GDPR Compliance

Last updated: January 1, 2026

1. Our Commitment to GDPR

Nivasy is committed to protecting the privacy and personal data of all users in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This document outlines how we comply with GDPR requirements and respect your data protection rights.

2. Data Controller Information

Data Controller: Nivasy Technologies Pvt. Ltd.

Address: Mumbai, India

Email: hello@nivasy.in

Phone: +91 8591 951595

3. Legal Basis for Processing

We process personal data under the following legal bases:

3.1 Consent (Article 6(1)(a))

You have given explicit consent for us to process your personal data for specific purposes, such as marketing communications or optional features.

3.2 Contract Performance (Article 6(1)(b))

Processing is necessary to provide our society management services as outlined in our Terms of Service.

3.3 Legal Obligation (Article 6(1)(c))

Processing is necessary to comply with legal obligations, such as tax reporting or regulatory requirements.

3.4 Legitimate Interests (Article 6(1)(f))

Processing is necessary for our legitimate interests in providing secure, efficient services, preventing fraud, and improving our platform.

4. Your GDPR Rights

Under GDPR, you have the following rights:

4.1 Right to Access (Article 15)

You have the right to obtain confirmation about whether we process your personal data and receive a copy of that data.

4.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

4.3 Right to Erasure (Article 17)

You can request deletion of your personal data under certain circumstances (the "right to be forgotten").

4.4 Right to Restriction (Article 18)

You can request that we limit how we use your personal data in specific situations.

4.5 Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used format and transmit it to another controller.

4.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

4.7 Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affects you.

5. How to Exercise Your Rights

To exercise any of your GDPR rights:

  • Email us at hello@nivasy.in
  • Use the in-app data request form (Settings → Privacy → Data Rights)
  • Send written request to our address: Nivasy Technologies Pvt. Ltd., Mumbai, India

We will respond to your request within 30 days. If the request is complex, we may extend this period by 60 days and will inform you accordingly.

6. Data We Collect

6.1 Personal Data

  • Name, email address, phone number
  • Residential address and flat number
  • Payment information (processed securely via third-party processors)
  • Identification documents (for verification purposes)

6.2 Usage Data

  • IP address and device information
  • Browser type and version
  • Login timestamps and activity logs
  • Feature usage patterns

6.3 Society Management Data

  • Visitor entry logs with timestamps
  • Maintenance payment records
  • Complaint and service request history
  • Communication records within the platform

7. Data Processing Activities

We process your data for the following purposes:

  • Providing and maintaining our society management services
  • User authentication and account management
  • Processing maintenance payments
  • Managing visitor access and security
  • Facilitating communication between residents and management
  • Sending service notifications and updates
  • Analyzing usage to improve our services
  • Ensuring security and preventing fraud
  • Complying with legal obligations

8. Data Retention

We retain personal data only for as long as necessary:

  • Active accounts: Data retained while account is active
  • Inactive accounts: 3 years after last activity, then deleted
  • Financial records: 7 years for tax and accounting purposes
  • Security logs: 12 months
  • Visitor logs: 90 days unless required for security investigations
  • Complaint records: 2 years after resolution

9. Data Security Measures

We implement robust security measures to protect your data:

9.1 Technical Measures

  • End-to-end encryption for data transmission (TLS 1.3)
  • Encryption at rest for stored data (AES-256)
  • Secure authentication (multi-factor authentication available)
  • Regular security audits and penetration testing
  • Automated threat detection and monitoring

9.2 Organizational Measures

  • Access controls and role-based permissions
  • Staff training on data protection
  • Data processing agreements with vendors
  • Incident response procedures
  • Regular privacy impact assessments

10. Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection
  • Data hosting with Google Cloud Platform (Firebase) which complies with EU-US Data Privacy Framework
  • Annual review of international transfer mechanisms

11. Third-Party Data Processors

We work with carefully selected third-party processors:

Firebase/Google Cloud Platform

Cloud hosting, database, authentication, and analytics

Payment Processors

Secure processing of maintenance payments (PCI-DSS compliant)

Communication Services

Email and push notification delivery

All processors are bound by Data Processing Agreements (DPAs) that ensure GDPR compliance.

12. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify:

  • The relevant supervisory authority within 72 hours of becoming aware
  • Affected individuals without undue delay if there is a high risk
  • Details of the breach, its impact, and mitigation measures

13. Children's Data

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that a child has provided personal data, we will delete it promptly. Parents or guardians can contact us if they believe their child has provided personal data.

14. Automated Decision-Making and Profiling

We do not engage in automated decision-making that produces legal effects or similarly significantly affects you. Any analytics or profiling we conduct is for internal service improvement and does not result in automated decisions affecting your rights.

15. Right to Lodge a Complaint

If you believe we have not complied with GDPR, you have the right to lodge a complaint with:

  • Email us at hello@nivasy.in
  • Your local supervisory authority in the EU/EEA
  • The supervisory authority where our establishment is located

We encourage you to contact us first so we can address your concerns directly.

16. Updates to This Document

We may update this GDPR compliance document to reflect changes in our practices or legal requirements. Material changes will be communicated through email or prominent notice on our platform. Continued use after changes constitutes acceptance.

17. Contact Information

For any GDPR-related questions or to exercise your rights:

Email: hello@nivasy.in

Address: Nivasy Technologies Pvt. Ltd., Mumbai, India

Phone: +91 8591 951595