Privacy Policy

This Privacy Notice for Resido Technologies (‘Company’, ‘we’, ‘us’, or ‘our’) describes how and why we might access, collect, store, use, and/or share (‘process’) your personal information when you use our services (‘Services’), including when you visit https://app.residotech.com, download and use our mobile application (Resido), or engage with us in other related ways.

Questions or concerns? Please contact us at [email protected]. If you do not agree with our policies and practices, please do not use our Services.

Summary of Key Points

• What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the choices you make.
• Do we process sensitive personal information? We may process sensitive personal information including financial data, student data, and mess attendance records when necessary with your consent or as otherwise permitted by applicable law.
• Do we collect information from third parties? We may collect limited information from social media platforms (when you choose to sign in via Google) and from other outside sources.
• How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.
• With whom do we share personal information? We may share information with payment processors, cloud service providers, and institutional administrators.
• How do we keep your information safe? We have appropriate organisational and technical processes in place. However, no electronic transmission over the internet can be guaranteed to be 100% secure.
• What are your rights? Depending on applicable privacy law, you may have rights regarding your personal information including the right to access, correct, or delete your data.
• How do you exercise your rights? Email [email protected] or use the contact details in this Notice.

Table of Contents

1. What Information Do We Collect?
2. How Do We Process Your Information?
3. When and With Whom Do We Share Your Personal Information?
4. Tracking Technologies and Analytics
5. Do We Offer Artificial Intelligence-Based Products?
6. How Do We Handle Your Social Logins?
7. How Long Do We Keep Your Information?
8. How Do We Keep Your Information Safe?
9. Do We Collect Information From Minors?
10. What Are Your Privacy Rights?
11. Controls for Do-Not-Track Features
12. Artificial Intelligence and Automated Support
13. Biometric Data Handling
14. Institutional Data Sharing
15. Device Integrity and Security Scanning
16. Payment Processors
17. Legal Basis for Processing
18. Automated Decision-Making
19. Data Breach Notification
20. Data Portability and Export
21. Cross-Border Data Transfers
22. Grievance Officer and Data Protection Officer
23. Age Requirement and Parental Consent
24. Do We Make Updates to This Notice?
25. How Can You Contact Us About This Notice?
26. How Can You Review, Update, or Delete the Data We Collect From You?

1. What Information Do We Collect?

Personal information you disclose to us

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us, participate in activities on the Services, or otherwise when you contact us. The personal information we collect may include:

• Full name, phone number, email address, and contact preferences
• Authentication credentials (Google Sign-In tokens, email link sign-in tokens)
• Profile information (hostel name, student batch, diet type preference)
• Support ticket messages and feedback
• Diet change requests (requested diet type, submission date, approval status)
• Loan and financial aid information (loan deduction amounts, financial aid scheme details, deduction history)

Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process: financial data (transaction amounts, payment statuses, bill histories); student data (academic batch, residential status, hostel assignment); and mess attendance and rebate records (leave dates, rebate amounts, approval statuses).

Payment Data. We may collect data necessary to process your payment. All payment data is handled and stored by HDFC Bank (SmartGateway), Juspay, and Google Play Billing. We do not store or retain your sensitive payment instrument details on our servers. All financial transactions are processed securely through our PCI-DSS compliant payment partners, and we only receive a confirmation of the transaction status along with a transaction reference ID.

Social Media Login Data. If you register using your Google account, we will collect your name, email address, and profile picture from Google, as described in Section 6.

Information automatically collected

We automatically collect certain information when you visit, use, or navigate the Services. The information we automatically collect includes:

