Privacy Policy

This Privacy Policy explains how Socei (the "App"), operated by Socei, a proprietorship firm of Preeti Singhal, registered at Sr No-13/B,1/2/3, Wadgaonsheri, Sophoronia, Wadgaonsheri, Pune, Maharashtra 411014 ("we", "us", "our"), collects, uses, stores, and protects your personal data. The App is a housing society management platform designed for co-operative housing societies in India.

By using the App, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Information You Provide

• Account information: Name, mobile phone number, and email address, collected during registration and OTP-based authentication
• Property information: Flat or unit number, wing or building name, and society name, used to associate you with your housing society
• Financial data: Billing records, payment history, UPI transaction references, and payment receipts generated through the platform
• Complaints and requests: Details of complaints you submit (category, description, photographs), maintenance requests, NOC requests, nomination forms, and other service requests
• Visitor and gate entry data: Visitor name, phone number, purpose of visit, vehicle number, and photographs recorded by security guards using the App
• Payment dispute evidence: Screenshots and supporting documents you upload when raising a payment dispute
• AI chatbot interactions: Questions you ask the in-app billing assistant

1.2 Information Collected Automatically

• Device information: Device model, operating system version, app version, and device platform (iOS or Android)
• Push notification token: A device-specific token used to deliver push notifications via Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM)
• Authentication data: Login timestamps, OTP verification status, and session identifiers managed by AWS Cognito
• Biometric authentication signal: If you opt in under Profile → Security, the App can lock after inactivity and prompt for Face ID, Touch ID, or your device's fingerprint to unlock. Committee members are also prompted for biometric confirmation on high-value approvals. Apple iOS and Android never share the raw biometric data with the App — the App only receives a success or failure signal from the operating system. We do not store biometric templates.
• Crash and performance diagnostics: When a crash or unhandled error occurs, anonymised diagnostic data (stack trace, app version, OS version, anonymous device identifier) is sent to Sentry, our crash-reporting provider, to help us fix bugs. We do not attach screenshots, user-typed content, or PII to crash reports. You can disable crash reporting at any time by withdrawing your DPDP consent.

1.3 Information We Do Not Collect

• We do not collect passwords. Authentication is entirely OTP-based via AWS Cognito.
• We do not collect precise GPS location data.
• We do not use advertising SDKs and we do not profile your in-app behaviour for marketing purposes. Sentry is used only to capture crashes and performance traces (no PII, no screenshots) — see section 1.2 above.
• We do not collect contacts, calendar data, or data from other apps on your device.
• We do not store UPI PINs, bank login credentials, or card numbers.
• We do not store biometric templates. Biometric checks are evaluated on-device by iOS or Android and only a yes/no result is returned to the App.

2. How We Use Your Information

We use the information we collect strictly for the following purposes:

• Soceity administration: Generating maintenance bills, recording payments, producing receipts, and maintaining unit-wise ledgers
• Payment processing: Facilitating UPI payments and online payments through Razorpay, including order creation and payment verification
• Communication: Sending payment reminders, due-date alerts, payment confirmations, society notices, and meeting notifications via push notifications and email
• Complaint resolution: Tracking and resolving facility complaints, payment disputes, and member service requests
• Visitor management: Recording and managing visitor entries and exits at society gates for security purposes
• AI-assisted features: Providing billing query responses through the in-app chatbot and assisting with bank statement reconciliation, both powered by AWS Bedrock
• Tax compliance: Preparing TDS and GST filings on behalf of your society where configured, using society-level PAN, TAN, and GSTIN data
• Platform improvement: Maintaining service reliability, diagnosing technical issues, and improving the user experience

We do not use your personal data for advertising, behavioural profiling, or sale to third parties.

3. AI Data Processing

The App includes AI-powered features provided through Amazon Web Services (AWS) Bedrock:

• Billing chatbot: When you ask a billing question, your query and relevant billing context are sent to AWS Bedrock for processing. Chat session history is retained for 7 days to maintain conversation context, then automatically deleted.
• Bank reconciliation: Transaction descriptions from bank statements are processed by AI to suggest matching members or vendors. This processing uses only transaction narration text, not your personal banking credentials.

