1. Who We Are
HCMPro ("we", "us", "our", or the "Service") is a Housing Community Management Software-as-a-Service platform owned and operated by SVTechPro, based in Andhra Pradesh, India. We provide multi-tenant SaaS tools to residential housing communities (apartments, villas, gated societies) for managing billing, payments, members, tenants, visitors, gate access, meetings, governing bodies, and related operations.
This Privacy Policy applies to all users of HCMPro — whether you access the Service via our web app at https://hcmpro.in, our mobile applications, or our APIs.
2. Data We Collect
2.1 Account & Profile Data
When you (or your community admin) create an account, we collect:
- Full name, email address, mobile number
- Role within the community (admin, accountant, member, tenant, etc.)
- Community membership and unit assignment
- Encrypted password (we never store plaintext passwords; we use bcrypt hashing)
- Optional: ID proof type and number (only if voluntarily provided during onboarding)
- Optional: vehicle number, emergency contact
2.2 Community & Operations Data
For community admins, we store data necessary to manage the community:
- Community name, address, registration details
- Unit/villa list, block structure, bedroom count
- Member and tenant records (entered by your community admin)
- Maintenance rates, special levies, expenditure records
- Visitor logs, gate entry/exit records
- Meeting agendas, attendance, minutes
2.3 Payment & Financial Data
- Subscription invoice records (community payments to SVTechPro)
- Maintenance dues records, payment month allocations
- UPI transaction references, Razorpay order IDs and payment IDs
- We do NOT store full card numbers, CVV, UPI PINs, or net-banking credentials. All such sensitive payment data is handled directly by Razorpay (PCI-DSS Level 1 certified) under their secure environment.
2.4 Communication Data
- Email delivery logs (subject, recipient, timestamp, message ID)
- WhatsApp message logs (sender/recipient phone, template name, delivery status, timestamp)
- Push notification tokens (FCM device tokens — never tied to other personal data outside our system)
2.5 Technical Data
- IP address (session-level, for security and fraud prevention)
- Browser type, device type, operating system
- Timestamps of login, key actions, and API requests (audit logs)
- Session and refresh tokens (stored securely; refresh token in httpOnly cookies)
3. How We Use Your Data
We use the data we collect for the following lawful purposes:
- Service delivery — to operate, maintain, and provide the HCMPro platform features you (or your community admin) have enabled
- Payment processing — to issue subscription invoices, record maintenance dues payments, and route money correctly between members, communities, and SVTechPro
- Communications — to send transactional emails and WhatsApp messages (welcome, payment receipts, dues reminders, account credentials, onboarding invites, meeting notices)
- Security — to detect and prevent fraud, abuse, and unauthorized access
- Support — to respond to your queries and provide customer support
- Legal compliance — to meet our obligations under Indian law, respond to lawful requests from authorities, and enforce our Terms of Service
- Service improvement — to analyze aggregated, anonymized usage patterns to improve the platform (we do not perform individual profiling for marketing purposes)
4. Legal Basis for Processing
We process your personal data under the following legal grounds (per the DPDP Act, 2023):
- Consent — when you sign up, complete onboarding, or explicitly opt in
- Legitimate use — to deliver the Service you requested, perform our contract with your community, and ensure platform security
- Legal obligations — when required by Indian law, regulation, or court order
5. When We Share Your Data
We do not sell your personal data. We share data only in these specific circumstances:
- Within your community — your name, unit, dues status, and similar data is visible to admins, accountants, and (where appropriate) other members of your community as needed for community management
- With service providers — see Section 6 below
- Legal requirements — to comply with court orders, lawful government requests, or to protect rights, property, or safety
- Business transfers — in the event of a merger, acquisition, or sale of SVTechPro, your data may be transferred to the successor entity (we will notify you via email if this happens)
6. Third-Party Services We Use
HCMPro relies on the following sub-processors to deliver the Service. Each is listed with the data they receive and their own privacy commitments:
6.1 Razorpay (Payments)
Used for: subscription invoice payments and member maintenance dues collection.
Data shared: payer name, email, mobile, payment amount, order/payment IDs.
Privacy policy: razorpay.com/privacy
6.2 Meta (WhatsApp Cloud API)
Used for: sending WhatsApp messages (welcome, receipts, reminders, onboarding invites).
Data shared: recipient mobile number, message template parameters (name, amount, etc.).
Privacy policy: WhatsApp Business Policy
6.3 Google Firebase (FCM)
Used for: push notifications to your device.