• Log and Usage Data. IP address, device information, browser type, activity timestamps, screens and features viewed, and other actions you take.
• Device Data. Mobile device ID, model, manufacturer, operating system version, IP address, hardware model, and Internet service provider.
• Location Data. Information about your device’s location based on your IP address or GPS, depending on device settings. You can opt out by disabling your Location setting.
• Motion Sensor Data. Data from your device’s accelerometer and gyroscope for interactive visual effects. Processed locally and not transmitted to our servers.
• Device Integrity and Security Status. Technical information regarding the security state of your operating system, used to prevent fraud and ensure the secure execution of financial transactions.
• Transaction Metadata. Transaction reference IDs, payment timestamps, amounts, statuses, and payment method category generated when you initiate a financial transaction.
• Rebate and Attendance Data. Leave dates submitted, rebate amounts calculated, approval or rejection statuses, and duplicate claim detection flags.
• In-App Analytics Data. Screen views, feature usage patterns, session duration, button interactions, and navigation flow collected via Firebase Analytics.
• Push Notification Interaction Data. Delivery status, open rates, and click-through data for push notifications sent via OneSignal.
• AI Chatbot Conversation Logs. The text of your queries submitted to the AI chatbot and the responses generated, stored for service quality improvement.
• Peer-to-Peer Action Audit Trail. When a user performs a Friend Action, the action type, timestamp, initiating user ID, and target user ID are recorded for accountability and dispute resolution.
• VPN and Proxy Scan Results. The Application may scan for active VPN connections, proxy configurations, and network interface anomalies during payment flows, categorised as HIGH, MEDIUM, or LOW risk. Not shared with third parties.
• Runtime Application Self-Protection (RASP) Data. The Application monitors for overlay attacks, clipboard monitoring of sensitive data, and memory integrity. Processed locally to protect against real-time security threats.
• Certificate Pinning and SSL Verification Events. Records of SSL/TLS certificate validation outcomes used to detect potential man-in-the-middle attacks.
• Login Rate-Limiting and Lockout Data. Failed login attempt counts and lockout timestamps stored locally on your device using encrypted storage to prevent brute-force attacks.
• Session Data. Session creation timestamps and device information recorded when you log in, used for concurrency control.
• Auto-Fine and Penalty Data. Records of automated fines or penalties applied by the institution’s auto-fine scheduler.
• Gravity Game Leaderboard Data. If you participate in the optional Gravity Game, your game score, maximum combo, and display name are recorded for the public leaderboard.
• Security Event Logs. Records of failed integrity checks, tamper detection alerts, and anti-debug triggers, which may be transmitted to our servers for audit and investigation.
• Device Binding Data. SHA-256 hashed device identifiers, device model, and last-seen timestamps for each of the up to three (3) devices registered to your account.
• Student Activity Feed. A chronological record of account activity events (bill payments, rebate submissions, fine assessments, profile changes) accessible to authorised institutional administrators.
• Local Application Preferences. App theme, notification settings, and other configuration options stored locally via Android DataStore. Not transmitted to our servers.

Google API

Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Information collected from other sources

If you choose to sign in using your Google account, we receive personal information about you from such platforms such as your name, email address, and profile picture. Any personal information we collect from your social media account depends on your social media account’s privacy settings. Please note that their own use of your information is not governed by this Privacy Notice.

2. How Do We Process Your Information?

We process your personal information for a variety of reasons, including:

• To facilitate account creation and authentication and otherwise manage user accounts.
• To deliver and facilitate delivery of services to the user, including displaying your mess bill, processing payments, and managing your subscription.
• To generate and deliver mess bills based on attendance data, diet type, institutional rate structure, and approved rebates.
• To calculate rebate eligibility and process leave applications, including validation against institutional attendance rules and duplicate claim detection.
• To verify academic status and residential eligibility, associating your profile with the correct hostel and student batch.
• To process peer-to-peer actions, facilitating Friend Actions and maintaining audit records of these actions.
• To respond to user inquiries and offer support, including through the AI chatbot.
• To send push notifications and administrative communications via OneSignal, including bill generation notifications, rebate status updates, payment confirmations, and security warnings.
• To fulfil and manage your orders, payments, and subscription transactions.
• To perform device integrity checks before processing financial transactions, including checks for rooted or jailbroken status.
• To facilitate AI chatbot interactions by processing your queries and relevant account context through Google Cloud Vertex AI.
• To share data with institutional administrators for the purpose of enforcing hostel rules, verifying attendance, auditing accounts, and managing mess operations.
• To generate digital receipts for your personal records.
• To protect our Services as part of our fraud monitoring and prevention efforts.
• To evaluate and improve our Services by identifying usage trends and determining the effectiveness of our features.
• To comply with our legal obligations, respond to legal requests, and exercise, establish, or defend our legal rights.
• To process diet change requests and forward them to the relevant Hostel Administration for review and approval.
• To manage loan deductions and financial aid provided by the Hostel Administration.
• To enforce automated fine rules set by the Hostel Administration.
• To detect VPN and proxy usage during payment flows to prevent fraud and comply with payment gateway security requirements.
• To monitor and mitigate runtime security threats using RASP measures including overlay detection, clipboard monitoring, and memory integrity verification.
• To enforce login rate limiting and brute-force protection, tracking failed login attempt counts using encrypted local storage.
• To provide home screen widget data displaying your pending bill amount and account status.
• To facilitate payment reconciliation across payment gateways, bank records, and institutional accounts.
• To maintain the Gravity Game leaderboard if you participate in the optional Gravity Game feature.

