Legal

Privacy Policy

How REOS collects, uses, stores, discloses, and protects personal data. Compliant with the Information Technology Act, 2000, the SPDI Rules, 2011, and the Digital Personal Data Protection Act, 2023.

Effective Date: 17th May 2026
Last Updated: 17th May 2026
Operator: Innodel Technologies Pvt. Ltd.
Registered Address: 202, Sigma Icon, Opp. Medilink Hospital, Nr. Shyamal Cross Road, Satellite, Ahmedabad, Gujarat, India 380015
Privacy Contact: support@reoslabs.in
Support / Grievance Contact: support@reoslabs.in

1. Introduction

REOS ("REOS", "Platform", "we", "our", "us") is a builder-branded, multi-tenant community operating system for residential, commercial, and mixed-use properties, owned and operated by Innodel Technologies Pvt. Ltd., a company incorporated under the Companies Act, 2013, having its registered office at 202, Sigma Icon-1, Opp. Medilink Hospital, Nr. Shyamal Cross Road, Satellite, Ahmedabad, Gujarat, India 380015.

This Privacy Policy ("Policy") explains how we collect, use, store, disclose, protect, transfer, and delete personal data when you ("you", "your", "User") access or use the REOS website, mobile applications, guard station application, builder admin portal, super admin portal, and all related services (collectively, the "Services").

This Policy is published in accordance with:

  • The Information Technology Act, 2000 and rules made thereunder, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;
  • The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021;
  • The Digital Personal Data Protection Act, 2023 ("DPDP Act") and rules notified thereunder, as and when they come into force;
  • The Consumer Protection Act, 2019 and the Consumer Protection (E-Commerce) Rules, 2020, where applicable;
  • Other applicable laws of India.

By accessing or using REOS, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree, you must not use the Services.

2. Scope

This Policy applies to all Users and to all interactions across:

  • The resident mobile application (iOS and Android);
  • The guard station mobile application;
  • The builder admin portal (web);
  • The super admin portal (web);
  • The REOS website (www.reos.co.in and all subdomains);
  • All related forms, notifications, uploads, billing records, support channels, account actions, and integrations.

This Policy does not cover third-party websites, services, or applications linked to or integrated with REOS, which are governed by their own privacy practices.

3. Definitions

For the purposes of this Policy:

  • "Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act.
  • "Sensitive Personal Data or Information" ("SPDI") has the meaning ascribed to it under the SPDI Rules, 2011.
  • "Data Principal" means the individual to whom the Personal Data relates.
  • "Data Fiduciary" means the entity that determines the purpose and means of processing Personal Data. For Personal Data of Users of REOS, Innodel Technologies Pvt. Ltd. acts as a Data Fiduciary or, where instructed by a builder/society, as a Data Processor.
  • "Tenant" means a builder organization, society, or property operator that has subscribed to and operates an instance of REOS.
  • "Processing" means any operation performed on Personal Data, including collection, storage, use, disclosure, transfer, or deletion.

4. Information We Collect

Depending on your role and the features enabled for your Tenant, we may collect the following categories of information:

4.1 Account and Identity Information

Name, mobile number, email address, login credentials (in encrypted/hashed form), unit details, building or society details, role assignments, approval status, and household or family linkage where applicable.

We do not request or store a profile photo at login or account creation.

4.2 Property and Community Information

Flat or unit number, floor, building, society, project, visitor passes, gate entry and exit logs, amenity bookings, notices, events, polls, community posts, comments, RSVPs, and internal property listings.

4.3 Worker and Access-Control Information

Domestic worker details such as name, phone number, worker type, assigned unit(s), access status, and check-in/check-out records.

4.4 Billing and Payment-Related Information

Maintenance bills, REOS subscription invoices, billing status, receipts, and transaction references.

We do not collect or store card details, CVV, PINs, or bank account credentials. We do not request card information inside the mobile application. Where payment functionality is enabled, payment processing occurs outside the application through the payment method or licensed payment service provider configured by the Tenant at that time, and is governed by the privacy practices of that provider.

4.5 Device and Technical Information

Device session data, push notification tokens, IP address, app version, device identifiers and model, operating system version, language and time zone, logs, crash reports, and security or audit logs.

4.6 Content You Upload

Photos, documents, society work updates, help requests, posts, comments, event RSVPs, poll votes, and support communications.

4.7 Support and Safety Information

Reports, complaints, moderation history, deletion requests, grievance redressal records, and security incident records.

4.8 Information We Do Not Collect

We do not knowingly collect biometric data, government-issued identification numbers (such as Aadhaar, PAN, or passport numbers), health data, financial account credentials, or political/religious affiliations, unless explicitly required for a specific Tenant feature and collected with separate consent.

