BahirChalo
BahirChalo.com
Plan, Budget, Explore๐Ÿ‡ต๐Ÿ‡ฐ
Security

Your plans, your data โ€” protected

BahirChalo is a free travel discovery and planning platform. We do not take payments and we do not store card or wallet information โ€” so the most sensitive financial data never touches our systems. What we do hold (your account, saved trips and planner prompts) is protected with strong encryption and a defence-in-depth architecture.

We never ask for payment. All bookings and payments happen on the partner site you click through to. If anyone claims to take a payment on behalf of BahirChalo โ€” by transfer, JazzCash, Easypaisa or card โ€” it is a scam. Report it to us.
Encryption in transit & at rest
All traffic uses TLS 1.3. Sensitive data at rest is encrypted with AES-256.
No payment data, ever
We do not process or store card numbers, CVVs, OTPs or wallet PINs. That stays with the partner site.
Strong account security
Hashed passwords (Argon2), optional two-factor authentication and active session controls.
Hardened infrastructure
Hosted on enterprise cloud with isolated environments, automated backups and continuous monitoring.
Least-privilege access
Role-based access control and audit logs across all internal systems.
Continuous review
Regular dependency scans, code review and a public responsible-disclosure channel.

What data we hold

If you create an account, we store your email, preferences and any trips you save. The AI Trip Planner processes the prompts and travel preferences you submit. We do not collect CNIC, passport or payment details.

AI Trip Planner safety

Prompts and itineraries are processed through hardened AI pipelines. We strip personal identifiers from data used to improve our models and never sell prompts to third parties.

Outbound partner sites

When you click "Book on โ€ฆ", you leave BahirChalo and continue on a third-party site that has its own security and privacy practices. Verify the URL is legitimate (e.g. the official airline or hotel domain) before entering any payment details.

Privacy by design

We collect only what we need to deliver the planning experience. For full details see our Privacy Policy.

Responsible disclosure

If you believe you have found a vulnerability, we want to hear from you. Please email hello@bahirchalo.com with the subject "Security Disclosure" and include:

  • A clear description of the issue and affected URL.
  • Steps to reproduce and any proof-of-concept.
  • Your contact details so we can follow up.

Please do not exploit the issue, access other users' data, or run automated scans. We acknowledge valid reports within 72 hours and credit researchers in our hall of fame.

What you can do

  • Use a strong, unique password and enable 2FA on your account.
  • Never share OTPs or payment codes with anyone โ€” including people claiming to be from BahirChalo.
  • Verify emails come from @bahirchalo.com before clicking links.
  • Before paying on a partner site, double-check its URL and SSL padlock.
Report a security concern
We take every report seriously and respond personally.
hello@bahirchalo.com