3. When and With Whom Do We Share Your Personal Information?

We may share your data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf. We have contracts in place with our third parties which are designed to help safeguard your personal information — they cannot do anything with your personal information unless we have instructed them to do it, and they commit to protect the data they hold on our behalf.

The third parties we may share personal information with are as follows:

• AI Service Providers: Google Cloud AI (Vertex AI / Gemini)
• User Account Registration and Authentication: Google Sign-In, Firebase Authentication
• Cloud Computing Services: Google Cloud Platform
• Functionality and Infrastructure: Cloud Firestore, Firebase Remote Config
• Push Notifications and Communications: OneSignal
• Invoice and Billing: Google Play Billing, HDFC SmartGateway / Juspay
• Web and Mobile Analytics: Google Analytics for Firebase
• Performance Monitoring: Firebase Crashlytics, Firebase Performance Monitoring
• App Distribution and Testing: Google Play Console
• Secret and Configuration Management: Google Cloud Secret Manager
• Event Messaging: Google Cloud Pub/Sub
• Image and Media Hosting: ImageKit
• Email Communications: SMTP email service provider (for transactional email notifications)
• Caching and Rate Limiting: Redis (for backend rate limiting and session management)
• Institutional Administrators: Hostel Administration, Mess Committee, and authorised institutional staff of your enrolled educational institution (for mess management, attendance verification, billing, and disciplinary purposes)

We also may need to share your personal information in the following situations: Business Transfers — in connection with any merger, sale of company assets, or acquisition; Legal Requirements — where we are legally required to do so in order to comply with applicable law, governmental requests, or a judicial proceeding; and Vital Interests and Legal Rights — where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, or situations involving potential threats to the safety of any person.

4. Tracking Technologies and Analytics

As Resido is primarily a mobile application, we do not use traditional browser cookies for tracking or advertising. However, we use the following technologies and SDKs to collect usage data:

• Firebase Analytics: Collects anonymised usage data including screen views, session duration, feature usage, and app events.
• Firebase Crashlytics: Automatically collects crash reports, stack traces, and device state information when the application encounters an error.
• Firebase Performance Monitoring: Collects performance metrics such as app startup time, network request latency, and screen rendering times.
• OneSignal SDK: Collects device tokens and tracks push notification delivery and engagement data.
• Google Analytics for Firebase: Used for general demographic analytics. To opt out of being tracked by Google Analytics, visit https://tools.google.com/dlpage/gaoptout.

We do not use any advertising SDKs, and we do not display advertisements within the application. We do not share your data with advertising networks or use tracking technologies to serve targeted advertisements.

Note on Google Advertising ID: The Application declares access to the Google Advertising ID (AD_ID) solely because it is required by Firebase Analytics for demographic analytics reporting. We do not use the Advertising ID for advertising purposes.

5. Do We Offer Artificial Intelligence-Based Products?

As part of our Services, we offer products, features, or tools powered by artificial intelligence, machine learning, or similar technologies (collectively, ‘AI Products’). We provide these through third-party service providers (‘AI Service Providers’), including Google Cloud AI (Vertex AI / Gemini).

Our AI Products are designed for: AI-powered chatbot assistance for answering user queries related to hostel mess operations, and automated response generation using account context data.

All personal information processed using our AI Products is handled in line with our Privacy Notice and our agreement with third parties. We do not use your personal data to train public or third-party AI models. To opt out of AI-powered features, simply choose not to interact with the AI chatbot assistant within the application, or contact us using the contact information provided in this Notice.

