Tripaay
Start free trial
Back to home

Acceptable Use Policy

Effective date: 2026-05-20

This Acceptable Use Policy ("AUP") describes activities that are prohibited when using the Tripaay platform ("Service"). It is incorporated by reference into the Terms of Service and applies to all Customers, Authorized Users, and anyone accessing the Service.

Violations may result in suspension or termination of access without refund.

1. Lawful use

You must use the Service only for lawful purposes and in compliance with all applicable laws — including the Information Technology Act 2000, the Digital Personal Data Protection Act 2023, the Goods and Services Tax Act 2017, the Bureau of Indian Standards regulations for travel agencies, and any other Indian or international law applicable to your activity.

2. Prohibited content

You may not upload, transmit, or store any content that is:

  • Illegal, fraudulent, or used to facilitate illegal activity
  • Infringing on intellectual-property rights (logos, photos, or text you don't own the rights to)
  • Defamatory, obscene, harassing, hateful, or threatening
  • Sexually explicit, especially involving minors (zero tolerance — reported to authorities)
  • Promoting violence, terrorism, or illegal substances
  • A scam, phishing attempt, or otherwise deceptive
  • Designed to spread malware, viruses, or harmful code

3. Prohibited personal data

You must not enter the following into Tripaay's freeform fields (notes, descriptions, etc.):

  • Government-issued identifiers — Aadhaar, PAN, passport, driver's licence numbers
  • Financial account credentials — bank account numbers, card numbers, CVVs, UPI PINs, net-banking passwords
  • Authentication secrets — passwords, API keys, OTPs
  • Sensitive personal data under DPDP — biometrics, health records, sexual orientation, religious or political views
  • Personal data of third parties without their lawful basis for processing

If you discover such data was entered, contact privacy@tripaay.com immediately so we can purge it.

4. No abuse of the Service

You may not:

  • Attempt to bypass authentication, row-level security, rate limits, or any access control
  • Reverse-engineer, decompile, disassemble, or attempt to derive the source code of the Service
  • Test or probe the Service for vulnerabilities without prior written permission (responsible-disclosure pathway: security@tripaay.com)
  • Use automated tools (scrapers, bots, headless browsers) at a rate that degrades performance for other Customers
  • Resell, sublicence, or grant access to the Service to third parties outside your agency
  • Use the Service to build a directly competing product (e.g., scraping your data to seed another CRM)
  • Misrepresent your identity, role, or agency

5. Communication abuse

If you use the Service to send messages (email proposal links, WhatsApp messages once that integration ships):

  • You must have a legitimate prior business relationship or explicit consent from the recipient
  • You must not send spam, unsolicited marketing, or chain messages
  • You must include the agency's identity in every commercial message
  • You must honour opt-outs immediately
  • You may not use a misleading sender name or "from" address
  • You must comply with Meta's WhatsApp Business policies if using the WhatsApp integration

6. Tax and compliance abuse

Tripaay generates GST invoices to help your compliance. You agree:

  • All invoice data you enter is true and accurate
  • You will not use Tripaay to generate falsified invoices or fake transactions
  • You take responsibility for proper GST filing using the invoice records
  • Voided invoices remain in the system for audit purposes — you may not request manual deletion

7. Fair use of unlimited features

Plans labelled "unlimited" are subject to reasonable use. We reserve the right to throttle or contact you if your usage is materially higher than typical Customers on the same plan (e.g., 100× the average lead-creation rate). We will always discuss before taking action.

8. Responsible disclosure

If you discover a security vulnerability:

  • Email security@tripaay.com with technical details
  • Allow us at least 90 days to address the issue before public disclosure
  • Do not exploit the vulnerability beyond what's necessary to demonstrate the issue
  • Do not access, modify, or delete data of other Customers

We are still building a formal bug-bounty program. In the meantime, we will acknowledge contributions in release notes (with permission) and may provide a token of appreciation for material findings.

9. Consequences

Violations of this AUP may result in:

  • A warning email (for minor or first-time issues)
  • Suspension of the account
  • Termination without refund
  • Reporting to law enforcement where appropriate
  • Civil or criminal action

We will give notice and an opportunity to cure for non-urgent issues. For severe violations (illegal content, security attacks, ongoing harm to other Customers), suspension may be immediate.

10. Reporting violations

If you believe someone is violating this AUP:

  • Email: abuse@tripaay.com
  • Subject: AUP violation — [brief description]
  • Body: what you observed, where (URL or feature), and any evidence

We respond to credible reports within 3 business days.

11. Changes

We may update this AUP from time to time. Material changes will be notified to active Customers by email at least 15 days before they take effect.

Last updated: 2026-05-20