Last Updated: 15/10/2025

At Excellis Travel, we treat payment security very seriously. This document explains how we protect your payment data, what methods we support, and what you should know to maintain safe transactions.

1. Secure Transmission (Encryption & SSL)

• All payment-related transactions made through our Platform are transmitted over Secure Socket Layer (SSL) / TLS encryption. This ensures that your sensitive payment data (card numbers, bank account, etc.) is encrypted (scrambled) before being transmitted over the internet.
• We use industry-standard HTTPS / TLS protocols to ensure data in transit is secure and to prevent eavesdropping, tampering, or interception.
• Our servers and payment endpoints are hosted in secure, hardened environments with stringent security policies.

2. Payment Methods Supported

We support multiple secure payment options to give users flexibility and safety. Depending on region, these may include:

• Credit / Debit Cards (Visa, Mastercard, AMEX, etc.)
• Net Banking / Bank Transfers
• UPI / Wallets (if applicable)
• Payment Gateway / Third-party processor transactions
• For B2B / Corporate / Agent users: payments via account / credit / corporate terms, subject to verification

We do not store full card data on our servers; card processing is handled by certified payment gateways with PCI compliance.

3. Payment Gateway & Third-Party Processing

• All payment processing is handled via trusted, certified external payment gateways or financial institutions. Excellis does not directly store or process raw card data beyond what is needed for tokenization or transaction reference (if permitted).
• Payment gateways must comply with PCI DSS (Payment Card Industry Data Security Standard) or equivalent standards as required in their jurisdiction.
• Tokenization, where used, ensures that the card data is replaced with a non-sensitive token, reducing exposure risk.
• In case refunds or chargebacks are required, Excellis will coordinate with the payment gateway or financial institution as per their process and timelines.

4. Verification, Fraud Prevention & Risk Monitoring

• We have built-in fraud detection & prevention systems (e.g. transaction monitoring, anomaly detection, velocity checks) to flag suspicious transactions.
• Users may be required to complete additional verification / authentication (OTP, 2FA, KYC) before high-value transactions or account changes.
• Excellis reserves the right to refuse or suspend a booking or transaction if it deems it suspicious, or request further documents for verification.
• We maintain audit logs and monitoring systems to detect unauthorized or anomalous access or behavior.

5. Refunds, Chargebacks & Disputes

• Refunds are processed in accordance with the cancellation / refund policy and the terms of the relevant Supplier and payment gateway.
• During a chargeback or dispute, Excellis may cooperate with the payment gateway, bank, or issuer in providing transaction records, logs, audit trail, and supporting documentation.
• In case of fraudulent chargebacks, Excellis reserves rights to suspend or restrict account usage or take legal action.

6. Cardholder / User Responsibilities & Best Practices

To help keep your transactions safe:

• Always check that the site URL is using “https://” and that the padlock icon is present in the browser address bar during payments.
• Do not share your password, OTP or 2FA codes with anyone.
• Use strong, unique passwords for your account, and enable two-factor authentication (2FA) if offered.
• Monitor your transaction history and immediately report any unauthorized or suspicious activity to us.
• Ensure your device (computer/phone) is free from malware / viruses, and avoid using unsecured public Wi-Fi networks for payments.

7. Data Storage & Retention

• We do not store full card numbers, CVV or sensitive card data beyond what is allowed by the payment gateway terms.
• Tokenization, where applicable, is used so that card data is replaced with non-sensitive tokens for recurring or additional processing.
• Transaction metadata (transaction ID, amount, date, status, user, masked card label) may be stored for accounting, audit, reconciliation, invoicing, dispute resolution, and compliance.
• We retain payment records and transaction logs as required by law, tax regulations, or internal policies. Once no longer needed, we securely delete or anonymize the data.

8. Third-Party & Sub-processor Security

• Any third-party vendor, payment gateway, bank or service provider we engage will be required to maintain appropriate security standards including data protection, confidentiality and compliance.
• Excellis will conduct due diligence, audits, or require security certifications (PCI, ISO, etc.) from service providers as needed.
• We require contractual obligations (NDA, Data Processing Agreements) with third parties to ensure protection of user payment data.

9. Incident / Breach Response & Notification

• In case of a data breach, security incident, or unauthorized access involving payment or personal data, Excellis will:
  1. Promptly investigate and contain the breach.
  2. Notify affected users (if required by law/regulation) and regulatory bodies as applicable.
  3. Provide remedial measures or assistance to users (e.g. advising to change passwords, reissue tokens).
  4. Review security controls, implement fixes, and improve monitoring to prevent recurrence.

10. Disclaimer & Limitation of Liability in Payments

• While we use industry best practices, Excellis does not warrant absolute security of payment transmission or storage.
• Excellis is not liable for losses arising from disallowed, unauthorized, or fraudulent transactions in cases where Users fail to follow security best practices, or when the intrusion is through means beyond our control (e.g., malware, phishing).
• Our liability in payment processing is limited to the extent required by applicable law, and excludes indirect, consequential damages, to the fullest permissible extent.

11. Changes to Payment Security Policy

We may update this Payment Security Policy at any time. When we do, we will post the revised version with an updated “Last Updated” date. Continued use of the Platform for payments constitutes acceptance of the changes.

12. Contact & Queries

For any questions, concerns, or issues regarding payment security and transactions, you can reach us at:

Email: payments@excellistravel.com / support@excellistravel.com

Address: Ecostation Business Tower CN-06, 15th Floor-Unit-1501 &, Unit-1504, Street Number 9, BP Block, Sector V, Bidhannagar, Kolkata, West Bengal 700091

Phone: +91 XXXXXXXXXX