Trust & security
How we protect you
This page is maintained by Worldway Travels to answer common security and privacy questions about our service. It describes our current practices and the platform capabilities we rely on; it is not an independent certification or audit.
Access & authentication
Customer and agent accounts are protected by managed authentication. Administrative areas require sign-in and role-based authorization enforced on the server, not just in the browser.
Platform & hosting
Worldway Travels runs on Lovable Cloud, which provides managed application hosting and a managed Postgres database. This describes enabled platform capabilities and is not an independent certification.
Data protection
Personal and booking data is stored in a managed database with row-level security so records are only accessible to the people and services authorized to see them.
Payments
Online payments are processed by our payment provider (Razorpay). We do not store full card details on our own systems; payment confirmations are verified server-side using signed webhooks.
Subprocessors & integrations
We use trusted third-party providers for hosting, payments, email delivery and travel supply. These providers process data only as needed to deliver our services.
Data retention & deletion
We retain booking and account data for as long as needed to provide our services and meet legal obligations. To request access to or deletion of your data, contact us using the details below.
Security contact
If you believe you have found a security issue, please contact us so we can investigate. We welcome responsible disclosure and aim to respond promptly.
Security is a shared responsibility: our platform provider secures the underlying infrastructure, Worldway Travels maintains the application and its data handling, and customers are responsible for keeping their own account credentials safe.
Questions