Your Privacy Matters to Us

Identity information: Full name, email address, mobile number, and profile photo.

Society information: Society name, address, flat/unit number, and resident type (owner/tenant).

Communications: Messages, notices, complaints, and other content you post on the platform.

Financial information: Bill payment status records (we do not store payment card details).

Device information: Device type, operating system, and app version.

Usage data: Features accessed, screens viewed, and session duration.

Location data: Approximate location used for society discovery during registration (with your permission).

Log data: IP address, browser type, and access timestamps for security monitoring.

Platform operation: To provide, maintain, and improve iSmartSociety services, including sending OTP verification and enabling member authentication.

Society management: To enable billing, visitor logs, notices, complaint tracking, and communication features within your society.

Communications: To send push notifications, service updates, and support communications. You can manage notification preferences in-app.

Security: To detect, prevent, and investigate fraud, abuse, and security incidents.

Legal compliance: To comply with applicable laws, regulations, and legal processes.

Analytics: To understand how our platform is used and improve features — using aggregated, anonymised data only.

Within your society: Member information (name, flat number, contact) is visible to other members and admins within your society as per your role and permissions.

Service providers: We work with trusted third-party service providers for cloud hosting (AWS), SMS delivery, push notifications (Firebase), and analytics. These providers process data only as instructed by us.

Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of iSmartSociety, our users, or the public.

Business transfers: In the event of a merger or acquisition, your information may be transferred as part of that transaction, with appropriate privacy protections maintained.

All data transmissions are encrypted using HTTPS/TLS 1.2 or higher.

Sensitive data (phone numbers, email addresses) is encrypted at rest.

Authentication is secured via OTP with 5-minute expiry and 3-attempt lockout.

JWT tokens with expiration and refresh mechanisms manage session security.

Access to your data is governed by role-based access control (RBAC) at every API endpoint.

Automated daily backups with 30-day retention protect against data loss.

Essential cookies: Required for website functionality and session management.

Analytics cookies: Used to understand website traffic and usage patterns (via Google Analytics 4). These can be declined via our cookie consent banner.

Marketing cookies: Used for targeted advertising and remarketing campaigns (Meta Pixel). These require explicit consent.

Access: Request a copy of the personal data we hold about you.

Correction: Request correction of inaccurate or incomplete data.

Deletion: Request deletion of your personal data, subject to legal obligations.

Portability: Request your data in a machine-readable format.

Objection: Object to processing of your data for specific purposes.

Withdrawal of consent: Withdraw consent for processing where consent is the legal basis.

Active user data is retained for the duration of your society's subscription.

After account deactivation, data is retained for 90 days before permanent deletion, allowing reactivation.

Financial records and billing history are retained for 7 years to comply with Indian accounting regulations.

All deleted records use soft-delete (flagged, not physically removed) to maintain audit integrity, before permanent deletion per our retention schedule.

In-app notification or push notification

Email to your registered address

Prominent notice on our website