Privacy policy
App, web, and data privacy
Last updated: June 24, 2026. This policy explains how Kavach360 handles personal data across the public website, contact routes, checkout handoffs, mobile apps, dashboard, customer support, and community operations.
This page is written for residents, committee members, property operators, website visitors, buyers, vendors, and support teams who want to understand what data moves through Kavach360 and why. It should be read with any signed customer agreement, data processing agreement, app-store terms, and payment provider terms that apply to a specific deployment.
1. Who this policy covers
- This policy applies to the Kavach360 public website, contact forms, blog, pricing and checkout routes, web dashboard, mobile apps, support channels, marketing communications, and related operational workflows.
- Kavach360 is operated by Auvana Ventures unless a signed customer agreement identifies a different contracting entity. A separate order form, data processing agreement, implementation statement, or enterprise contract may add customer-specific terms.
- For public website visitor, lead, marketing, and support data, Kavach360 decides why and how the data is processed. For community operations data inside a society, builder, township, commercial property, or managed portfolio account, the customer usually decides which users are invited, which modules are enabled, and what operational records are created. Kavach360 processes that account data to provide, secure, and improve the service.
2. Data we collect
- Identity and contact data: name, email address, phone number, organisation or society name, role, designation, and communication preferences.
- Account and access data: login identifiers, role, permissions, society or property association, unit or building details where configured, admin actions, authentication events, and audit records.
- Community operations data: resident records, visitor entries, staff or vendor records, service requests, complaints, approvals, amenities bookings, notices, announcements, polls, governance workflows, dues reminders, invoices, receipts, payment status, and related attachments where a customer enables those features.
- Payment and checkout data: plan selected, payment provider handoff status, transaction reference, payment status, invoice or receipt metadata, tax or reconciliation information, and support context. We do not ask users to share card PINs, UPI PINs, banking passwords, or full payment credentials with Kavach360.
- Device and technical data: IP address, browser, operating system, device model, app version, page or screen events, cookies or similar technologies, crash data, diagnostic logs, and security events.
- Mobile permissions data: camera, media, notifications, device information, or location may be requested only when a feature needs it and the operating system permission flow allows it. Not every account uses every permission.
- Support and communication data: form messages, support tickets, demo requests, onboarding notes, call or meeting context, email preferences, unsubscribe actions, and campaign engagement.
3. Where data comes from
- Data may come directly from visitors, residents, admins, committee members, staff, vendors, or other authorised users.
- Customers may upload, import, or create data for their community, such as resident lists, unit records, dues records, notices, vendor details, or support workflows.
- Service providers such as payment gateways, app stores, analytics tools, CRM systems, hosting platforms, email providers, and support tools may return limited technical, delivery, transaction, or diagnostic information.
4. How we use data
- Operate the website, app, dashboard, checkout routes, mobile features, support channels, and customer accounts.
- Respond to demo, pricing, onboarding, payment, support, security, legal, and implementation requests.
- Route operational workflows between residents, admins, committees, property teams, gate teams, finance users, support teams, vendors, and other authorised roles.
- Process subscriptions, public checkout handoffs, invoices, receipts, reconciliation, refunds, tax records, and plan administration.
- Maintain authentication, access control, abuse prevention, audit trails, troubleshooting, service reliability, backups, and incident response.
- Improve product quality, content, onboarding, analytics, conversion flows, and user experience using aggregated, de-identified, or limited identifiable data where appropriate.
- Send service notices, policy updates, security alerts, transactional messages, and optional marketing or product updates when consent or another lawful basis permits it.
- Comply with applicable law, lawful requests, accounting duties, dispute resolution, security obligations, and regulatory expectations.
5. Consent, lawful use, and choices
- Website forms separate required acceptance of terms and privacy notices from optional marketing consent. Marketing consent is not preselected.
- Users can withdraw optional marketing consent by using an unsubscribe mechanism, changing available account settings, or contacting us through the website contact route.
- Some processing is necessary to provide the service, perform a contract, maintain security, keep records, respond to legal obligations, or protect users and communities. If that data is removed, some features may stop working.
- Mobile app permissions can be managed through device settings. Turning off a permission may limit features that need that permission, such as photo upload, notifications, visitor pass scanning, or location-aware workflows if enabled.
6. Cookies, analytics, and tracking
- The website may use cookies or similar technologies for essential site behavior, security, analytics, campaign attribution, and performance measurement.
- Analytics should be configured to minimise personal data, avoid unnecessary profiling, and respect consent requirements where applicable.
- If a cookie preference centre is introduced, users will be able to update non-essential cookie choices there. Essential security and service cookies may still be required.
7. Sharing and processors
- Customer admins and authorised account users may see data according to their role, permissions, society configuration, and customer instructions.
- We may use service providers for cloud hosting, storage, security, email delivery, SMS or notification delivery, CRM, analytics, support, error monitoring, payment processing, app distribution, and implementation operations.
- Payment providers, banks, card networks, UPI rails, app stores, tax systems, or checkout partners may process data under their own policies when a payment, subscription, refund, or app transaction uses their service.
- We may share data when required by law, to respond to lawful requests, to protect rights and safety, to investigate abuse, to enforce terms, or in connection with a merger, financing, acquisition, restructuring, or sale of assets.
- We do not sell personal data. We do not allow processors to use customer data for their independent advertising unless the user or customer has separately agreed to that provider's terms.
8. Data retention
- We retain data only for as long as needed for the purpose collected, the active customer relationship, product operation, accounting, tax, legal, security, audit, dispute, or compliance requirements.
- Website lead and support records are kept while the request, sales conversation, onboarding, or support context remains active, and then according to the retention schedule used by the relevant CRM or support system.
- Customer account and community operations records are retained during the subscription term and for a reasonable period after termination to support export, migration, backup, reconciliation, legal claims, and audit needs unless a signed agreement says otherwise.
- Financial, invoice, payment, tax, and reconciliation records may be retained for longer where law, accounting rules, payment providers, or dispute handling require it.
- Security logs, incident records, access logs, and audit trails may be retained for operational security and applicable cyber incident or data protection record-keeping requirements.
- Backups are removed on their normal cycle unless preservation is needed for security, legal, or continuity reasons.
9. Security and incident handling
- We use role-based access, environment separation, access review, logging, backup practices, secure transport, and operational controls appropriate to the stage and risk of the service.
- No system is perfectly secure. Users and customer admins are responsible for protecting credentials, assigning roles carefully, removing users who should no longer have access, and reporting suspicious activity.
- If we identify a data incident that affects personal data, we assess scope, contain the issue, preserve relevant logs, notify affected customers or users when required, and coordinate with regulators or authorities where applicable.
10. International processing
- Hosting, analytics, support, payment, notification, app distribution, or security providers may process data in India or other countries depending on provider infrastructure and customer configuration.
- When data is transferred across borders, we use contractual, technical, and organisational safeguards appropriate to the service and applicable law.
11. Children and family data
- Kavach360 is designed for communities, property teams, residents, staff, vendors, and authorised users. It is not intended for unsupervised use by children.
- If a customer enables family, dependent, school bus, visitor, or similar workflows that involve minors, the customer must ensure it has the required authority, notice, and guardian consent. Kavach360 processes that data only for the configured service purpose.
- We do not knowingly target children with marketing.
12. User rights and requests
- Depending on applicable law and account context, users may request access, correction, deletion, withdrawal of consent, restriction, portability, or information about how their data is handled.
- Some requests may need to be routed through the society, builder, committee, property operator, employer, or customer admin that controls the account record. We may verify identity before acting on a request.
- Deletion or correction may be limited where records must be retained for legal, financial, security, dispute, audit, or community governance reasons.
- Use the dedicated data deletion page for app account deletion and associated data deletion requests. Until a full privacy centre is introduced, use the website contact route for other privacy, correction, access, consent withdrawal, or grievance requests.
13. Policy updates
- We may update this policy as the product, website, apps, laws, vendors, or data flows change. Material updates may be communicated through the website, app, dashboard, email, or customer admin channels.
- The version date below shows when this public policy was last materially updated.
14. Contact
For account and associated data deletion, use the data deletion page. For privacy requests, data corrections, consent withdrawal, security concerns, or grievance handling, use the website contact route. Include enough context to identify the relevant website submission, app account, society, property, payment, or support request.