Privacy Policy

One Stop Society · Last updated: June 2026

This app is a private society platform — similar in purpose to resident apps like MyGate or NoBrokerhood, but limited to your registered housing society only. It is not a public listing or brokerage service open to outsiders.

This Privacy Policy explains how personal data is collected, used, stored and protected when you use the One Stop Society mobile/web app, in line with India's Digital Personal Data Protection Act (DPDP), 2023.

1. Who is responsible for your data

Your housing society's managing committee / authorised admin is the Data Fiduciary for member data collected through this app. One Stop Society is the software platform name. The society decides who may join, what features are enabled, and how community data is moderated.

For privacy questions or complaints, contact your society admin / grievance contact first (see section 12).

2. Who this app is for

Owners, tenants and family members of flats in the society
Society-approved vendors and service providers
Authorised society admins and committee members

Access is by registration and admin approval. The app is not intended for children under 18 to register independently.

3. Personal data we collect

Depending on how your society uses the app, we may collect:

Account & registration

Full name, email address, mobile number
Flat / unit number, tower or wing, member type (owner, tenant, vendor)
Business name and category (for approved vendors)
Login credentials (stored securely via Supabase Auth — passwords are hashed, not readable by admins)

Profile & directory

Contact details you choose to show in the member directory
Flat and role information visible to other approved society members

Community & marketplace activity

Marketplace posts (sell/rent flat, bazaar, services, carpool, promotions)
Photos attached to posts (if you upload them)
Discussion posts and replies
Event RSVPs and contribution / payment references (UPI links you share)
Notices and society updates you interact with

Visitor & amenity features

Visitor name, phone, vehicle details, visit date/time and purpose (when you pre-register guests)
Amenity booking details (facility, date, time slot)

These features help society gate/security and facility management — similar to visitor pre-approval in apps like MyGate.

Support & compliance

Data deletion requests and consent records
Admin moderation notes (approve/reject members and posts)
Messages or queries sent to the in-app society assistant (AI chatbot)

Technical data

Device type, browser, app version
Session tokens for secure login
Local storage / IndexedDB cache for offline demo mode or faster loading
Service worker cache for PWA install

We do not sell your personal data. We do not use your data for third-party advertising.

4. How we use your data

Verify that you live in or serve the society before granting access
Show directory, notices, events, emergency contacts and nearby essentials to members
Enable marketplace, bazaar, carpool and vendor listings within the society
Share visitor pre-registration with admins/security as configured by your society
Manage amenity bookings and society facilities
Moderate content, enforce society rules and prevent abuse (including automated profanity checks)
Respond to support, deletion requests and legal obligations
Improve app reliability and security

5. Who can see your information

Approved society members — see directory entries, approved posts, discussions, events and notices as designed by the app
Society admins — see registration requests, pending posts, visitor entries, deletion requests and moderation tools
Other members — see only what you post or share publicly within the society (e.g. marketplace listing, discussion). Phone numbers may be shown when you include them in a post or directory profile
Cloud hosting (Supabase) — stores encrypted data on servers configured for your society's project (choose India region where possible)
Optional AI assistant — if enabled, your chat questions and limited app context may be sent to a configured API endpoint to generate answers; no payment card data is sent

Data is not listed on public search engines or open marketplaces (unlike public property portals).

6. Legal basis & consent (DPDP)

By registering and accepting this policy, you consent to collection and use of your personal data for the purposes above. You may withdraw consent at any time by deleting your profile in My profile → Delete my profile.

Some records (e.g. financial audit trails, legal notices, security logs) may be retained where required by law, society bylaws or legitimate society governance — even after account deletion.

7. Data retention

Active member profile — while your membership is approved and active
Marketplace posts & photos — until removed by you or admin, or per society policy (typically 12–24 months for inactive listings)
Discussions & events — per society retention policy
Visitor logs — per society bylaws (often 90 days to 1 year)
Deletion requests — logged until processed; personal identifiers removed within 30 days of an approved request, except where retention is legally required

Your society admin should document exact retention periods in the society handbook.

8. Security

HTTPS encryption in transit
Authenticated login and society-scoped database access (row-level security)
Admin approval required for new members and marketplace posts
Session timeout on admin panel
Content Security Policy and Permissions-Policy headers block camera, microphone, GPS and other device APIs unless you explicitly use a feature that requests them (this app does not request them on install)

What we do not access on your phone: contacts, SMS, call logs, photo gallery, files, location, microphone or camera — except when you choose a photo to attach to a marketplace post (standard file picker; we do not scan your gallery in the background). The installed app cannot open or read other apps on your device.

No system is completely secure. Report suspected misuse or data breach to your society admin immediately.

9. Your rights under DPDP

As a Data Principal, you may:

Access & correct your profile in Settings
Withdraw consent and request erasure via My profile → Delete my profile
Grievance redressal — contact your society admin; if unresolved, you may escalate to the Data Protection Board of India under applicable rules
Nominate another person to exercise your rights in case of death or incapacity (as per DPDP rules)

10. Cookies & local storage

The app uses browser local storage and (when installed) a service worker cache so pages load quickly and your session persists. These are functional — not used for ad tracking. Clearing browser data or uninstalling the PWA removes local copies.

11. Third-party services

Supabase — authentication, database and optional file storage for post images
Google Fonts — typography (may receive your IP address when loading fonts)
Payment apps (UPI) — when you tap a UPI link, payment happens outside this app under that provider's terms

12. Contact & grievance officer

For privacy requests, corrections or complaints, contact your society managing committee / designated grievance contact through the society office or admin email.

Society admins: nominate a named grievance contact and process deletion requests within 30 days. Optional audit table: run supabase/data-deletion-requests.sql in your Supabase project.

13. Changes to this policy

We may update this policy when features or law change. Material updates will be shown in the app (e.g. consent banner). Continued use after notice means you accept the updated policy.