Privacy Policy

Last updated: February 2026

1. Introduction

DataHase Technologies ("HostelSync", "we", "us", or "our") is committed to protecting your privacy and the security of the data you entrust to us. This Privacy Policy explains how we collect, use, store, share, and protect information when you use the HostelSync platform ("Service"), accessible at hostelsync.com and app.hostelsync.com.

This policy applies to all users of the Service, including hostel owners, wardens, and any person interacting with the platform. Occupants are managed as records within the platform and do not have user accounts; however, we take the privacy of their information equally seriously.

By using the Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with this policy, you must not use the Service.

2. Information We Collect

We collect information necessary to provide and improve the Service. The categories of information we collect are described below.

2.1 Account Information

When you sign in via Google OAuth, we receive and store the following from your Google profile:

  • Full name -- used to identify you within the platform and on generated documents
  • Email address -- used as your primary account identifier, for communications, and for account recovery
  • Profile picture (avatar) -- displayed within the application interface for personalisation

You may also provide additional profile information during onboarding, such as your phone number and organisation details.

2.2 Hostel Data

Information you enter about your hostels, including:

  • Hostel name, address, contact details, and configuration settings
  • Floor and room structures, room types (normal or dormitory), bed counts, and occupancy capacity
  • Rent amounts, late fee policies, grace periods, and billing configurations
  • Custom receipt branding, logos, and templates

2.3 Occupant Data

Records you create for occupants (persons staying at your hostel), which may include:

  • Full name, phone number, email address, and emergency contact information
  • Identity verification details, including Aadhaar verification status and last four digits (see Section 3 for detailed Aadhaar handling)
  • Other identity documents such as PAN card or passport numbers as optionally provided
  • Room allocation history, check-in and check-out dates, and transfer records
  • Uploaded documents such as identity proofs and photographs

2.4 Payment Records

Financial transaction data created within the platform:

  • Rent amounts, payment amounts, payment dates, and payment methods (cash, UPI, bank transfer, etc.)
  • Payment allocation details (FIFO allocation to outstanding rent)
  • Late fee calculations, advance payments, and outstanding balances
  • Generated receipt records and receipt numbers

Important: HostelSync does not collect, store, or process credit card numbers, debit card numbers, bank account numbers, or any other sensitive financial instrument details. Subscription payments are processed entirely by our third-party payment provider, Dodopayments. The payment records described here relate only to hostel rent collection records you create within the platform.

2.5 Usage Data

We automatically collect certain technical and usage information when you interact with the Service:

  • Feature usage patterns (which features you use and how frequently)
  • Session duration, page views, and navigation paths
  • Device type, browser type, operating system, and screen resolution
  • IP address, approximate geographic location (city or region level), and timezone
  • Error logs and performance metrics to diagnose and resolve technical issues

3. Aadhaar Data Handling

HostelSync provides Aadhaar-based identity verification for occupant records. Given the sensitive nature of Aadhaar data, we have implemented strict handling procedures that comply with UIDAI guidelines and the Aadhaar Act, 2016.

Only Last 4 Digits Stored

We store only the last four digits of the Aadhaar number for identification reference purposes. The full 12-digit Aadhaar number is never stored in our database, logs, or backups at any point during or after the verification process.

UIDAI-Certified Offline Verification

Verification is performed using UIDAI's certified offline mechanism via the Aadhaar Secure QR Code. This process validates the digital signature embedded in the QR code to confirm authenticity without requiring an online connection to the UIDAI servers or sharing any data with UIDAI.

No Raw PII from Aadhaar

Beyond the last four digits and the verification status (verified or not verified), no personally identifiable information extracted from the Aadhaar QR code -- such as full name, address, date of birth, or photograph embedded in the QR data -- is permanently stored. Any such data used during the verification process is held only in transient memory and discarded immediately upon completion.

QR Data Used for Verification Only

The data encoded within the Aadhaar QR code is read solely for the purpose of performing UIDAI signature validation. It is not stored in full, transmitted to third parties, or used for any purpose other than confirming the occupant's identity at the time of registration.

