Swift Society Management

Privacy Policy

Last updated: June 3, 2026 · Effective: May 17, 2026

1. Who We Are and Who Uses the App

Swift India Facilities Management (P) Ltd. ("Swift India", "we", "us", or "our"), CIN U74999DL2019PTC350643, having its registered office at A-1190, Gali No. 21, Shyam Colony, Budh Vihar, Phase-II, New Delhi - 110086, India, is the Data Fiduciary (within the meaning of the DPDP Act) responsible for personal data processed through the App. The App is available to the general public and is typically used by:

• Residents who sign up to access the services of their residential society.
• Security guards, housekeeping, maintenance, and other staff associated with a society.
• Society managers who manage their society's operations.
• Administrators who operate and support the platform.

Persons who visit a society ("Visitors") do not directly use the App but their information may be recorded by a security guard at the entry point as described in Section 4 below.

2. Scope of This Policy

This Policy applies to personal data processed by Swift India through the App, its backend services, and associated business operations. It does not apply to (a) third-party websites or applications that may be linked from the App, or (b) data processed independently by a society's Resident Welfare Association or management committee outside the App.

3. Information We Collect from App Users

Depending on your role and how your society is set up, we collect the following categories of personal data directly from you or generate it while you use the App:

• Identity and contact data: name, mobile phone number, email address (where applicable), and your role within the society.
• Authentication data: password (stored only as a salted bcrypt hash, never in plain text), one-time passwords (OTPs) used for password reset, refresh tokens (stored hashed), and short-lived session tokens.
• Society linkage data: the society/site, tower or block, and flat number associated with your account.
• Profile and media: profile photographs, complaint photographs, before/after images attached to maintenance tasks, site images, and notice attachments that you upload.
• Employee onboarding documents: for persons applying for an Employee role, the resume or supporting document you upload at registration (which may itself contain education, employment history, address and similar information).
• Operational records: complaints you raise, tasks assigned to or by you, notices, ratings/feedback, and any free-text descriptions or notes you enter.
• Device and notification data: Firebase Cloud Messaging (FCM) device token used to deliver push notifications.
• Technical and diagnostic data: IP address, device type, operating system, App version, request logs, and anonymised crash/error reports generated by our error-monitoring tool.
• Audit trail: a record of security-sensitive actions (for example user deactivation, deletion, or site changes) performed by staff and administrator accounts.

We do not knowingly collect government-issued identifiers (such as Aadhaar or PAN numbers), financial account information, biometric data, or special-category data through the App. Please do not upload such information in free-text fields or attachments.

4. Information About Visitors to Society Premises

When a person seeks to enter a society, a security guard may record the following information in the App as part of the society's entry-control procedure: visitor's name, mobile number, purpose of visit, the flat or person being visited, vehicle registration number (if any), a photograph captured at the gate (optional), and a short voice note (optional, see Section 6 on speech-to-text). Before a guard can submit certain visitor entries, the visitor's mobile number is verified via a one-time password (OTP) sent over SMS through our authorised SMS gateway.

Visitor information is processed for the limited purposes of premises security, lawful entry control, resident approval of guests, and maintenance of a visitor register. The legal basis is the legitimate interest of the society and its residents in maintaining a secure premises, and, where applicable, the consent obtained from the visitor at the point of entry. Visitor records are retained for the period necessary to operate the visitor register and to comply with security, audit, and legal requirements, after which they are deleted or anonymised. Visitors may exercise their rights described in Section 11 by contacting our Grievance Officer (Section 14).