6. How Do We Handle Your Social Logins?

Our Services offer you the ability to register and log in using your Google account. Where you choose to do this, we will receive certain profile information from Google, including your name, email address, and profile picture. We will use the information we receive only for the purposes described in this Privacy Notice. We do not control, and are not responsible for, other uses of your personal information by Google. We recommend that you review their privacy notice to understand how they collect, use, and share your personal information.

7. How Long Do We Keep Your Information?

We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law. Specific retention periods are as follows:

• Personal profile information: Deleted within thirty (30) days of a valid account deletion request.
• Financial transaction records, mess bill histories, and rebate applications: Retained for up to seven (7) years (84 months) after account termination, as required by applicable Indian tax and accounting laws.
• AI chatbot conversation logs: Retained for up to twelve (12) months for quality improvement purposes, then anonymised or deleted.
• Push notification interaction data: Retained for up to six (6) months for analytics purposes.
• Security event logs: Retained for up to twenty-four (24) months for audit and investigation purposes.
• Device binding data: Retained for the duration of your account and deleted within thirty (30) days of account deletion.
• Gravity Game leaderboard data: Retained for the duration of your account and deleted upon account termination.
• Diet change request records: Retained for up to twelve (12) months after the request is resolved.
• Session and login rate-limiting data: Stored locally on your device and not retained on our servers.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise such information, or securely store your personal information and isolate it from any further processing until deletion is possible.

8. How Do We Keep Your Information Safe?

We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal information we process. These measures include:

• Encryption of data in transit using TLS/SSL protocols.
• Google Cloud Platform’s enterprise-grade infrastructure, certified for SOC 1, SOC 2, SOC 3, and ISO 27001 compliance.
• Device integrity checks to prevent access from compromised devices.
• Firebase Security Rules enforcing role-based access control (RBAC) at the database level with five distinct permission levels.
• Screenshot protection on sensitive screens within the application.
• Server-side rate limiting (200 requests per day, 50 requests per hour; login lockout after 5 failed attempts with a 5-minute cooldown).
• CORS restrictions limiting API access to authorised domains only.
• HMAC signature verification on all incoming payment gateway webhooks.
• AES-256-GCM encrypted local storage (EncryptedSharedPreferences) for sensitive authentication data on-device.
• HSTS, XSS protection, and other security headers on all server responses.
• Webhook replay protection using cryptographic nonces to prevent duplicate transaction processing.
• Unique request ID tracing across all server requests for audit trail and forensic investigation.
• PII-redacting log formatter that automatically strips email addresses, phone numbers, passwords, tokens, and credit card numbers from server logs.
• IP address whitelisting for payment gateway webhook sources.
• SSL/TLS certificate pinning to protect against man-in-the-middle attacks.
• Runtime Application Self-Protection (RASP) measures including overlay detection, clipboard monitoring, and memory integrity checks.

However, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. You should only access the Services within a secure environment.

9. Do We Collect Information From Minors?

Our Services are intended for users who are at least eighteen (18) years of age, or who are at least sixteen (16) years of age and have obtained verifiable consent from a parent or legal guardian. This exception recognises that first-year students at certain educational institutions may be under the age of 18 at the time of enrolment.

If you are a student under the age of 18, you represent that you have obtained parental or guardian consent to use the Services. We do not knowingly sell personal information of users under 18 years of age. If we learn that personal information from users under 16 years of age has been collected without verifiable parental consent, we will deactivate the account and take reasonable measures to promptly delete such data. If you become aware of any data we may have collected from children under age 16 without appropriate consent, please contact us at [email protected].

10. What Are Your Privacy Rights?

Withdrawing your consent: If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time by contacting us using the details in this Notice. Please note that this will not affect the lawfulness of the processing before its withdrawal.

Account Information: If you would like to review or change the information in your account or terminate your account, you can contact us using the contact information provided, log in to your account settings and update your user account, or request account deletion through the in-app account deletion mechanism.

Upon your request to terminate your account, we will deactivate or delete your account and personal information from our active databases within thirty (30) days. However, we may retain financial records as described in Section 7.

If you have questions or comments about your privacy rights, you may email us at [email protected].

11. Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognising and implementing DNT signals has been finalised. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

12. Artificial Intelligence and Automated Support

We utilise Google Cloud Vertex AI (Gemini) to provide automated customer support and chat assistance within the application. When you interact with our support chatbot, the text of your queries and a summary of your account context (such as your current mess bill status, wallet balance, and active rebates) are processed by Google’s AI models to generate a response.

This processing is performed solely to answer your inquiries. We do not use your personal data to train public AI models, and your data is handled in accordance with Google Cloud’s data privacy and security terms. Conversations with the AI chatbot may be logged for the purpose of improving the quality and accuracy of the Service.

The AI chatbot provides informational responses only and does not constitute official administrative, financial, or legal advice. The Company is not liable for any loss or adverse outcome resulting from reliance on chatbot responses.

13. Biometric Data Handling

You may choose to use your device’s biometric security features (such as fingerprint or face unlock) to access the App. We do not collect, store, or transmit your biometric data to our servers. All biometric verification is performed locally by your device’s operating system using the device manufacturer’s hardware. The App only receives a ‘Success’ or ‘Failure’ result from your device to grant or deny access. Biometric authentication is optional and can be enabled or disabled at your discretion through the App’s settings.

14. Institutional Data Sharing

The Application serves as a management tool for enrolled educational institutions. You acknowledge and agree that your personal information, including your profile details, mess attendance records, rebate applications, and bill payment status, will be accessible to the Hostel Administration, Mess Committee, and authorised institutional staff for the purpose of managing hostel operations, auditing accounts, and enforcing institutional rules.

Service availability, features, and billing configurations may vary between institutions based on their individual agreements with the Company. Your data is scoped to the specific institution to which you are enrolled and registered within the App.

15. Device Integrity and Security Scanning

To ensure the security of financial transactions and prevent fraud, the Application performs comprehensive checks on your device’s integrity. These checks include scanning for:

• Root access (superuser privileges, ‘su’ binaries, and root management applications)
• Magisk and MagiskHide (systemless root concealment tools)
• Xposed Framework and EdXposed (system-level hooking frameworks)
• Frida injection tools (dynamic instrumentation toolkit commonly used for reverse engineering)
• Debugger attachment (anti-debug detection to prevent runtime code inspection)
• Hooking framework signatures (detection of function interception tools)
• Emulator environments (detection of virtual machines used to simulate physical devices)
• Custom ROMs (test-keys detection indicating non-official firmware)
• VPN and proxy connections (active VPN detection and proxy configuration analysis during payment flows)
• Overlay attacks and tapjacking (detection of malicious screen overlays that could intercept user input)
• Tampered application integrity (verification that the application has not been modified or repackaged)
• Dangerous applications (scanning for approximately 20 known root-related and security-compromising applications)

If such modifications or threats are detected, access to the Application may be restricted or terminated to protect your account and financial data. This data is used solely for security verification purposes and is not shared with third parties beyond what is necessary to verify device integrity (e.g., Google Play Integrity API).

16. Payment Processors

We primarily utilise HDFC Bank (SmartGateway) and Juspay for processing mess bill payments, and Google Play Billing for app subscription fees. We do not store your complete banking or credit card information on our servers; this data is processed directly by these secure third-party payment gateways.

We receive only the following information from our payment processors: transaction status (success, failure, or pending), transaction reference ID, payment amount, and timestamp of the transaction.

For information on how these payment processors handle your data, please refer to their respective privacy policies: HDFC Bank · Juspay · Google Play Billing

17. Legal Basis for Processing

We process your personal information based on the following legal grounds under applicable Indian law, including the Digital Personal Data Protection Act, 2023 (DPDPA) and the Information Technology Act, 2000:

• Consent: When you create an account, agree to this Privacy Notice, or voluntarily provide your information (e.g., signing up, making a payment, interacting with the AI chatbot).
• Contractual Necessity: When processing is necessary to perform our obligations under the Terms of Service — such as calculating mess bills, processing payments, managing rebates, and providing customer support.
• Legitimate Interest: When processing is necessary for our legitimate interests (e.g., fraud prevention through device integrity checks, service improvement through analytics, security monitoring) and those interests are not overridden by your data protection rights.
• Legal Obligation: When we are required to process your information to comply with applicable law (e.g., retaining financial records for tax and auditing purposes under Indian tax regulations).

