ServFlo Housing ERP
Privacy Policy

1. About This Policy

This Privacy Policy describes how IntelFlo Technologies, a proprietorship firm operating the product ServFlo Housing ERP ("ServFlo", "we", "us", or "our"), collects, uses, stores, shares, and protects information when housing societies, their committee administrators, residents, owners, tenants, and security personnel use the ServFlo Housing ERP platform. The platform includes the web-based society management dashboard, the ServFlo Guard Mobile App, the ServFlo Resident Mobile App, and all associated backend services (collectively, the "Platform").

By accessing or using the Platform, the housing society and its authorised users agree to the practices described in this policy.

This policy is published in compliance with:

• The Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• The Digital Personal Data Protection Act, 2023 (DPDP Act) and rules framed thereunder
• Google Play Store Developer Programme Policies
• Applicable data localisation and cross-border transfer regulations of India

2. Who We Are

ServFlo Housing ERP is a product developed and operated by IntelFlo Technologies, a proprietorship firm. IntelFlo Technologies is the parent entity under which two product verticals operate — ServFlo (service industry enterprise software) and ManuFlo (manufacturing industry enterprise software). ServFlo Housing ERP is the second product under the ServFlo vertical, designed to digitise and streamline the complete operational, financial, communication, and security workflows of residential housing societies.

3. Data We Collect and Why

The Platform is operated as a service to housing societies. Data collected falls into two broad categories: data that societies and their users provide to us for the purpose of receiving our services, and data that is generated automatically as a result of using the Platform.

3.1 Information Provided by Societies and Their Users

To provide and personalise the Platform for each housing society, we collect information that society administrators and their members provide to us. This includes institutional details of the society; identity and contact information of residents, property owners, tenants, and security personnel; property and occupancy details of residential units; financial and billing information such as payment amounts, payment mode, and transaction references necessary for maintenance management; visitor and domestic worker identity and contact details for the purpose of gate access management; and content voluntarily submitted by users through community features such as notices, complaints, polls, bookings, scheduling requests, and governance records.

Users should be aware that content submitted through community features — such as the community group chat — is visible to all members of their society on the Platform. Complete payment credentials such as full card numbers or bank account numbers are never stored on the Platform.

3.2 Device and Technical Data

When any user accesses the Platform through a mobile application or web browser, we automatically collect certain technical data to ensure secure and reliable operation. This includes:

• Internet Protocol (IP) address and approximate network location
• Device type, operating system, and browser or application version
• Session duration, features accessed, and actions performed within the Platform
• Secure authentication tokens stored on the user's device to maintain session security
• Push notification subscription identifiers, used to deliver relevant alerts

This technical data is recorded in our audit logs and is used for security monitoring, troubleshooting, and ensuring the integrity of the Platform. It is not used for advertising or behavioural profiling.

3.3 Camera and Media

The mobile applications may request access to the device camera or media library to allow users to capture or upload images where required to deliver a specific feature of the Platform. Camera and media access is activated only when the user explicitly initiates such an action within the application. Images uploaded through the Platform are stored securely on our cloud infrastructure and are accessible only to authorised users within the relevant society.

3.4 Voice Input

Where voice input functionality is made available within the Platform's mobile applications, all such processing occurs locally on the user's device. No audio is recorded, stored, or transmitted to our servers or to any third party. Use of this feature is entirely optional and at the user's discretion.

4. How We Use the Data

We use the information collected through the Platform for the following purposes:

• Service delivery: Delivering the contracted housing society management services including resident and property management, maintenance billing and payment processing, gate and visitor management, complaint management, notice distribution, community features, amenity and facilities booking, governance and meeting management, and all other modules within the Platform.
• Authentication and access control: Verifying user identity at login and maintaining secure, role-appropriate access throughout each session. The Platform enforces strict data isolation — each user can access only data relevant to their role within their specific society, and no society can access data belonging to another.
• Platform improvement: Analysing aggregated and anonymised usage patterns across the Platform to identify areas for improvement, develop new features, and enhance the overall reliability and performance of the service. No individually identifiable data is used for this purpose.
• Value-added services: Using aggregated and anonymised insights derived from collective platform intelligence to develop and offer value-added services to housing societies, including but not limited to marketplace services, vendor discovery, and society procurement advisory. Data used for this purpose is stripped of all individual identifiers before analysis.
• Communication: Sending transactional communications and in-app alerts relevant to the user's role — such as notifying a resident of a visitor at their unit or informing society members of a new notice. We do not send unsolicited marketing communications to society users.
• Security and compliance: Monitoring platform activity to detect and prevent unauthorised access, fraud, data breaches, and abuse. Maintaining audit logs to support accountability and regulatory compliance.
• Legal obligations: Processing data as required by applicable Indian law, court orders, or regulatory directions.