5. How We Use Personal Data and Legal Basis

We process personal data only for purposes connected to operating the App and the services we provide through it. Specifically:

• Account and access management — to create, verify, secure, and manage user accounts (consent of the user; performance of our service contract).
• Society operations — visitor approvals, complaints, notices, tasks, and maintenance workflows (legitimate interest of the society and its residents; performance of contract).
• Service notifications — push notifications, OTPs, and alerts relevant to your role (consent and performance of contract).
• Security, fraud prevention, and audit — protecting accounts, preventing misuse, investigating incidents, and maintaining tamper-evident audit logs (legitimate interest; legal obligation).
• Diagnostics and improvement — identifying and fixing bugs, monitoring availability and performance (legitimate interest).
• Legal and regulatory compliance — meeting obligations under the DPDP Act, the SPDI Rules, tax laws, and other applicable laws (legal obligation).

We do not use personal data for behavioural advertising, for marketing to third parties, for automated decision-making that produces legal effects on you, for profiling, or for any form of commercial resale. We do not track you across apps and websites owned by other companies, and we do not use Apple's App Tracking Transparency identifier (IDFA) or any equivalent cross-app advertising identifier.

6. Device Permissions and On-Device Processing

The mobile App may request access to the following device features. You may grant or revoke each permission at any time from your device's operating-system settings; if you revoke a permission, the related feature will not function.

• Camera and photo library: to capture or select images for your profile picture, complaint photographs, task images, and visitor photographs.
• Microphone and speech recognition: to provide optional voice input for filling forms (for example, a short voice note for a visitor entry). Audio is processed locally on your device by the operating-system speech-recognition service and only the resulting text transcript is sent to our servers; raw audio recordings are not uploaded or stored by Swift India.
• Notifications: to deliver push notifications via Firebase Cloud Messaging.
• Bluetooth (Android only): declared solely because the Android speech-recognition library may route audio through Bluetooth headsets on Android 12 and above. We do not scan for, pair with, or collect data from Bluetooth devices.
• Network state: to detect connectivity and queue actions when offline.

7. Third-Party Processors and Service Providers

We engage a small number of trusted service providers ("Data Processors") who process personal data strictly on our written instructions and only for the purposes set out below. They are contractually required to maintain appropriate security and are not permitted to use the data for their own purposes.

• Cloudflare, Inc. (Cloudflare R2): S3-compatible cloud object storage for uploaded images, documents, and other media.
• Google LLC (Firebase Cloud Messaging): delivery of push notifications and management of device tokens.
• Functional Software, Inc. d/b/a Sentry: error, crash, and performance diagnostics. Configured to scrub personally identifying fields where reasonably possible.
• Render Services, Inc. or equivalent: backend application hosting.
• Database hosting provider: managed MySQL database hosting for the App backend.
• Kit19 Tech Pvt. Ltd. (kit19.com SMS gateway): delivery of one-time-password (OTP) SMS for password reset and visitor mobile-number verification, on DLT-registered templates.

8. Cross-Border Transfers

Some of the service providers listed in Section 7 may store or process personal data on servers located outside India. Where such transfers occur, we rely on the data-export provisions of the DPDP Act and the contractual safeguards in place with each provider. By using the App, you acknowledge that your information may be transferred to and processed in jurisdictions other than India for the purposes described in this Policy.

9. Sharing of Information

We do not sell, rent, license, or trade personal information, and we do not share data with other companies for their own use. Within the App, information is visible only to the relevant users of your own society (for example your society manager, the guard on duty, the employee handling a task, or the resident receiving a visitor) and to authorised Swift India administrators, strictly on a role-based and need-to-know basis. We may disclose information:

• to our Data Processors as listed in Section 7;
• to courts, regulators, law-enforcement agencies, or other competent authorities where required by law, court order, or valid legal process;
• to professional advisers (lawyers, auditors, insurers) under duties of confidentiality;
• to a successor entity in the event of a merger, acquisition, restructuring, or sale of all or part of our business, subject to equivalent privacy protections.

10. Data Security

We maintain reasonable technical, physical, and organisational safeguards aligned with the standard recognised under Rule 8 of the SPDI Rules and the DPDP Act, including: encrypted network communication over HTTPS/TLS, salted password hashing using bcrypt, role-based access controls, short-lived access tokens with hashed refresh tokens, request rate limiting, security HTTP headers, restricted administrative access, audit logging of sensitive actions, and segregation of production credentials. No online service can guarantee absolute security, but we work continuously to protect user data and to detect and respond to incidents.

