The Manifest
Legal & Licensing·12 July 2026·10 min read

Your best employee left, with your client list. Now what?

Poaching your clients isn't illegal in India, but taking your data to do it is. What a non-solicitation clause can stop, and how to prevent it recurring.

Reykjavík · 23:10

Your senior sales executive quit on a Friday, gave the standard notice, and left on good terms, or so it seemed. By the following month, three of your regular Bali and Ladakh clients had rebooked their next trip through a new Instagram page, run by the same person who used to draft their quotes. The itinerary looks familiar. The rates look familiar. Your client list, the one your business actually runs on, just walked out the door.

This is one of the most common confession threads in Indian agent Facebook groups, and it never gets less painful. But before you fire off a legal notice or a public rant, you need to separate two things that feel identical in the moment but are legally very different: an ex-employee poaching your clients, and an ex-employee stealing your client data to do it.

This post covers what's actually legal versus illegal here, what a non-solicitation agreement can and can't stop, the evidence you'd need if you go to a lawyer or the police, and the one structural fix that matters more than any clause.

What's actually illegal here (and what isn't)

Poaching itself, an employee leaving and later working with people who used to be your clients, is not illegal in India. What crosses into illegal territory is how they got those people: if they exported your client database, screenshotted your CRM sheet, or forwarded WhatsApp chat histories before resigning, that's arguably data theft, not competition.

Travel is a relationship-driven trade. People change agencies to follow a person they trust, and Indian law generally protects the right to earn a living and compete, including by someone who used to work for you. That's uncomfortable to hear when you've just lost three regular clients, but it's the starting point for everything else in this post.

Where it stops being "just business" is the taking. Client contact details, passport records, past itineraries and price history that live in your systems belong to the business, not to whichever employee last touched them. Exporting that data before an exit, or using it to target the exact same clients with the same offers, is a different act in the eyes of the law than simply opening a competing agency.

Careful: A complaint that says "my clients started booking with my ex-employee" won't get you anywhere with a lawyer or the police. You need to show that data moved, not that clients moved. Without that, this is a business dispute, not a crime.

The law on stealing client data, as of July 2026

If a former employee exported your client list, price sheets, or passport-and-itinerary records before leaving, and used them to solicit those same clients, that data is company property, and taking it can be pursued as theft or criminal breach of trust. Legal commentary on Indian cases has historically pointed to the old Indian Penal Code sections here, Sections 378 (theft), 379 (punishment for theft), and 408 (criminal breach of trust by a clerk or servant), as the provisions used against departing employees who walk off with client records (source).

Those exact section numbers changed on 1 July 2024, when the Bharatiya Nyaya Sanhita (BNS) replaced the IPC, and much of the trade commentary on this topic still cites the old numbers. As of July 2026, if you're filing a complaint, ask your lawyer for the current BNS equivalents of theft and criminal breach of trust rather than quoting IPC 378, 379 or 408 directly. The underlying principle holds regardless of which code applies: an employee who copies confidential client data for personal gain before leaving isn't being merely competitive, they're arguably taking something that belongs to the business.

There's a second angle worth a mention if the exported data included passport numbers or other personal information: your own obligations under the DPDP Act don't disappear just because an employee stole the data. It's worth reading how that law treats passport scans and client personal data so you know what you're on the hook for too, not just what you can claim against the ex-employee.

Non-solicitation clauses: what they can and can't do

A non-solicitation clause signed at the time of hiring is the strongest tool you have before anything goes wrong, but it only stops solicitation, not competition. It can bar a former employee from actively approaching the specific clients they served at your agency for a defined period after leaving. It cannot stop them from opening a rival agency, advertising publicly, or serving a client who approaches them unprompted.

Indian courts have generally been unfriendly to clauses that try to do more than that. Under Section 27 of the Indian Contract Act, an agreement that restrains someone from carrying on a lawful profession, trade or business is void, with only narrow exceptions, mainly around the sale of a business (source). A broad non-compete telling an ex-employee they can never work in travel again in your city is very likely unenforceable if challenged. A tightly worded non-solicitation clause, naming a defined client set or category and a defined time period, sits on much firmer ground. Confirm the specific wording with a lawyer before you rely on it; enforceability here depends heavily on how narrowly it's drafted.

Clause type What it tries to stop Typically enforceable in India
Non-compete Working in the trade at all Rarely (Contract Act s.27)
Non-solicitation Contacting named or former clients for a set period Often, if narrowly drafted
Confidentiality Using or disclosing client data, price sheets, contracts Yes, and separately backed by theft and breach-of-trust law

The practical order of priority: get the confidentiality clause airtight first, since it's the one backed by criminal law regardless of drafting quality, then layer a narrow non-solicitation clause on top. Draft both at hiring. Trying to introduce them after someone resigns is a negotiation, not a policy.

The evidence that actually holds up

If you want a lawyer or the police to take this seriously, bring evidence that data moved, not evidence that clients moved. That means access logs, export or download records, and anything showing the departing employee took client information with them before or shortly after resigning.