5. Legal Basis for Processing

Under the Digital Personal Data Protection Act, 2023, we process personal data on the following legal bases:

• Contractual necessity: Processing resident, owner, tenant, security personnel, and institutional data is necessary to fulfil our contractual obligations to the housing society under the services agreement.
• Legitimate interests: Processing technical and usage data to maintain platform security, prevent fraud, and improve service quality, where such interests are not overridden by the rights of data principals.
• Consent: Where specific processing activities go beyond contractual necessity, such as the introduction of new value-added services, we obtain appropriate consent from societies as the data fiduciaries responsible for their institutional and resident data.
• Legal obligation: Processing required by applicable law, regulation, or court direction.

6. Our Role — Data Fiduciary and Data Processor

The relationship between ServFlo and the housing societies it serves involves a layered data responsibility structure:

ServFlo as Data Fiduciary: For technical data, platform usage analytics, and data related to our direct relationship with the society as a customer, ServFlo acts as the Data Fiduciary as defined under the DPDP Act, 2023, and is responsible for determining the purpose and means of processing.

ServFlo as Data Processor: For all resident, owner, tenant, and domestic worker personal data uploaded to the Platform by the society administration, ServFlo acts as a Data Processor operating on behalf of the society, which is the Data Fiduciary. The housing society administration is responsible for ensuring that personal data of residents is uploaded with appropriate authorisation and that residents have been informed of its use within the Platform.

7. How We Share Data

Data is shared only in the following limited and defined circumstances:

• Cloud infrastructure providers: Data is stored on secure cloud servers hosted by our infrastructure partners. File attachments, uploaded images, and media are stored using secure cloud object storage services. These providers process data only on our instructions and under data processing agreements.
• Payment infrastructure: Maintenance fee payment transactions processed through the Platform may involve third-party payment service providers. These providers process transaction data in accordance with their own privacy policies and applicable RBI regulations. ServFlo does not store complete card details or sensitive payment credentials.
• Notification services: Push notification and messaging services may be used to deliver transactional alerts to users' mobile devices. These providers receive only the information necessary to deliver the specific notification.
• Legal and regulatory disclosure: We may disclose information when required by law, court order, or lawful direction from a government or regulatory authority. We will notify the society wherever legally permissible before making such a disclosure.
• Business transfers: In the event of a merger, acquisition, or sale of substantially all assets of IntelFlo Technologies, society data may be transferred to the successor entity, subject to equivalent privacy protections. Societies will be notified in advance.

8. Data Storage and Security

All data transmitted between user devices and our servers is encrypted in transit using industry-standard encryption protocols. Authentication is implemented using secure token-based mechanisms with defined expiry periods, and passwords are stored using one-way cryptographic hashing. Access to platform data is role-based — each user can access only the data their role and permissions permit within their society's environment.

Each society's data is logically isolated within our multi-tenant architecture. This structural separation ensures that no society can access data belonging to another society on the Platform.

File uploads including payment verification images and visitor photographs are stored on cloud infrastructure with access controls, accessible only to authorised users within the relevant society. All platform actions are recorded in an immutable audit log that captures the user, timestamp, and nature of the action.

Authentication credentials on mobile devices are stored using the operating system's secure storage mechanisms, not in unprotected application storage.

While we implement commercially reasonable and industry-standard security measures, no system is entirely immune to risk. In the event of a data breach that is likely to result in harm to data principals, we will notify affected societies and, where required, the Data Protection Board of India, in accordance with the DPDP Act, 2023.

9. Data Retention

We retain housing society and resident data for the duration of the active services agreement with the society. Upon termination of the agreement, the society administration may request an export of their data in a standard format. Following a period of ninety (90) days after termination, data is permanently deleted from our systems unless retention is required by applicable law or the society has requested an extended retention arrangement in writing.