5. How We Use Information

We process Personal Data only for lawful purposes, including to:

  1. Create, verify, and manage accounts;
  2. Authenticate Users and support role-based access;
  3. Approve memberships and household access;
  4. Operate visitor approvals, gate logs, and worker workflows;
  5. Maintain maintenance and subscription billing records;
  6. Send notices, reminders, and push notifications;
  7. Run community features such as posts, comments, events, polls, and listings;
  8. Support builder, committee, concierge, guard, and super admin workflows;
  9. Maintain audit logs and ensure accountability;
  10. Detect, prevent, and respond to abuse, fraud, and unauthorized access;
  11. Provide customer support and respond to grievances;
  12. Comply with applicable laws, regulations, court orders, and lawful requests;
  13. Improve Platform reliability, security, performance, and user experience;
  14. Conduct internal research, analytics, and product development on aggregated and de-identified data.

We do not use Personal Data for automated decision-making that produces legal or similarly significant effects on Users without human review.

We process Personal Data on one or more of the following lawful bases:

  • Consent of the Data Principal, which is free, specific, informed, unconditional, and unambiguous, and is capable of being withdrawn at any time;
  • Performance of a contract to which you are a party, or to take steps prior to entering such contract;
  • Legitimate uses as permitted under the DPDP Act, including provision of services, compliance with legal obligations, and prevention of fraud;
  • Legal obligations under applicable Indian law;
  • Safety, governance, and security of the community and Platform.

Where we rely on consent, you have the right to withdraw it at any time. Withdrawal will not affect the lawfulness of processing carried out before withdrawal and may, in certain cases, result in the discontinuation of the Services.

7. Tenant Isolation and Data Ownership Model

REOS is a multi-tenant Platform. Each Tenant operates its own logical instance. Data from one Tenant is logically separated from all other Tenants and is not shared across Tenants.

For Personal Data collected within a Tenant:

  • Innodel Technologies Pvt. Ltd. acts as a Data Processor to the extent it processes data on the instructions of the Tenant (builder/society) for that Tenant's community operations.
  • The Tenant acts as the Data Fiduciary with respect to its community members and assumes corresponding obligations under applicable law.
  • For Platform-level processing (account creation, security, billing, audit, support), Innodel Technologies Pvt. Ltd. acts as the Data Fiduciary.

When a Tenant discontinues use of REOS or migrates away, we may, subject to security controls, legal retention obligations, and applicable law, provide a reasonable export or handover of Tenant data in a common format.

8. Role-Based Access

Access to information is strictly limited by role and Tenant:

  • Residents may access their own unit-related data and authorized community content;
  • Guards may access gate, visitor, and worker tools required for their duties;
  • Chairman, Secretary, and Committee Members may access governance tools assigned to them;
  • Concierge Staff may access assigned help requests;
  • Builder Admins may access builder-scoped configuration, members, and analytics within their Tenant only;
  • Super Admins may access Platform-level oversight, audit, and support functions.

Cross-Tenant access is technically and contractually prohibited.

9. Sharing of Information

We share Personal Data only when necessary, and only with:

  1. Service providers that help us operate the Platform — such as cloud hosting, SMS/OTP delivery, push notifications, logging, analytics, payment processing, and support tools — under contractual confidentiality and data-protection obligations;
  2. Your Tenant — your builder, society, committee, or authorized property managers, as required for community operations;
  3. Other Users within your unit or community, only where a feature requires it (for example, visitor approvals or committee actions);
  4. Legal, regulatory, or law-enforcement authorities when required by law, court order, or a lawful written request;
  5. Auditors, security reviewers, or professional advisors assisting with compliance, disputes, or safety;
  6. Successors-in-interest in the event of a merger, acquisition, reorganization, or sale of assets, with appropriate notice and safeguards.

We do not sell Personal Data. We do not rent or trade Personal Data for marketing purposes.

10. Photos, Files, and Uploads

REOS may allow Users and guards to upload photos, documents, and other files, including visitor photos and society work images. Uploaded files are access-controlled and delivered only through authorized application routes, with signed URLs and short-lived access tokens where applicable. We apply technical safeguards to reduce unauthorized access, but you remain responsible for the lawfulness and appropriateness of files you upload.

11. Notifications and Communications

We may send the following types of communications:

  • One-Time Passwords (OTPs), login alerts, and security notifications;
  • Visitor approvals, gate-entry alerts, and emergency notifications;
  • Maintenance reminders, REOS invoice reminders, and billing notices;
  • Event reminders, work updates, moderation notices, and support messages;
  • Other service-related communications.

These may be delivered via push notification, SMS, email, or in-app notification. Service and security communications are transactional in nature and may not be opted out of while you maintain an active account.

12. Data Retention

We retain Personal Data only for as long as is necessary for:

  • Operating the Services;
  • Security, audit, and forensic purposes;
  • Legal, tax, accounting, or compliance obligations;
  • Dispute resolution and contractual enforcement;
  • Fraud prevention and investigation;
  • Tenant export or migration where applicable.