18. Automated Decision-Making

Certain features of the Services involve automated processing of your data without direct human intervention, including:

• Mess Bill Calculation: Your monthly mess bill is automatically calculated based on your diet type, institutional rate structure, and approved rebates, following rules defined by the Hostel Administration.
• Rebate Eligibility: Rebate applications are automatically validated against institutional attendance rules and may be automatically flagged or rejected for reasons such as duplicate claims, invalid dates, or exceeding the maximum rebate allowance.
• Device Security Decisions: Access to the Services may be automatically restricted if automated security checks detect a rooted, jailbroken, or emulated device.

These automated decisions are based on institutional rules and not on AI-based profiling. If you believe an automated decision has been made in error, you have the right to contact the Hostel Administration or to reach out to us at [email protected] to request a manual review.

19. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant Data Protection authority (if applicable under the DPDPA) within seventy-two (72) hours of becoming aware of the breach, where feasible.
• Notify affected users without undue delay through push notification, email, or in-app announcement, providing a description of the nature of the breach, the categories and approximate number of data records concerned, the likely consequences of the breach, and the measures we have taken or propose to take to address the breach.
• Maintain an internal record of all data breaches, whether or not they are required to be reported.

We will take all reasonable steps to mitigate the effects of any data breach and to prevent recurrence.

20. Data Portability and Export

You have the right to request a copy of the personal data we hold about you by contacting us at [email protected].

The Services do not currently offer an automated data export or portability feature within the application. If you require copies of your financial records (such as payment receipts or bill histories), please download available digital receipts through the App before initiating an account deletion request.

Upon receiving a valid data portability request, we will provide you with a copy of your data in a commonly used, machine-readable format (such as CSV or JSON) within thirty (30) days.

21. Cross-Border Data Transfers

Our Services are hosted on Google Cloud Platform infrastructure located in India and the United States. If you access the Services from any other region of the world, through your continued use of the Services, you are transferring your data to India and the United States, and you expressly consent to have your data transferred to and processed in India and the United States.

Google Cloud Platform maintains compliance with internationally recognised security and privacy frameworks, including SOC 2, ISO 27001, and ISO 27017. We ensure that any transfer of your data to a jurisdiction outside India is conducted in compliance with the requirements of the Digital Personal Data Protection Act, 2023.

22. Grievance Officer and Data Protection Officer

In accordance with the Information Technology Act, 2000 and Rules made thereunder, and the Digital Personal Data Protection Act, 2023 (DPDPA), the designated Grievance Officer and Data Protection Officer (DPO) for the Company is:

The Grievance Officer shall acknowledge your complaint within forty-eight (48) hours and shall resolve the complaint within thirty (30) days of receipt.

23. Age Requirement and Parental Consent

The Services are intended for use by enrolled students of educational institutions that have adopted the Resido platform. The general age requirement for using the Services is eighteen (18) years of age. However, we recognise that first-year students at certain educational institutions may be under the age of 18 at the time of enrolment. If you are a student between the ages of sixteen (16) and eighteen (18), you represent that you have obtained verifiable parental or guardian consent to use the Services and to share your personal information for the purpose of hostel administration.

We do not inadvertently collect data from minors; we collect data from enrolled students as authorised by their educational institution. Users under the age of sixteen (16) are not permitted to use the Services under any circumstances.

24. Do We Make Updates to This Notice?

Yes, we will update this notice as necessary to stay compliant with relevant laws. We may update this Privacy Notice from time to time. The updated version will be indicated by an updated ‘Last updated’ date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we will notify you by prominently posting a notice within the mobile application and may also send you a push notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information.

25. How Can You Contact Us About This Notice?

If you have questions or comments about this notice, you may contact our Grievance Officer and Data Protection Officer using the contact details provided in Section 22 above, or contact us by post at:

Resido Technologies
Data Protection Officer
House No. 04, 2nd Main, 4th Cross
Ward No. 07, Anjani Extension
Chintamani, Karnataka 563125
India

For general inquiries: [email protected]

26. How Can You Review, Update, or Delete the Data We Collect From You?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law.

To request to review, update, or delete your personal information, please email [email protected] or use the account management features within the application. We will respond to your request within thirty (30) days of receipt. We may require you to verify your identity before processing your request.