MySociety MySociety Portal

Privacy Policy | MySociety

How we handle personal information when you use the MySociety platform.

This Privacy Policy ("Policy") explains how Digital Creatings Private Limited ("Digital Creatings", "we", "us", or "our") collects, uses, discloses, and protects personal information when you visit mysocietyportal.com, register a housing society, or use the MySociety software platform and related services (the "Service").

By using the Service, you acknowledge this Policy. If you do not agree, please do not use the Service. This Policy should be read together with our Terms of Use.

Data fiduciary / operator: Digital Creatings Private Limited

Product: MySociety

Privacy contact: support@mysocietyportal.com

1. Roles and scope

Who this Policy covers

This Policy applies to:

  • Visitors to our marketing website
  • Society administrators and staff who register or manage a Society on MySociety
  • Residents, guards, supervisors, and other Users with accounts on the platform
  • Individuals whose information is entered into the Service by a Society (for example, visitors logged at the gate)

Controller and processor roles

For most personal data relating to residents, visitors, and society operations, the Society (housing society / association) determines why and how data is used and is the data fiduciary (controller). Digital Creatings processes that data on the Society's instructions to provide the Service and acts as a data processor.

For data we collect directly — such as society registration details, billing contacts, website analytics, and platform security logs — Digital Creatings may act as the data fiduciary.

Residents with questions about data their Society holds should contact their Society Administrator first. We will assist Societies in fulfilling lawful requests where appropriate.

2. Information we collect

Depending on how you use the Service, we may collect the following categories of information:

2.1 Society registration and billing

  • Society name, address, city, state, pincode
  • Contact person name, phone number, and email
  • Approximate unit count and onboarding details
  • Payment method, transaction references, and payment proof uploads (where applicable)
  • Subscription status, plan details, and billing history

2.2 User account information

  • Name, email address, mobile number, role (admin, supervisor, guard, resident)
  • Login credentials (passwords are stored using one-way hashing — we do not store plain-text passwords)
  • Profile photos uploaded by Users
  • Account status, approval status, and audit records of administrative actions

2.3 Resident and flat data (entered by Societies)

  • Flat or unit assignments, ownership type (owner/tenant), move-in dates
  • Property owner contact details where a tenant registers
  • Family member, vehicle, and emergency contact records (where enabled)
  • Maintenance balances, payments, receipts, and billing history

2.4 Gate, visitor, and security data

  • Visitor names, phone numbers, vehicle details, purpose of visit, and entry/exit times
  • Delivery and pre-authorized visitor records
  • Photographs or images captured at the gate where Societies enable photo logging
  • Staff member who logged each entry

2.5 Operational and communication data

  • Complaints, SOS alerts, notices, expenses, and society documents uploaded to the platform
  • Notification preferences and message delivery logs
  • Firebase Cloud Messaging (FCM) device tokens and web push subscription data
  • WhatsApp message delivery metadata via Meta WhatsApp Cloud API (message content is transmitted to deliver society-configured alerts)
  • Email delivery logs via our SMTP provider

2.6 Technical and usage data

  • IP address, browser type, device information, and access timestamps
  • Session, authentication, and security logs
  • Error reports and performance data needed to maintain the Service
  • Cookies and similar technologies on our marketing website (see Section 9)

3. How we use information

We use personal information to:

  • Provide, operate, maintain, and improve the Service
  • Register Societies, provision tenant workspaces, and authenticate Users
  • Process subscriptions, payments, renewals, and support requests
  • Send transactional notifications (gate alerts, bills, notices, OTPs, and account messages)
  • Enforce tenant isolation, prevent fraud, and protect platform security
  • Generate reports and exports requested by authorized Society personnel
  • Comply with legal obligations and respond to lawful requests
  • Analyse aggregated, de-identified usage to improve product design

We do not sell Society or resident personal data to third parties for their marketing purposes.

4. Legal basis (India)

We process personal information in accordance with applicable Indian law, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act"), as applicable.

Processing is based on one or more of the following, as relevant:

  • Performance of a contract (providing the Service to Societies and Users)
  • Legitimate uses permitted under applicable law (security, fraud prevention, service improvement)
  • Consent, where required (for example, optional marketing communications or certain resident uploads managed by Societies)
  • Compliance with legal obligations

Societies are responsible for obtaining valid consent from residents and other data principals where required before uploading personal data to MySociety.