All AI processing occurs within the AWS Mumbai region (ap-south-1). Your data is not used to train AI models. AWS processes data strictly as a data processor under their standard customer agreement.

4. Data Storage and Security

We implement industry-standard security measures to protect your data:

• Encryption in transit: All data transmitted between the App and our servers is encrypted using TLS 1.2 or higher
• Encryption at rest: All stored data is encrypted using AES-256 encryption
• Authentication: OTP-based authentication managed by AWS Cognito with no passwords stored on our servers
• Role-based access: Access to data is strictly role-controlled. Members see only their own data. Committee members see only their society's data. Guards see only visitor records for their society.
• Infrastructure: All servers and databases are hosted on Amazon Web Services (AWS) in the Mumbai region (ap-south-1), within India
• Backups: Automated backups with point-in-time recovery capability
• Backend: The platform backend runs on Odoo 18 ERP with additional security hardening

No financial credentials such as bank passwords, UPI PINs, or payment card numbers are ever stored by us.

5. Third-Party Services

We share your data with the following third-party service providers only as necessary to deliver our services:

5.1 Amazon Web Services (AWS)

AWS provides our cloud infrastructure, authentication (Cognito), push notifications (SNS), and AI processing (Bedrock). All data is processed within India (ap-south-1 Mumbai region). AWS acts as a data processor under their standard Customer Agreement.

5.2 Razorpay

Razorpay processes online payments within the App. When you make a payment, your name, payment amount, and phone number are shared with Razorpay for transaction processing. Razorpay's handling of your data is governed by their own privacy policy.

5.3 Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM)

We use APNs (for iOS) and FCM (for Android) to deliver push notifications such as payment reminders, bill alerts, and society notices. Only your device token and notification content are transmitted to these services.

5.4 Government Portals

Soceity-level tax identification data (PAN, TAN, GSTIN) is submitted to government portals (TRACES, GST portal) for statutory TDS and GST filings on behalf of your society, where this service is configured.

5.5 Sentry (Crash Reporting)

The App uses Sentry (Functional Software, Inc.) to capture crashes and unhandled errors so we can fix bugs. Sentry receives the stack trace, app version, OS version, and an anonymous device identifier. We do not attach screenshots, user-typed content, or any personally identifiable information to crash reports. Sentry processes the data as our data processor under their standard Data Processing Addendum. You can disable crash reporting at any time by withdrawing your DPDP consent — see section 7.

5.6 WhatsApp (Meta Platforms)

Where your society has enabled WhatsApp delivery, we use the WhatsApp Business Platform (operated by Meta Platforms, Inc.) to send you account-related (transactional) messages only — maintenance bills, payment receipts, account statements, and dues reminders — on behalf of your society. To do this, your registered mobile number, your name, and the relevant document (e.g. the bill or receipt PDF) are transmitted to WhatsApp for delivery. We do not send promotional or marketing content over WhatsApp. WhatsApp's handling of your data is governed by Meta's own privacy policy. This is an opt-in channel: see section 8 for how to opt in or opt out at any time.

5.7 Society Management Committee

Your name, unit number, billing status, and payment status are visible to authorised committee members and the society manager for the purpose of society administration. This access is inherent to the operation of a co-operative housing society.

We do not integrate advertising or behaviour-tracking SDKs. We do not sell, rent, or trade your personal data to any third party.

6. Data Retention

We retain your data for the following periods:

• Financial records (bills, payments, receipts, ledgers): 8 years, as required under the Income Tax Act, 1961 and the GST Act
• Member profile data (name, phone, email, unit): Retained while your society account is active, plus 1 year after account deactivation
• Visitor and gate entry logs: 1 year from the date of entry
• Complaint records: 3 years from resolution date
• Payment dispute evidence (screenshots): 2 years from the date of upload
• AI chatbot session history: 7 days, then automatically deleted
• Push notification tokens: Until you log out or uninstall the App
• Consent records: Duration of membership plus 3 years, as required for DPDP Act compliance

When retention periods expire, data is permanently deleted or anonymised.

