Stay Verify

Privacy Policy for StayVerify

Last Updated: 09/10/2025

This Privacy Policy describes how Infra Marine Innovations LLP ("StayVerify", "we", "us", or "our") collects, uses, processes, and discloses your information in relation to your access to and use of the StayVerify services.

This policy is drafted in compliance with applicable data protection regulations, including the EU General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act, 2023 (DPDPA).

1. Data Fiduciary & Contact Information

For the purpose of this policy, the Data Fiduciary (equivalent to "Data Controller" under GDPR) responsible for your personal information is:

Infra Marine Innovations LLP
Shop No. 6, Second Floor, Karma Point,
Vasco da Gama, Goa 403802, India

Email: sales@stayverify.com
Mobile: +91 8793869171

If you have any questions about this Privacy Policy or our information handling practices, please contact us using the above details.

2. Information We Collect

We collect and process different types of data depending on your role — Property Owner (Client) or Guest.

2.1 For Property Owners (Our Clients)

As a registered user of our platform, we collect data necessary to provide, maintain, and improve our services. We act as the Data Fiduciary for this information.

  • Identity & Account Data: Name, email, mobile number, and login credentials.
  • Property Data: Property name, address, and contact details.
  • Transaction Data: Subscription plan details and payment information (processed via Razorpay; StayVerify does not store full card or bank details).
  • Technical Data: IP address, browser type, and usage data for analytics and security.

2.2 For Guests of Property Owners

When Property Owners verify guests through StayVerify, we process guest information on behalf of the Property Owner. In this context:

  • The Property Owner is the Data Fiduciary, and
  • StayVerify acts as the Data Processor.

We process:

  • Identification Data: Government-issued ID (e.g., Aadhaar, Passport, Driving Licence).
  • Extracted Data: Information derived from ID such as name, date of birth, and ID number for verification purposes.

3. Purpose and Legal Basis for Processing Data

We process data only for specific, lawful, and clearly defined purposes.

  • To Provide Our Services (Contractual Necessity): To create and manage user accounts, verify guests, and process subscriptions.
  • For Legitimate Interests: To maintain system security, improve service quality, and offer customer support.
  • To Comply with Legal Obligations: To fulfill compliance requirements under Indian hospitality and verification laws.
  • With Consent: Property Owners are responsible for obtaining guest consent prior to collecting or uploading ID data for verification.

4. Data Retention and Deletion

We retain personal data only as long as necessary for operational or legal purposes.

  • Property Owner Data: Retained while the subscription remains active and for a reasonable period thereafter to meet legal obligations.
  • Guest Data: All uploaded guest documents and extracted data are automatically and permanently deleted 60 days after the guest's check-out date. This ensures privacy, compliance, and minimal data retention.

5. Your Rights as a Data Subject

Under GDPR and DPDPA, you have the following rights:

  • Right to Access: Obtain details of the personal data held about you.
  • Right to Rectification: Correct inaccurate or incomplete information.
  • Right to Erasure (Right to be Forgotten): Request deletion of your data, subject to legal obligations.
  • Right to Restrict Processing: Ask us to limit data use under certain circumstances.
  • Right to Data Portability: Receive your data in a portable, machine-readable format.
  • Right to Grievance Redressal: Seek resolution for privacy concerns or disputes.

If you are a guest, please contact the Property Owner (Data Fiduciary) first to exercise these rights.

6. Data Security

We use industry-grade security measures to protect your data:

  • Encryption: Data in transit and at rest is encrypted.
  • Access Control: Restricted access to authorized personnel only.
  • Secure Infrastructure: Hosted on Google Firebase (Google Cloud) with built-in compliance and reliability.
  • Periodic Audits: Security and compliance audits to ensure ongoing protection.

While we strive for 100% security, no electronic system can guarantee absolute safety.

7. Third-Party Service Providers (Data Processors)

We use trusted partners to facilitate our operations. These processors are bound by strict privacy and data protection obligations:

  • Google Cloud / Firebase: Application hosting, database, storage, and authentication.
  • Razorpay: Secure payment gateway for subscriptions and transactions.
  • Cashfree API: Official integration for Aadhaar, Passport, and Driving Licence verification.

All third-party integrations are DPDPA-compliant and ensure secure data transmission and storage.

8. Data Transfers

All user and guest data is processed within India, in compliance with Indian data localization laws. In limited cases (e.g., system analytics), non-personal metadata may be transmitted to global servers in compliance with applicable international data transfer regulations.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically. When we make material changes, we will notify users via email or a notice on our platform. Your continued use of the service after changes are posted constitutes acceptance of the revised policy.