What to gather, starting the day you suspect something:

  • Login and access logs from wherever the client list lives (CRM, shared drive, even Google Sheets version history) showing exports, mass downloads, or unusual access in the final weeks of employment
  • The specific spreadsheet, export file, or database dump, with timestamps, if it can be retrieved from company systems or IT backups
  • Screenshots or forwarded messages showing the employee soliciting a named client using details only available through your systems, such as a quoted price, a full itinerary, or a passport number
  • The signed offer letter or employment contract, especially any confidentiality or non-solicitation clause
  • A dated resignation letter and last-working-day record, to establish a clean timeline
  • Any admission, even indirect, in exit conversations or chat threads ("I already have the client details")

Example: Say your CRM shows a full client list export of 340 contacts, run from one employee's login four days before their last working day. Within three weeks, 20 of those same clients have new Instagram DMs from the employee's new page, quoting a Bali itinerary at a price close to your own. That access log, the timing, and the itinerary overlap are the kind of pattern a lawyer can actually build a case on. "My clients just started booking with my ex-staff" on its own is not.

What to do in the first 30 days

  1. Freeze and audit access immediately. Revoke logins the day the resignation is confirmed, before the exit interview if you can manage it, and pull access or export logs for the final 60 to 90 days of employment.
  2. Pull the paper trail. Find the signed employment contract and check for any confidentiality or non-solicitation clause, and note its exact wording and duration.
  3. Talk to a lawyer before sending anything. A cease-and-desist letter sent in anger, or worded wrong, can tip off the person to cover their tracks or destroy evidence before you've secured it.
  4. Re-engage your at-risk clients yourself. Reach out personally, as the owner, to the clients that person handled, not with accusations, just with attentive service. A client who hears from you directly within days is far less likely to have already booked elsewhere.
  5. Document everything as it happens, with dates: the resignation, the access logs, the first client you learn was contacted, the first booking you lose.
  6. Decide, with your lawyer, whether this is worth a civil suit, a criminal complaint, or neither. Most agencies that go the litigation route learn a hard lesson: a case against a former employee can run for years and cost more in fees than the diverted bookings were worth. It's worth pursuing where the evidence is strong and the deterrent value matters, but it should never be the plan. The plan is what happens before anyone resigns.

The real fix: don't let one person own the relationship

The agencies that keep losing clients to departing staff share one structural problem: the client relationship, the quote history, the preferences, the entire trust built over past trips, lives inside one employee's head, personal phone, and personal WhatsApp. If that employee is the only record of who a client is and what they've booked, they don't need to steal anything on the way out. They simply leave with what was never really recorded as the company's to begin with.

A stronger contract helps at the margins. The bigger fix is making sure client relationships live in a shared system the business actually owns: an enquiry and client record any authorised teammate can see, role-based access so a junior salesperson can't quietly export the whole database, and a log of who touched what and when. This is also the difference between finding out about a data export from an angry client and finding out from your own access logs the same week it happened.

If your business is still tracking clients and repeat bookings through one person's phone and a shared Excel sheet everyone edits differently, that's the exposure this whole post is about, not the employee who eventually walks out the door with it. Agencies that have outgrown a spreadsheet-and-WhatsApp setup usually feel this risk long before they can name it.

Common questions

Can an ex-employee legally take clients with them in India?

Yes, in the sense that Indian law generally does not stop someone from competing for business or being chosen by a client who wants to follow them. What the law can act on is not the client choosing to move, but the employee using your company's client data, records, or confidential price information to make that move happen.

Is taking a client database theft under Indian law?

Exported client lists, passport records or price sheets taken without authorisation have historically been pursued as theft and criminal breach of trust under IPC Sections 378, 379 and 408 (source). Since 1 July 2024 those offences sit under the Bharatiya Nyaya Sanhita instead, so confirm the current section numbers with a lawyer before filing rather than relying on the old IPC citations still circulating in trade commentary.

What can a non-solicitation agreement actually stop?

A well-drafted non-solicitation clause can stop a former employee from actively approaching the specific clients they served at your agency, for a defined period. It cannot stop them from working in travel generally, advertising publicly, or accepting business from a client who approaches them first, and a clause that tries to go that far risks being void as an unlawful restraint of trade under Section 27 of the Contract Act (source).

The short version

  • Poaching alone is legal in India; taking your client data to do it is a different matter and can be pursued as theft or criminal breach of trust.
  • The relevant offences moved from IPC 378/379/408 to the Bharatiya Nyaya Sanhita on 1 July 2024. Confirm current section numbers with a lawyer before filing, don't cite the old IPC numbers.
  • A non-solicitation clause can stop someone contacting your named clients for a set period. It cannot stop them from competing outright, and a broad non-compete is likely unenforceable under Contract Act Section 27.
  • Evidence that wins a case is proof data moved: access logs, export records, timestamps, and messages using confidential details. Proof that clients moved is not enough on its own.
  • In the first 30 days: freeze access, pull the paper trail, get legal advice before sending anything, and personally re-engage the clients at risk.
  • Litigation against an ex-employee is often slower and costlier than the bookings it recovers. Treat it as a deterrent option, not the plan.
  • The real fix is upstream: keep client relationships and access logs in a shared company system, not in one employee's personal phone and WhatsApp.
Your best employee left, with your client list. Now what? — The Manifest by Tourify