5. How we share information

We may share personal information only as described below:

  • Within a Society's workspace: Authorized Users see data according to their role and permissions.
  • Service providers: We use trusted subprocessors to host infrastructure, deliver messages, and operate the Service, including cloud hosting, Firebase Cloud Messaging, Meta WhatsApp Cloud API, and email (SMTP) providers. These providers process data under contractual obligations appropriate to their role.
  • Legal and safety: We may disclose information if required by law, court order, or government authority, or to protect rights, safety, and security of users and the public.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, personal information may transfer subject to this Policy or equivalent protections.

We do not permit service providers to use Society data for unrelated advertising.

6. Data retention

We retain personal information for as long as necessary to provide the Service, fulfill the purposes described in this Policy, and comply with legal obligations.

  • Active Society accounts: Customer Data is retained while the Subscription is active and as configured by the Society.
  • After termination: We may retain limited data for billing, dispute resolution, and legal compliance, then delete or anonymize it unless further retention is required by law.
  • Security and audit logs: Retained for a reasonable period to investigate incidents and meet compliance needs.
  • Gate and visitor data: Societies may configure retention; we may also run automated cleanup of old visitor records where configured.

Societies may request export or deletion assistance by contacting support@mysocietyportal.com, subject to legal retention requirements.

7. Storage and security

7.1 Multi-tenant isolation

Each Society's data is logically separated using tenant identifiers and database query scoping. Users can access only the Societies and data their role permits.

7.2 Security measures

We implement reasonable safeguards, including:

  • Encrypted connections (HTTPS/TLS) for data in transit
  • Hashed passwords and role-based access controls
  • Administrative audit logs for sensitive actions
  • Environment-based secrets management (credentials are not stored in application code)
  • Access restrictions for production systems

No method of transmission or storage is completely secure. You should use strong passwords and notify us promptly of suspected unauthorized access.

7.3 Document storage

Uploaded files and documents are stored on secure storage (local server storage or S3-compatible object storage in production), subject to the 5 GB per-Society limit described in our Terms.

8. Your rights and choices

Depending on applicable law (including the DPDP Act), individuals may have rights to:

  • Access personal information held about them
  • Request correction of inaccurate or incomplete data
  • Request erasure, subject to legal exceptions
  • Withdraw consent where processing is consent-based
  • Nominate another person to exercise rights in certain circumstances
  • Grieve to us regarding processing concerns

Residents: Please contact your Society Administrator to exercise rights relating to society operational data. We will support Societies in responding to valid requests.

Society Administrators: Contact support@mysocietyportal.com for platform-level requests, account deletion, or data export assistance.

We may verify identity before fulfilling requests and respond within timelines required by applicable law.

9. Cookies and similar technologies

Our marketing website and authenticated portals may use cookies, local storage, and similar technologies to:

  • Maintain login sessions and security tokens
  • Remember preferences (such as language selection)
  • Measure basic site performance and prevent abuse

You can control cookies through browser settings. Disabling essential cookies may affect login and core functionality.

10. Children's privacy

The Service is intended for use by adults managing housing societies and residents aged 18 and above. We do not knowingly collect personal information from children under 18 without appropriate authorization. If you believe a child's data was submitted improperly, contact us at support@mysocietyportal.com.

11. International data transfers

Our primary infrastructure is intended for deployment in India. Some subprocessors (such as Google Firebase or Meta) may process data on servers located outside India as part of message delivery. Where required, we take steps consistent with applicable cross-border transfer requirements.

12. Third-party links

The Service may contain links to third-party websites or payment interfaces. We are not responsible for the privacy practices of those sites. Review their policies before providing personal information.

13. Changes to this Policy

We may update this Policy from time to time. The "Last updated" date at the top of this page will change when we do. Material changes will be posted on this page and, where appropriate, notified to Society Administrators. Continued use after changes take effect constitutes acceptance of the updated Policy.

14. Grievance and contact

If you have questions, concerns, or complaints about this Policy or our data practices, contact:

Digital Creatings Private Limited
Grievance / Privacy contact
Email: support@mysocietyportal.com
Website: mysocietyportal.com

We will acknowledge and address grievances in accordance with applicable Indian law, including reasonable timelines under the DPDP Act and IT Rules where they apply.