Welcome to Staaz. This Privacy Policy explains how we collect, use, store, share, and protect information when you use the Staaz mobile application, web portal, and related services (collectively, the "Service").
Staaz is built for owners, managers, staff, and tenants of paying-guest (PG) accommodations and hostels in India. By using the Service, you agree to the practices described in this policy.
1 Information we collect
1.1 Information you provide
- Account & profile data: full name, mobile number, email, gender, date of birth, profile photo.
- KYC and identity documents: government-issued ID (Aadhaar, PAN, passport, driving licence), address proof, photograph — uploaded by tenants or staff for verification.
- Organisation & property data: PG / hostel name, branch addresses, room and bed inventory, amenities, fee plans.
- Tenancy data: bed assignment, move-in / move-out dates, agreement details, emergency contacts, meal preference.
- Billing & payment data: rent and deposit amounts, invoices, payment receipts, bank-account details required for refunds (for owners only).
- Operational data: maintenance tickets, gate-pass / visitor logs, leave records, attendance, payroll.
- Communications: messages, support requests, feedback, and any content you submit via the Service.
1.2 Information collected automatically
- Device & technical data: device model, operating system, app version, language, time zone, crash logs, IP address.
- Usage data: screens viewed, features used, session timestamps, and other interaction events used for product improvement.
- Authentication tokens: Firebase ID tokens issued during sign-in, used to keep you signed in securely.
1.3 Information from third parties
- Firebase Authentication: phone number and verification status when you sign in via OTP.
- Razorpay: payment status, transaction IDs, and reconciliation events for payments processed through the Service.
2 How we use your information
We use the information we collect to:
- Create and manage your Staaz account and verify your identity.
- Operate core features — tenant onboarding, bed assignment, billing, deposit, refunds, payroll, attendance, tickets, and gate management.
- Generate invoices, collect payments, send reminders, and reconcile bank transactions.
- Send transactional notifications (SMS, push, email, WhatsApp) such as invoice alerts, OTPs, and reminders.
- Provide reports, analytics, and audit logs to authorised users within your organisation.
- Detect, prevent, and investigate fraud, abuse, and security incidents.
- Comply with applicable laws, tax regulations, and lawful requests from authorities.
- Improve the Service, fix bugs, and develop new features.
We do not sell your personal data, and we do not use your KYC documents or financial data for advertising or marketing purposes.
3 How we share information
We share information only in the following circumstances:
- Within your organisation: with the owner, managers, and staff of the PG / hostel you are associated with, based on their role and permissions.
- Service providers: hosting (Google Cloud / Firebase), database, file storage, payment processing (Razorpay), SMS / WhatsApp / email gateways, and analytics — all bound by confidentiality and data-processing terms.
- Legal & safety: when required by law, court order, or to protect the rights, property, or safety of Staaz, our users, or the public.
- Business transfers: in the event of a merger, acquisition, or sale of assets, with continued protection of your information.
4 Data storage & retention
Your data is stored on secure cloud infrastructure located primarily in India (Asia-South region). Backups may be replicated to other regions for disaster-recovery purposes.
We retain your information for as long as your account is active or as needed to provide the Service. After account closure:
- Operational data may be retained for up to 7 years to comply with tax, accounting, and legal obligations under Indian law.
- Audit logs are retained for at least 2 years for security and compliance purposes.
- KYC documents are retained as long as the associated tenancy is active and for a reasonable period thereafter, unless deletion is requested.
5 Security
We take reasonable technical and organisational measures to protect your information, including:
- Encryption of data in transit (HTTPS / TLS) and at rest where supported by our infrastructure.
- Role-based access control — staff and managers only see data they are permitted to.
- Firebase-backed authentication with phone-OTP and session token refresh.
- Audit logging of sensitive operations (payments, refunds, role changes).
- Regular security review of dependencies and infrastructure.
No method of transmission or storage is 100% secure. If we become aware of a breach affecting your personal data, we will notify you and the appropriate authorities as required by law.
6 Your rights and choices
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data through the app or by contacting us.
- Request deletion of your account and personal data, subject to legal retention requirements.
- Withdraw consent for optional processing (e.g., promotional messages).
- Opt out of non-essential notifications from device settings or in-app preferences.
- Lodge a complaint with the relevant data-protection authority.
To exercise any of these rights, email us at [email protected]. We will respond within a reasonable time, typically within 30 days.
7 Children's privacy
Staaz is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us information, please contact us so we can take appropriate steps to remove it.
8 Third-party services
The Service integrates with the following third-party providers. Their use of your data is governed by their own privacy policies:
- Google Firebase — authentication, push notifications, file storage, analytics.
- Razorpay — payment processing and payout for refunds.
- SMS / WhatsApp / Email gateways — transactional message delivery.
We do not control these third parties and are not responsible for their privacy practices. We recommend reviewing their policies before use.
9 Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you in-app or by email, and update the "Last updated" date at the top of this page. Continued use of the Service after changes become effective constitutes acceptance of the updated policy.
10 Contact us
If you have questions, concerns, or requests regarding this Privacy Policy or your data, reach out to us: