Privacy First: Our system verifies your login by comparing hashes, meaning your real password is never "known" by our server.

3. Purpose of Data Processing

We process your information only for legitimate business purposes allowed under the law:

  • Contract Fulfillment: Managing your room reservations, add-on services, and payment processing.
  • Legal Compliance: Adhering to the Foreigners Act, 1946 and local police requirements for maintaining guest registers and Form-C submissions.
  • Security: Monitoring for fraudulent activity and ensuring the safety of our physical premises and digital platform.
  • Direct Updates: Sending essential notifications, automated invoices, and responses to your direct inquiries.

4. Advanced Data Security Measures

Kinglayang Homestay implements multi-layered security protocols to safeguard your information from unauthorized access or disclosure:

  • End-to-End Encryption: Our website uses 256-bit SSL (Secure Socket Layer) certificates to encrypt all data moving between your device and our server.
  • Database Firewalls: Our SQL databases are stored on secured servers with restricted access, protected by advanced firewalls.
  • Least-Privilege Access: Only essential staff members have access to guest contact details, and all access is logged and audited for security purposes.

5. Data Retention & Erasure

We retain your personal data only for as long as is necessary to provide you with our services and to comply with legal obligations.

Typically, transaction records are maintained for up to 7 years to satisfy Indian tax and accounting regulations. Following the expiration of the required legal period, your data is either permanently deleted or fully anonymized for statistical analysis.

6. Your Rights & Choices

Under modern data protection frameworks, you have significant control over your information:

  • Right to Access: You may request a summary of the personal data we hold about you at any time.
  • Right to Rectification: You can update or correct any inaccurate information through your user profile.
  • Right to Withdraw Consent: You may opt-out of optional data collection (like marketing cookies) via our Cookie Settings.
  • Right to Erasure: You may request the deletion of your account, subject to our legal requirements to maintain guest logs.

7. Third-Party Integrations

While we protect your data on our site, we use trusted third-party partners for specialized services. For example, payment processing is handled by secure gateways, and location services are provided by Google Maps. Each of these partners operates under their own robust privacy policies.

Contact Our Privacy Team

If you have questions about how we handle your data or wish to exercise your legal rights, please contact us:

Kinglayang Homestay