Privacy Policy

‍1. Information We Collect
‍‍
1.1 Customer & User Information
‍
We may collect information as provided by our enterprise customers (colleges, universities, property operators), including:
• Name, phone number, email address
• Student/employee ID, role, batch, department
• Hostel/room allocation details
• Identity verification documents (as required by the institution)
• Profile photo or ID image

1.2 Login & Authentication Information
‍
When users log in to SpaceBasic, we may collect:
• Email or phone-based login credentials
• Authentication tokens
• Device identifiers
• IP address, browser type, OS, login timestamps

1.3 Usage Data

We may collect data about how the platform is used:
• Pages viewed, features accessed, actions taken
• Booking activity (rooms, facilities, cafeteria, services)
• Issue tickets/requests raised
• Communication logs and interactions

1.4 Technical & Device Data

Collected automatically through cookies, analytics tools, and logs:
• IP address
• Device and OS type
• App version
• Network information
• Crash logs

1.5 Payment Information

Where payments are made through SpaceBasic, we collect:
• Billing name and address
• Transaction details
  We do not collect or store credit card numbers or CVV information. Payments are processed via secure third-party payment    gateways such as CC Avenue or institution-selected providers.

2. How We Collect Data

• Directly from users when they log in, update profiles, submit forms, or use platform features.
• From enterprise customers (universities, operators) who onboard their students/staff.
• Automatically, via cookies, app telemetry, and web analytics tools.
• From third-party authentication partners (e.g., identity verification, digital onboarding, or social login, if used)

3. How We Use Personal Data

We process personal data strictly for delivering and improving the SpaceBasic SaaS platform and fulfilling our contractual obligations to enterprise customers.

3.1 Service Delivery
• User authentication and account creation
• Hostel/room management
• Facility and service bookings
• Ticketing and help desk workflows
• Communication between students, staff, and operators

3.2 Platform Improvement
• Enhancing user experience
• Debugging issues and improving performance
• Feature development based on aggregated usage insights

3.3 Security & Compliance
• Fraud prevention
• Platform security monitoring
• Compliance with applicable laws

3.4 Communication
• Service notifications and system alerts
• Product updates and account information
• Support responses

4. Sharing of Personal Data

We do not sell personal data. We share data only as necessary for delivering our services.

4.1 Enterprise Customers

Data may be shared with the university, institution, or property operator using SpaceBasic, as required for administration and service delivery.

4.2 Service Providers

We may share data with:
• Cloud hosting providers
• SMS/email communication vendors
• Identity verification partners
• Analytics providers
• Payment processors
Some providers may be located outside India.

4.3 Legal Obligations

We may share the data:
• To comply with laws and regulatory requests
• To detect or prevent fraud or security incidents

5. Cross-Border Data Transfer

As a Delaware, USA company, certain data may be processed in the United States or other jurisdictions where our service providers operate.

We ensure:
• Compliance with India’s Digital Personal Data Protection Act, 2023 (DPDPA)
• Appropriate contractual safeguards
• Reasonable security practices and procedures
By using our services, you consent to international data transfers as described.

6. Data Retention

We retain personal data only for:
• The duration of the customer contract,
• Legal and regulatory requirements, or
• Legitimate business purposes.
‍
Upon request from the enterprise customer, user data may be deleted or anonymised in accordance with contractual and legal obligations.

7. Security Measures

We implement robust technical and organisational safeguards, including:
• Encryption
• Access controls
• Secure and monitored hosting environments
• Regular security reviews and audits

While these measures significantly enhance protection, no digital system can be entirely immune to risks. We therefore maintain industry-standard controls to minimise vulnerabilities and respond promptly to any potential threats.

8. Your Rights ( Under DPDPA 2023 and  Applicable Laws)

Subject to applicable law, users may request:
‍
• Access to their personal data
• Correction of inaccurate data
• Withdrawal of consent
• Deletion of personal data (through the institution, where applicable)
• Information on how their data is processed

Requests may be routed through your institution (our enterprise customer), depending on the nature of the data.

9. Emails & Communication Opt-Out

To opt out of marketing communications, users may write to:
unsubscribe@spacebasic.com

Transactional notifications will continue as they are essential to service delivery.

10. Third-Party Websites

Our platform may link to external sites. We are not responsible for the privacy practices of those websites. Users should review their privacy policies independently.

11. Grievance Officer (India)

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, you may contact the following role for grievances:

Grievance Officer
Email: grievance@spacebasic.com

This role-based contact may be updated periodically on our website.

12. Update To This Policy

We may update this Privacy Policy from time to time. Material changes will be notified as required by law.
Last Updated: 01 November 2025

13. Jurisdiction
‍For users located in India, any disputes relating to personal data or this Privacy Policy shall be governed by the laws of India, including the Digital Personal Data Protection Act, 2023.

For all other users, or where this Policy does not specify otherwise, disputes shall be governed by the laws of the State of Delaware, USA, unless overridden by a separate written agreement with the customer.
‍‍‍