7. Your Rights Under the Digital Personal Data Protection Act, 2023

As a data principal under India's Digital Personal Data Protection (DPDP) Act, 2023, you have the following rights:

• Right to Access: You may request a summary of the personal data we hold about you and the processing activities performed on it
• Right to Correction: You may request correction of inaccurate or incomplete personal data. You can update your name, email, and phone number directly in the App under Profile settings.
• Right to Erasure: You may request deletion of your personal data that is no longer necessary for the purpose it was collected. You can initiate this from the App (Profile > Delete My Account) or by emailing us. Note: Financial and tax records subject to statutory retention obligations cannot be erased before the mandated retention period.
• Right to Grievance Redressal: You may lodge a complaint with our Grievance Officer. We will acknowledge and respond within 30 days.
• Right to Nominate: You may nominate another individual to exercise your data rights in the event of your death or incapacity
• Right to Withdraw Consent: You may withdraw your consent at any time. Withdrawal will result in deactivation of your account and you will no longer be able to use the App. Statutory records will be retained as required by law.

To exercise any of these rights, email customerservice@socei.in from your registered email address, or use the in-app options under Profile.

8. Consent Management

We obtain your explicit consent for data collection during the registration process. You can manage your consent preferences as follows:

• Push notifications: You can enable or disable push notifications through your device settings at any time
• WhatsApp messages: Receiving your bills, receipts, statements, and reminders on WhatsApp is optional and opt-in. You can opt out at any time by toggling WhatsApp messages off under Profile settings in the App, by replying STOP to any message on WhatsApp, by clicking the opt-out link in the introductory email, or by informing your society office. Opting out of WhatsApp does not affect delivery through your other channels (App, email, and notices).
• Data processing consent: You may withdraw consent by using "Delete My Account" in the App or by emailing customerservice@socei.in
• Notification preferences: You can manage email and notification preferences within the App

When you withdraw consent, we will stop processing your personal data for non-statutory purposes within 7 business days.

9. Cookies and Local Storage

The Socei mobile app does not use browser cookies. The App stores the following data locally on your device:

• Authentication tokens: Securely stored session tokens for keeping you logged in, managed by AWS Cognito
• User preferences: Display settings such as dark mode preference and selected society
• Cached data: Recently viewed bills and notices for offline access, refreshed on each app launch

Our website (socei.ai) uses only essential cookies required for session management and security. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

10. Children's Privacy

The App is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data, please contact us at customerservice@socei.in and we will take steps to delete such information promptly.

11. Data Transfers

All personal data is stored and processed within India on AWS infrastructure in the Mumbai region (ap-south-1). We do not transfer your personal data outside of India. In the event that a future transfer becomes necessary, we will comply with all applicable provisions of the DPDP Act, 2023 and obtain your explicit consent where required.

12. Data Breach Notification

In the event of a personal data breach that is likely to cause harm to your rights and interests, we will:

• Notify the Data Protection Board of India as required under the DPDP Act, 2023
• Notify affected users within 72 hours of becoming aware of the breach
• Provide details of the nature of the breach, the data affected, and the remedial measures taken

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:

• Notify you through an in-app notification
• Update the "Last updated" date at the top of this page
• Where required under the DPDP Act, seek fresh consent for any new processing activities

Your continued use of the App after being notified of changes constitutes acceptance of the revised policy.

14. Grievance Officer

In accordance with the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer. You may contact them for any privacy-related concerns:

Grievance Officer
Socei (Proprietorship of Preeti Singhal)
Address: Sr No-13/B,1/2/3, Wadgaonsheri, Sophoronia, Wadgaonsheri, Pune, Maharashtra 411014
Phone: +91 20 4509 0579
Email: customerservice@socei.in
Response time: Within 30 days of receiving the complaint

15. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Phone: +91 20 4509 0579
Email: customerservice@socei.in
Address: Sr No-13/B,1/2/3, Wadgaonsheri, Sophoronia, Wadgaonsheri, Pune, Maharashtra 411014
Website: https://socei.in