Audit logs, transaction records, and gate management records may be retained for a longer period where required by financial, regulatory, or legal obligations under Indian law.

Technical data such as IP address logs and session data is retained for a period of up to twelve (12) months for security and compliance purposes.

10. Children's Data

The ServFlo Guard Mobile App and ServFlo Resident Mobile App are intended for use by adults — specifically, adult residents, property owners, tenants, and security personnel associated with registered housing societies. The Platform does not knowingly collect personal data directly from individuals below the age of eighteen years, and does not operate any interface designed for or directed at minors.

Society member data uploaded by the society administration may include family members of residents. Societies are responsible for ensuring that any such data shared with the Platform has been collected with appropriate authorisation from the individual or their parent or guardian. ServFlo processes such data strictly within the scope defined by the society and does not use it for profiling, advertising, or any purpose beyond society management service delivery.

11. Rights of Data Principals

Under the DPDP Act, 2023, individuals whose personal data is processed on the Platform have the following rights, exercisable through the society administration or directly with us:

• Right to access: You may request confirmation of whether your personal data is being processed and obtain a summary of the data held about you.
• Right to correction: You may request correction of inaccurate or incomplete personal data.
• Right to erasure: You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, subject to legal retention requirements.
• Right to grievance redressal: You have the right to have grievances addressed by our designated Grievance Officer within a reasonable timeframe.
• Right to nominate: You may nominate another individual to exercise these rights on your behalf in the event of death or incapacity.

Requests related to resident or worker data held within a society's account should be directed to the society administration in the first instance, as the society is the Data Fiduciary for such data. For data directly held by ServFlo, requests may be submitted to team@servflo.in.

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, IntelFlo Technologies has designated a Grievance Officer to address concerns and complaints relating to the processing of personal data on the Platform.

If you are not satisfied with our response, you may approach the Data Protection Board of India, once constituted under the DPDP Act, 2023, for further redressal.

13. Cookies and Tracking

The ServFlo web dashboard uses session cookies and authentication cookies that are strictly necessary for the operation of the Platform. These cookies maintain your logged-in state and preserve session context across page navigations. We do not use third-party advertising cookies, tracking pixels, or behavioural analytics tools on the Platform.

The ServFlo mobile applications do not use cookies. Authentication state is maintained using secure tokens stored in the device's protected local storage.

We may use privacy-respecting analytics on the Platform's marketing website (servflo.in) to understand visitor traffic. No personally identifiable information is collected through these analytics.

14. Cross-Border Data Transfers

The Platform's infrastructure, including primary database and application servers, is hosted with cloud service providers whose data centres may be located outside India, including within the European Union. File attachments and media are stored using secure cloud object storage services which may similarly operate across international infrastructure.

Where personal data is processed or stored outside India, such processing is subject to appropriate contractual safeguards and is carried out in a manner consistent with the requirements of the Digital Personal Data Protection Act, 2023, and applicable cross-border transfer regulations as notified by the Government of India from time to time. European Union hosted infrastructure operates under the General Data Protection Regulation (GDPR), which provides a high standard of data protection comparable to or exceeding the protections applicable in India.

We continuously evaluate our infrastructure choices to align with evolving data localisation requirements applicable to residential and personal data in India.

15. Third-Party Services and Links

The Platform may integrate with or reference third-party services such as payment gateways, cloud storage providers, push notification services, and other platform services necessary for operation. These third parties operate under their own privacy policies and terms of service. ServFlo is not responsible for the privacy practices of third-party services and recommends that users review the relevant policies of any third-party service they interact with through the Platform.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Platform's features, or applicable legal requirements. The updated policy will be published at servflo.in/housing-erp-privacy.html with a revised "Last Updated" date. For material changes that affect how we use personal data, we will notify societies through the Platform or by email at least fourteen (14) days before the change takes effect.

Continued use of the Platform after the effective date of a revised policy constitutes acceptance of the updated terms. If a society does not agree with a material change, it may terminate its services agreement in accordance with its contractual terms.

17. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or the handling of personal data on the Platform, please reach out to us at:

This policy is governed by the laws of India. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of courts in Indore, Madhya Pradesh, India.