4. How We Use Information

We use the information we collect for the following purposes:

4.1 Service Provision

  • To create, maintain, and authenticate your user account
  • To provide the core hostel management functionality, including occupant management, rent tracking, payment recording, receipt generation, and expense tracking
  • To process warden invitations and manage permission-based access to hostel data
  • To generate reports, dashboards, and analytics for your hostels

4.2 Communications

  • To send transactional emails, such as warden invitations, subscription confirmations, and payment receipts
  • To notify you of important Service updates, planned maintenance, security alerts, and changes to our Terms or Privacy Policy
  • To respond to your support enquiries and feedback

4.3 Analytics & Improvement

  • To analyse usage patterns and identify areas for feature improvement and optimisation
  • To monitor Service performance, diagnose technical issues, and prevent abuse
  • To conduct aggregated, anonymised research to improve the Service for all users

4.4 Legal & Safety

  • To comply with legal obligations, including responding to lawful requests from government authorities
  • To enforce our Terms of Service and protect the rights, property, or safety of HostelSync, our users, or the public
  • To detect, prevent, and address fraud, security incidents, and technical issues

5. Data Storage & Security

We take the security of your data seriously and implement industry-standard measures to protect it.

5.1 Infrastructure

  • Database: All structured data (user accounts, hostel configurations, occupant records, payment records) is stored in Neon serverless PostgreSQL, which provides encryption at rest and automated backups
  • File Storage: Uploaded documents, images, and receipt PDFs are stored in Amazon Web Services (AWS) S3, with server-side encryption enabled
  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS). No data is transmitted in plaintext

5.2 Access Controls

  • Access to production databases and infrastructure is restricted to authorised personnel only, using multi-factor authentication and role-based access controls
  • Within the application, data isolation is enforced at the organisation (hostel) level. Wardens can only access data for the hostels they have been explicitly assigned to, limited to the permissions granted by the hostel owner
  • All administrative and warden actions are logged for audit and accountability purposes

5.3 Security Practices

  • Regular security reviews and dependency vulnerability scanning
  • Authentication managed via Better Auth with secure session handling and Google OAuth token validation
  • Input validation and parameterised queries to prevent SQL injection and cross-site scripting (XSS) attacks

While we employ commercially reasonable measures to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents and notifying affected users as required by applicable law.

6. Third-Party Services

We rely on the following third-party services to operate the platform. Each service has access only to the data necessary for its specific function:

Google (Authentication)

Provides OAuth 2.0 authentication for user sign-in. Google receives your authentication request and returns your profile information (name, email, avatar) to us. Google's use of your data is governed by Google's Privacy Policy.

Neon (Database)

Provides serverless PostgreSQL database hosting. All structured application data is stored in Neon's infrastructure, which provides encryption at rest, automated backups, and SOC 2 compliance. Neon's privacy practices are described in their Privacy Policy.

Amazon Web Services - S3 (File Storage)

Provides object storage for uploaded files, including identity documents, photographs, expense receipts, and generated PDF receipts. Files are stored with server-side encryption and access is restricted through signed URLs with expiration. AWS's privacy practices are described in their Privacy Notice.

Dodopayments (Billing)

Processes subscription payments for the HostelSync platform. When you subscribe to a paid plan, Dodopayments handles all payment instrument details (credit cards, debit cards, UPI, etc.) directly. HostelSync receives only transaction confirmation details (payment status, amount, subscription ID) and does not have access to your payment instrument information.

We do not sell, trade, or rent your personal information to third parties. Data shared with the above providers is limited to what is necessary for the operation of the Service and is subject to their respective privacy policies and data processing agreements.

7. Data Retention

Active Accounts

While your account is active and your subscription is current (including during the free trial period), all your data is retained and accessible. This includes hostel configurations, occupant records, payment histories, expense records, generated receipts, and uploaded files.

Cancelled Subscriptions

If your subscription expires or is cancelled, your account will be placed in a read-only state. You will be able to view and export your data but will not be able to create new records or modify existing ones. Your data will be retained in this state for a reasonable period to allow you to resubscribe or export your data.