Data shared: anonymized device token, notification payload (message body).
Privacy policy: firebase.google.com/support/privacy
6.4 Hostinger (SMTP Email)
Used for: sending transactional emails.
Data shared: recipient email, message subject and body.
Privacy policy: hostinger.com/privacy-policy
6.5 MilesWeb (Hosting / Infrastructure)
Used for: hosting our application servers and PostgreSQL database within India.
Data hosted: all platform data described in Section 2.
Privacy policy: milesweb.in/privacy-policy
Note: Each third-party service is bound by its own terms and privacy policies. SVTechPro selects vendors with strong privacy and security practices but cannot control their internal operations. By using HCMPro, you acknowledge that data shared with these vendors is subject to their respective policies.
7. Data Retention
- Active accounts: data is retained for the duration of your community's subscription
- Cancelled accounts: data is retained for 90 days after cancellation, then either anonymized or deleted (except where retention is required by law, e.g., financial records under tax law)
- Audit logs and payment records: retained for 7 years to comply with Indian tax and accounting requirements (Income Tax Act, GST law)
- Email and WhatsApp delivery logs: retained for 12 months for support and dispute resolution
You can request earlier deletion via our contact form (subject to legal retention obligations).
8. Data Security
We implement industry-standard security measures, including:
- Encryption in transit: all data is transferred over HTTPS (TLS 1.2+)
- Encryption at rest: sensitive credentials (API keys, SMTP passwords, payment gateway secrets) are stored using AES-256-CBC encryption
- Password hashing: user passwords are stored using bcrypt one-way hashes; we cannot recover your password and never store it in plaintext
- Authentication: JWT-based authentication with short-lived access tokens (15 minutes) and httpOnly refresh cookies
- Access controls: role-based permissions ensure users only access data appropriate to their role
- Audit logging: sensitive actions (logins, payments, role changes) are logged for security monitoring
- Database isolation: multi-tenant architecture ensures one community cannot access another community's data
Despite these measures, no system is completely immune to breaches. If we discover a breach affecting your data, we will notify you and the Data Protection Board of India as required by law.
9. Your Rights Under DPDP Act, 2023
As a Data Principal (data subject) under Indian law, you have the right to:
- Right to access — request a summary of personal data we hold about you
- Right to correction — request correction of inaccurate or incomplete data
- Right to erasure — request deletion of your personal data (subject to legal retention requirements)
- Right to grievance redressal — escalate complaints to our Grievance Officer (see Section 14)
- Right to nominate — appoint a person to exercise your rights in case of death or incapacity
- Right to withdraw consent — withdraw consent for processing where applicable
To exercise any of these rights, please email admin@hcmpro.in with the subject "DPDP Rights Request". We will respond within 30 days.
10. Cookies and Similar Technologies
HCMPro uses minimal cookies, all of which are necessary for the Service to function:
hcmpro_rt (httpOnly, Secure, SameSite) — refresh token for keeping you logged in. Cannot be read by JavaScript. Path-restricted to /api/auth.- Session cookies set by Razorpay during the payment flow — necessary for payment processing.
We do not use third-party advertising cookies, tracking pixels, or analytics that profile individual users.
11. Children's Data
HCMPro is intended for use by adults (18+) involved in housing community management. We do not knowingly collect personal data from children under 18. If a parent or guardian becomes aware that their child has provided us with personal data, please contact us immediately at admin@hcmpro.in and we will delete the data promptly.
12. International Data Transfers
HCMPro hosts all primary data within India (MilesWeb VPS, Indian region). Some sub-processors operate globally:
- Meta (WhatsApp): data may be processed in Meta's global infrastructure
- Google Firebase (FCM): push notifications routed via Google's global infrastructure
These transfers are necessary for service delivery and are protected by the respective vendors' privacy commitments and applicable cross-border data transfer mechanisms.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will:
- Update the "Last updated" date at the top of this page
- Notify community admins via email for material changes
- Provide at least 30 days' notice for material changes that materially affect your rights
Continued use of HCMPro after changes take effect constitutes acceptance of the updated policy.
For any privacy concerns, data subject rights requests, or grievances, please contact:
- Grievance Officer: Privacy Team, SVTechPro
- Email: admin@hcmpro.in
- Phone: +91 94915 52702
- Address: SVTechPro, Andhra Pradesh, India
- Response time: within 30 days of receipt (per DPDP Act requirements)
If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India.