SPHOTA Privacy Policy
SPHOTA - Valuers' Trusted Partner for Property Site Visits - is a product of SSV Site Inspections Private Limited.
Privacy Summary
This Privacy Policy explains how SSV Site Inspections Private Limited ("SPHOTA", "we", "us" or "our") collects, uses, stores, processes, shares and protects personal data when you use the SPHOTA website, mobile application and related services.
SPHOTA is a technology-enabled marketplace platform connecting independent property valuers and independent civil engineers for property site-visit assignments. SPHOTA does not conduct valuations, issue valuation reports, provide engineering certifications or legal opinions, or make lending decisions.
1. Data Fiduciary
For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDP Act") and applicable rules, SPHOTA is the Data Fiduciary and you are the Data Principal for the personal data processed through the Platform.
2. Personal Data We Collect
Depending on your role as a valuer, engineer, organization representative, client or other user, we may collect the following categories of personal data:
- Identity and contact data: full name, mobile number, email address, date of birth, address and profile photograph.
- Identity-verification data: PAN and Aadhaar in masked or offline form only. Where required, we may also accept Driving Licence, Voter ID or Passport details for KYC verification.
- Professional data: educational certificates, professional registrations, licences, qualification records and work-experience details for engineers and valuers.
- Banking and payment data: bank account number, IFSC code, account-holder name, UPI handle, wallet records, transaction details, invoices, payout records and refund records.
- Assignment data: site-visit records, property photographs, GPS records, route or location-verification data, measurements, assignment history, visit reports, timestamps, uploaded reports and quality-review information.
- Technical data: IP address, device and browser information, operating system, app logs, usage data, diagnostics and crash reports.
- Support and dispute data: communications with us, complaint records, dispute evidence, internal review records and fraud-prevention records.
3. Aadhaar Handling
We do not store your full 12-digit Aadhaar number. Aadhaar-based KYC, where used, is performed through permitted offline or masked methods, such as Offline e-KYC XML or QR verification. We retain only the last four digits and verification result where required. Aadhaar data is collected and used in accordance with the Aadhaar Act, 2016, UIDAI requirements and applicable law.
4. App Permissions
The SPHOTA app may request permissions that are necessary to operate assignment workflows and protect assignment authenticity.
- Location: used to capture GPS coordinates, route or location-verification data and visit timestamps while an assignment is active. We do not collect background location when no assignment is in progress.
- Camera: used to capture property photos, site-visit evidence, profile photos and document images required for KYC, assignment quality control or dispute review.
- Files, photos or storage: used to upload documents, certificates, reports, property photos and assignment evidence selected by you.
- Notifications, SMS or email: used to send OTPs, assignment updates, payment alerts, operational notices and support communications, where enabled or permitted.
5. Why We Use Personal Data
We process personal data only for specified, lawful and legitimate purposes, including:
- Creating and managing user accounts.
- Identity, KYC, qualification and professional verification.
- Allocating, managing and completing property site-visit assignments.
- Capturing assignment evidence, GPS verification, timestamps, photographs, measurements and reports.
- Processing payments, wallet balances, settlements, payouts, refunds, deductions, taxes and accounting records.
- Quality control, fraud prevention, risk management, security monitoring and misuse detection.
- Handling cancellations, no-shows, disputes, internal reviews, grievances and customer support.
- Meeting legal, regulatory, audit, tax and compliance obligations.
- Improving platform performance, reliability, analytics, diagnostics and service experience.
6. Legal Basis for Processing
We process personal data based on your consent, performance of our contract with you, compliance with legal obligations and legitimate uses permitted under the DPDP Act and other applicable Indian laws.
7. Data Sharing
We share personal data only where necessary and proportionate for operating the Platform, fulfilling assignments, complying with law or protecting users. We may share data with:
- Platform users: limited assignment-related information shared between engineers, valuers and, where applicable, clients or organizations.
- Operational partners: payment gateways, banks, UPI providers, KYC or verification providers, SMS/email providers, mapping providers, cloud hosting providers, analytics providers and technology vendors.
- Authorities: courts, police, regulators, government agencies, tax authorities or investigating agencies where legally required or necessary for fraud investigation.
- Professional advisers: auditors, legal advisers, accountants and compliance consultants where required for business, legal or regulatory purposes.
Our processors and vendors are required to protect personal data using reasonable confidentiality, security and processing safeguards.
8. No Sale of Personal Data
SPHOTA does not sell personal data and does not trade user information for third-party advertising.
9. Cookies and Analytics
Our website and app may use cookies, session technologies, device identifiers, analytics tools and diagnostic tools to operate the Platform, maintain login sessions, prevent abuse, understand usage and improve service performance. You may disable cookies through your browser settings, but some website features may not work correctly.
10. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Policy, for platform operations, dispute resolution, fraud prevention, KYC, tax, accounting, audit and legal compliance. When data is no longer required, or when a valid erasure request applies and no legal retention requirement exists, we delete or anonymize it.
11. Data Security
We use reasonable technical and organizational safeguards, including access controls, authentication, encryption where applicable, secure cloud infrastructure, monitoring and internal controls appropriate to the sensitivity of the data. No system can guarantee absolute security, but we work to protect personal data against unauthorized access, misuse, alteration, disclosure or loss.
12. Data Breach Response
If a personal-data breach occurs, we will take prompt containment and investigation measures and will notify the Data Protection Board of India and affected Data Principals as required under the DPDP Act, DPDP Rules and applicable law.
13. Your Privacy Rights
Subject to applicable law, you may contact us to exercise the following rights:
- Access a summary of the personal data we process about you and our processing activities.
- Correct, complete or update inaccurate or outdated personal data.
- Request erasure of personal data where it is no longer required and no legal retention obligation applies.
- Withdraw consent at any time, where processing is based on consent.
- Raise a grievance about our processing of your personal data.
- Nominate another individual to exercise your rights in the event of death or incapacity, as permitted by law.
We may need to verify your identity before acting on a request. Withdrawal of consent may affect your ability to use features that require the relevant data, including assignment allocation, KYC verification, GPS verification, payout processing or legal compliance.
14. Account and Data Deletion
You may request account deletion or deletion of eligible personal data by contacting us at info@sphota.in. We will process deletion requests in accordance with applicable law. Some records may be retained where necessary for legal, tax, audit, fraud-prevention, payment, dispute-resolution or regulatory purposes.
15. Children
The Platform is intended only for users who are 18 years of age or older. We do not knowingly collect personal data from children, and we do not undertake tracking, behavioural monitoring or targeted advertising directed at children.
16. Cross-Border Processing
Where operationally necessary, personal data may be processed using cloud infrastructure or service providers located within or outside India, subject to applicable restrictions under Indian data protection law.
17. Third-Party Services
The Platform may integrate with third-party payment gateways, banks, KYC providers, SMS/email services, mapping services, cloud hosting providers and analytics or diagnostics services. These third parties may process data according to their own privacy policies where they act independently.
18. Marketplace Role and Disclaimer
SPHOTA is a technology-enabled marketplace platform. SPHOTA does not itself provide valuation services, issue valuation reports, provide engineering certifications, provide legal opinions, make lending decisions or employ independent engineers or valuers. Professional opinions, site-visit conduct and valuation-related responsibilities remain with the respective users and professionals.
19. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes may be notified through the Platform or by other appropriate means. The updated version takes effect when published, unless stated otherwise.
20. Grievance Officer and Contact
We will acknowledge complaints promptly and aim to resolve them within the period required under applicable law.