Privacy Policy

1. Information We Collect

HostelSync collects information that you provide directly to us when using our service. This includes:

Account Information

• Name and email address
• Phone number (optional)
• Account credentials (securely hashed password)
• Profile information

Hostel Data

• Hostel names, addresses, and property details
• Room information and configurations
• Occupant names and contact details
• Rent payment records (manually entered by you)
• Warden and staff information

Usage Information

• Log data including IP address and browser type
• Pages visited and features used
• Time and date of access
• Device information

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: To provide you with HostelSync services as per our subscription agreement
• Consent: When you explicitly consent to specific data processing activities (e.g., marketing communications)
• Legitimate Interests: To improve our services, ensure security, prevent fraud, and analyze usage patterns
• Legal Obligations: To comply with applicable laws, regulations, and legal processes

You have the right to withdraw your consent at any time where processing is based on consent, without affecting the lawfulness of processing based on consent before its withdrawal.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve HostelSync services
• Process your subscription payments
• Send you technical notices and support messages
• Respond to your comments, questions, and requests
• Monitor and analyze trends, usage, and activities in connection with our services
• Detect, prevent, and address technical issues
• Provide customer service and support
• Send you updates about new features or changes to our service (you can opt out)

We will never sell your personal information to third parties or use your hostel data for any purpose other than providing the HostelSync service to you.

4. Data Storage and Security

Your data is stored securely using Convex, a modern backend platform with enterprise-grade security measures. We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction.

Security measures include:

• Data encryption in transit (HTTPS/TLS)
• Data encryption at rest
• Secure authentication and authorization mechanisms
• Regular security audits and updates
• Access controls and activity logging
• Regular automated backups

While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but we are committed to protecting your information to the best of our ability.

5. Payment Information

Subscription Payments: All subscription payments are processed securely through Dodo Payments, a PCI DSS compliant payment gateway. HostelSync does not access, store, or process your credit card information, bank account details, or any other sensitive payment credentials. All payment data is handled directly by Dodo Payments.

Rent Payments: HostelSync does not process or hold any rent payments from your hostel occupants. Rent collection is managed offline by you, and you manually record payment information in the system. We only store the payment records you enter, not actual payment credentials or transaction data.

6. Cookies and Tracking

HostelSync uses cookies and similar tracking technologies to provide and improve our service. Cookies are small data files stored on your device that help us:

Types of Cookies

• Essential Cookies: Required for the Service to function properly (e.g., authentication, session management). These cannot be disabled.
• Functional Cookies: Remember your preferences and settings to enhance your experience (e.g., language preferences, theme settings).
• Analytics Cookies: Help us understand how visitors interact with our Service to improve functionality and user experience.

Cookie Retention

Cookies are typically retained for the duration of your session or until you log out. Some cookies may persist for up to 30 days to remember your preferences. Analytics cookies may be retained for up to 2 years.

You can control cookies through your browser settings. However, disabling essential cookies may affect the functionality of HostelSync. You can also opt out of non-essential cookies through our cookie consent mechanism when available.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods by Data Type

• Account Information: Retained for as long as your account is active and for 30 days after account cancellation
• Hostel Data: Retained for as long as your account is active and for 30 days after account cancellation to allow data export
• Payment Records: Retained for 7 years as required by Indian tax and accounting regulations
• Usage Logs: Retained for 90 days for security and troubleshooting purposes
• Contact Form Submissions: Retained for 1 year after submission for customer service purposes

If you cancel your subscription:

• Your data remains accessible for 30 days to allow you to export it
• After 30 days, all your personal data is permanently deleted from our active systems
• Backup copies are deleted within 90 days of account cancellation

We may retain certain information for legitimate business purposes or as required by law, such as transaction records for accounting and tax purposes, which may be retained for up to 7 years in compliance with Indian regulations.

8. Your Rights

You have the following rights regarding your personal data under applicable data protection laws, including GDPR and the Digital Personal Data Protection Act, 2023 (India):

• Right to Access: You can access your personal data through your account dashboard or request a copy of all data we hold about you
• Right to Rectification: You can update or correct your information at any time through your account settings or by contacting us
• Right to Erasure (Right to be Forgotten): You can delete your account and all associated data, subject to legal retention requirements
• Right to Data Portability: You can export your data in standard formats (CSV/Excel) or request your data in a machine-readable format
• Right to Object: You can object to certain processing of your data, particularly for direct marketing purposes
• Right to Restriction of Processing: You can request that we restrict the processing of your personal data in certain circumstances
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. In India, you may contact the Data Protection Board established under the Digital Personal Data Protection Act, 2023

We do not use automated decision-making, including profiling, that produces legal effects or significantly affects you.

To exercise these rights, contact us at privacy@hostelsync.com or support@hostelsync.com, or use the tools available in your account settings. We will respond to your request within 30 days, or as required by applicable law.

9. Data Processors and Third-Party Services

HostelSync uses the following third-party services (data processors) to provide and improve our Service. These services process your data on our behalf and are bound by data processing agreements:

• Convex: Backend database and application platform. We use Convex to store and process your account and hostel data. View Convex Privacy Policy
• Dodo Payments: Payment processing for subscriptions. Dodo Payments processes payment information and transaction data. View Dodo Payments Privacy Policy
• Vercel: Hosting and content delivery for our website and application infrastructure. View Vercel Privacy Policy
• Zeptomail: Email delivery service for contact form submissions and transactional emails. View Zeptomail Privacy Policy

We only share information with these services that is necessary to provide HostelSync functionality. All our data processors are contractually obligated to:

• Process your data only as instructed by us
• Implement appropriate security measures
• Not use your data for their own purposes
• Comply with applicable data protection laws

These services have their own privacy policies and we encourage you to review them. We regularly review our data processor agreements to ensure compliance with data protection requirements.

10. International Data Transfers

Your data may be stored and processed in countries other than your country of residence. Our primary data storage is in facilities provided by Convex, which may be located in the United States or other jurisdictions.

When we transfer your personal data outside of India or the European Economic Area (EEA), we ensure appropriate safeguards are in place:

• We use Standard Contractual Clauses (SCCs) approved by relevant authorities
• We ensure our data processors comply with applicable data protection laws
• We implement technical and organizational measures to protect your data during transfer

By using HostelSync, you consent to the transfer of your data to these locations as described in this Privacy Policy. If you have concerns about international data transfers, please contact us at privacy@hostelsync.com.

11. Data Breach Notification

In the event of a data breach that may affect your personal data, we will:

• Notify you without undue delay, and in any event within 72 hours of becoming aware of the breach, where feasible
• Notify relevant supervisory authorities as required by applicable law (e.g., within 72 hours for GDPR)
• Provide clear information about the nature of the breach, the data affected, and the steps we are taking to address it
• Advise you on recommended protective measures you can take

We maintain incident response procedures and regularly review our security measures to prevent and respond to data breaches effectively.

12. Children's Privacy

HostelSync is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately.

13. Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically. Your continued use of HostelSync after any changes constitutes your acceptance of the new Privacy Policy.

14. Contact for Privacy Concerns

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Privacy Email: privacy@hostelsync.com
• Support Email: support@hostelsync.com
• Website: https://hostelsync.com/contact
• Company: DataHase Dev Private Limited

We will respond to your inquiry within 30 days, or as required by applicable law. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.