11. Your Rights as a Data Principal

Subject to the DPDP Act and applicable laws, and after we have verified your identity, you have the right to:

• access and obtain a summary of the personal data we hold about you and the processing activities undertaken on it;
• request correction, completion, or updating of inaccurate or incomplete data;
• request erasure of personal data that is no longer necessary for the purpose for which it was collected, subject to our legal and operational retention obligations;
• withdraw any consent you have previously given (which will not affect the lawfulness of processing prior to withdrawal);
• nominate another individual to exercise your rights in the event of your death or incapacity, as permitted under the DPDP Act;
• register a grievance with our Grievance Officer (Section 14) and, if unresolved, with the Data Protection Board of India.

How to delete your account. You may request deletion of your account and associated personal data at any time by (a) using the in-app "Delete Account" option available within your profile or account settings, or (b) writing to our Grievance Officer using the contact details in Section 14. Upon receiving a verified request, we will delete or anonymise your personal data within a reasonable period, except for records we are legally or contractually required to retain (for example, audit logs and statutory records described in Section 12). Some operational records associated with your account (such as complaints you raised or tasks you completed) may be retained in anonymised form so that the society's overall records remain intact.

To exercise any other rights, please contact our Grievance Officer. We will respond within the timelines prescribed by applicable law.

12. Data Retention

We retain personal data for as long as you maintain an active account on the App, and for as long as needed to maintain society records, resolve disputes, meet audit requirements, and comply with applicable law. When your association with a society ends, or when you request deletion of your account, your personal data is removed or anonymised within a reasonable period after closure of any open matters, except where we are required to retain certain records (for example, audit logs and statutory records) for legal, security, accounting, or regulatory purposes.

13. Children's Privacy

The App is intended for adults (18 years and above) who are residents or personnel of a residential society. We do not knowingly create accounts for, or solicit personal data from, children. Where the App records a visitor who is a minor (for example, a child accompanying an adult), the visit entry is processed under the responsibility of the accompanying adult and the resident being visited. If you believe a child's personal data has been provided without proper authorisation, please contact our Grievance Officer to have it removed.

14. Grievance Officer

In accordance with Section 13(3) of the DPDP Act and Rule 5(9) of the SPDI Rules, the contact details of our Grievance Officer for privacy and data-protection complaints are:

• Name: Grievance Officer, Swift India Facilities Management (P) Ltd.
• Email: swiftindiafacilities@gmail.com
• Phone: +91 98108 90056
• Address: A-1190, Gali No. 21, Shyam Colony, Budh Vihar, Phase-II, New Delhi - 110086, India

We aim to acknowledge grievances within 48 hours and resolve them within 30 days of receipt, or within such shorter period as required by law.

15. Personal Data Breach Notification

In the event of a personal data breach that is reasonably likely to affect you, we will notify the Data Protection Board of India and affected Data Principals in the form and within the timelines prescribed by the DPDP Act and applicable rules, and will take reasonable steps to mitigate the impact of the breach.

16. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Republic of India. Subject to your statutory rights, the courts at New Delhi, India shall have exclusive jurisdiction in respect of any dispute arising out of or in connection with this Policy.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our service providers, or applicable law. When we make material changes, we will revise the "Last updated" date above and, where appropriate, notify authorised users through the App. Continued use of the App after an update means you accept the revised Policy.

18. Contact Us

For privacy questions, requests, or complaints, please reach out using the details below:

• Company: Swift India Facilities Management (P) Ltd.
• Registered Office: A-1190, Gali No. 21, Shyam Colony, Budh Vihar, Phase-II, New Delhi - 110086, India
• Email: swiftindiafacilities@gmail.com
• Phone: +91 98108 90056
• Website: www.swift-india.com
• CIN: U74999DL2019PTC350643