Deleted Accounts

Upon account deletion, all your data will be retained for a grace period of 30 days to allow for account recovery if you change your mind. After 30 days, all data associated with your account -- including hostel data, occupant records, payment histories, expense records, receipts, and uploaded files -- will be permanently and irreversibly purged from our databases, file storage, and backups.

Certain aggregated, anonymised data that cannot be used to identify any individual may be retained indefinitely for analytics and service improvement purposes. Additionally, we may retain certain records as required by applicable law or to resolve disputes and enforce our agreements.

8. Your Rights

You have the following rights regarding your personal data and the data you manage within the Service:

  • Right to Access: You may request a copy of the personal data we hold about you. All data you enter into the platform is accessible to you through the Service interface at any time
  • Right to Correction: You may update or correct your personal information through the account settings in the Service. If you believe any information we hold is inaccurate and you are unable to correct it yourself, you may contact us for assistance
  • Right to Deletion: You may request deletion of your account and all associated data at any time. Upon such request, your data will be deleted in accordance with the retention schedule described in Section 7
  • Right to Data Export: You may export your data from the Service in standard formats. The export functionality is available through the application interface and allows you to download your hostel data, occupant records, payment histories, and expense records

To exercise any of these rights, you may use the self-service options available in the application or contact us at support@hostelsync.com. We will respond to all data rights requests within 30 days.

9. Cookies & Tracking

HostelSync uses a minimal set of cookies strictly necessary for the operation of the Service:

  • Session Cookies: Essential cookies used to maintain your authentication session after signing in with Google. These cookies are required for the Service to function and cannot be disabled. They expire when your session ends or after a defined inactivity period
  • Preference Cookies: Used to remember your settings and preferences within the application, such as your selected hostel, theme preferences, and sidebar state

No Third-Party Trackers

HostelSync does not use third-party tracking cookies, advertising pixels, social media widgets, or any other third-party tracking technologies. We do not serve advertisements and do not participate in ad networks or cross-site tracking programmes. Your usage of HostelSync is not tracked by any external advertising or analytics service.

10. Children's Privacy

The HostelSync Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. The Service is designed for hostel owners, operators, and wardens who are legal adults.

If we become aware that we have inadvertently collected personal information from a person under the age of 18, we will take immediate steps to delete such information from our systems. If you believe that a minor has provided us with personal information, please contact us immediately at support@hostelsync.com.

Note that occupant records may include information about minors who reside in hostels (such as students). This data is managed by the hostel owner, who acts as the data controller and is responsible for obtaining appropriate consent from the minor's parent or legal guardian.

11. International Users

HostelSync is designed and operated primarily for hostel owners in India. All data collected through the Service is processed and stored in data centres located in or serving the Indian region.

If you access the Service from outside India, please be aware that your data will be transferred to, processed, and stored in India. By using the Service, you consent to the transfer and processing of your data in India in accordance with this Privacy Policy and applicable Indian data protection laws, including the Digital Personal Data Protection Act, 2023, as applicable.

We do not make any representation that the Service is appropriate or available for use in jurisdictions outside India. Users accessing the Service from other jurisdictions do so at their own initiative and are responsible for compliance with local laws.

12. Changes to Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. When we make material changes, we will:

  • Provide at least 30 days advance notice before the changes take effect
  • Send a notification to the email address associated with your account
  • Display a prominent notice within the Service upon your next login
  • Update the "Last updated" date at the top of this page

For non-material changes (such as formatting adjustments or clarifications that do not alter the substance of the policy), we may update this page without prior notice.

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the changes, you should discontinue use of the Service and delete your account.

13. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

General Enquiries: support@hostelsync.com
Data Protection Officer: support@hostelsync.com (subject line: "DPO Request")
Platform: hostelsync.com

We aim to respond to all privacy-related enquiries within 3 business days. For data access, correction, or deletion requests, we will fulfil your request within 30 days of receipt.

Please also review our Terms of Service to understand the terms governing your use of HostelSync.