International Data Transfers

Travories is headquartered in Kathmandu, Nepal, and serves travelers and agencies across more than 50 countries. Operating a global travel marketplace inevitably means that some of your personal data is transferred and processed outside the country where you live. This policy explains why these transfers happen, which countries are involved, and the safeguards we use to ensure your information remains protected across borders.

Why Data Crosses Borders

Several core functions of the platform involve transferring data internationally. Our cloud infrastructure, content delivery network, email service, and analytics tools are operated by specialised providers headquartered primarily in the United States and the European Union. Payment processing for international card transactions is handled by financial partners regulated in the United States and Singapore. When you book with a Nepali agency, your booking details necessarily cross the border to the operator delivering your trip.

Countries Where Data May Be Processed

Depending on the service involved, your personal data may be processed in:

  • Nepal — our primary operations, customer support, and operator relationships.
  • Singapore and the European Economic Area — cloud hosting, backup, and disaster-recovery regions for our application data.
  • United States — analytics, email delivery, customer-support tooling, and certain payment-processing partners.
  • India — some customer support and content review functions.

We re-evaluate this list whenever we change a vendor. Where a destination country does not provide protection equivalent to your country of residence, we rely on contractual safeguards as described below.

Safeguards for Cross-Border Transfers

Every third-party processor handling personal data on our behalf is bound by a written data-processing agreement that requires confidentiality, security controls, sub-processor disclosure, and breach notification within agreed timeframes. For transfers from the European Economic Area, the United Kingdom, or Switzerland, we use the European Commission's Standard Contractual Clauses (SCCs) or the UK International Data Transfer Addendum as the legal mechanism.

Personal data in transit between your device and our servers is encrypted with TLS 1.2 or higher. Data at rest in our cloud storage is encrypted using AES-256 with keys managed by our cloud provider's key-management service. Access to production data is limited to a small group of authorised engineers, logged, and reviewed.

Your Rights Concerning Cross-Border Transfers

If you are located in a jurisdiction that grants specific rights regarding international transfers — for example, the EEA, UK, or California — you may request information about the safeguards in place for transfers affecting you, or ask us to suspend a particular transfer where the law permits. Contact us via the link in the sidebar and we will respond within the timeframes prescribed by applicable law.

Need to get in touch?

If you have questions about how your data may be transferred or stored internationally, our support team is here to help.

Contact Us