Certain categories — such as billing records, audit logs, gate/visitor logs, and security incident logs — may be retained longer than ordinary user-generated content, in line with statutory retention periods (commonly 7–8 years for financial records under Indian law).

13. Security Safeguards

We have implemented administrative, technical, organizational, and physical safeguards that we consider reasonable having regard to the nature of the information we process, including:

  • Role-based access control (RBAC);
  • Multi-tenant logical isolation;
  • Encrypted authenticated sessions and token-based access controls;
  • Encryption of credentials at rest and TLS for data in transit;
  • Audit logging of sensitive actions;
  • Signed and time-bound file access URLs;
  • Restricted admin permissions and principle-of-least-privilege;
  • Backend validation of sensitive actions;
  • Periodic security review and patching of dependencies.

These measures are designed to comply with the standards prescribed under Rule 8 of the SPDI Rules, 2011, including alignment with IS/ISO/IEC 27001 principles, to the extent reasonable for the scale and nature of the Services. No system, however, can guarantee absolute security. You acknowledge that you provide Personal Data at your own risk and remain responsible for safeguarding your credentials.

14. Data Breach Notification

In the event of a Personal Data breach that is likely to result in risk to Data Principals, we will notify the affected Users and the Data Protection Board of India (or such other authority as may be designated under the DPDP Act) within the timelines and in the manner prescribed by applicable law.

15. Your Rights as a Data Principal

Subject to applicable law, you have the right to:

  1. Access the Personal Data we hold about you;
  2. Correct, complete, or update inaccurate or outdated Personal Data;
  3. Erase Personal Data where permitted by law;
  4. Withdraw consent for processing based on consent (without affecting prior lawful processing);
  5. Nominate another individual to exercise your rights in the event of death or incapacity, where supported by law;
  6. Grievance redressal through the Grievance Officer designated below;
  7. Request portability of your data, where technically feasible.

To exercise any of these rights, write to support@reoslabs.in. We may need to verify your identity before acting on a request. We will respond within the timelines prescribed by applicable law (and in any event within 30 days, unless a longer period is reasonably required and notified to you).

16. Account Deletion

You may request account deletion through the in-app "Delete Account" option or by contacting support@reoslabs.in. Upon verification, we will delete or anonymize your Personal Data, except for information we are required to retain for legal, audit, accounting, security, or fraud-prevention obligations, or that is necessary to defend legal claims.

Deletion of your individual account does not delete community-level records (such as audit logs, gate logs, billing records, or content posted in shared community spaces), which may be retained as part of the Tenant's records.

17. Children's Data

REOS is not directed to children. Services are intended for community members acting through authorized adults and property workflows. Where household or family access involves a minor, it must be created and managed by an authorized parent or guardian, and only where lawful. We do not knowingly collect Personal Data of children below 18 years of age without verifiable parental consent, as required under the DPDP Act. If you believe a child has provided Personal Data without consent, please contact info@reoslabs.in for prompt removal.

18. Cross-Border Data Transfers

REOS primarily processes and stores Personal Data on servers located in India. To the extent any Personal Data is transferred outside India (for example, for hosting, support, analytics, or messaging services), such transfer will be made only:

  • To countries that are not restricted by the Central Government under the DPDP Act; and
  • Subject to appropriate contractual safeguards with the recipient, including confidentiality and data-protection obligations.

19. Third-Party Services

We may use third-party service providers for OTP delivery, push notifications, cloud storage, hosting, analytics, support, payment processing, and similar functions. These providers process information only to the extent needed to deliver their service and are bound by confidentiality and data-protection obligations. Their independent privacy policies apply to information they collect directly from you.

20. Cookies and Similar Technologies

Our website and admin portals may use cookies, local storage, and similar technologies to authenticate sessions, remember preferences, and analyze usage. You may control cookies through your browser settings, but disabling certain cookies may affect Platform functionality. We do not use cookies for cross-site advertising tracking.

21. Grievance Officer

In accordance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the DPDP Act, 2023, the contact details of our Grievance Officer are:

Grievance Officer
Innodel Technologies Pvt. Ltd.
202, Sigma Icon-1, Opp. Medilink Hospital,
Nr. Shyamal Cross Road, Satellite,
Ahmedabad, Gujarat, India 380015
Email: support@reoslabs.in

The Grievance Officer will acknowledge complaints within 24 hours and resolve them within 15 days from the date of receipt, in accordance with applicable law.

22. Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you through the Platform or by email. The "Last Updated" date at the top will reflect the latest revision. Your continued use of the Services after such changes constitutes acceptance of the revised Policy.

23. Contact

For privacy questions, requests, complaints, or grievance redressal:

Innodel Technologies Pvt. Ltd.
202, Sigma Icon-1, Opp. Medilink Hospital,
Nr. Shyamal Cross Road, Satellite,
Ahmedabad, Gujarat, India 380015
Email: info@reoslabs.in