This Privacy Policy ("Policy") describes how CivicNest ("we", "us", "our", "Company") collects, uses, discloses, processes, retains, secures, and otherwise handles personal information and data when you access, use, and interact with the CivicNest platform, including all websites, mobile applications, APIs, services, and features (collectively, the "Platform"). This Privacy Policy is incorporated into and forms part of the Terms and Conditions. By accessing or using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, processing, use, and disclosure of your information as described herein. If you do not agree with any aspect of this Privacy Policy, you must immediately discontinue your use of the Platform.

1. TYPES OF INFORMATION WE COLLECT. We collect various categories of information from you and about you through multiple methods: (a) Information You Directly Provide: During registration, account creation, profile setup, transaction initiation, complaint submission, or other interactions with the Platform, you may provide personal identifying information including but not limited to your full legal name, email address, phone number (mobile and/or landline), physical residential or commercial address, apartment/unit number, building name, floor details, date of birth, identification document number, photograph, profession, employment status, family member names, emergency contact information, banking details for refunds, UPI identifiers, and any other information you choose to submit. When creating a complaint, submitting feedback, or communicating with administrators or other users, you provide communication content that may include sensitive personal information, grievances, opinions, and details about disputes or concerns. (b) Information Automatically Collected: When you access the Platform through any device, we automatically collect technical information including but not limited to your IP address, device identifier, device type, operating system type and version, browser type and version, Mobile Device Identifier, mobile network information, session identifiers, access timestamps, pages visited, features accessed, duration of visits, clickstream data, search queries, payment processing information (status only), transaction reference identifiers, and device location data if permissions are granted. We use cookies, web beacons, pixels, local storage, session storage, and similar tracking technologies to collect this information and maintain your session. (c) Information from Third Parties: We may receive information about you from society administrators, other users, payment gateways, identity verification services, background check providers, credit verification agencies, data brokers, and other third-party sources. We may combine information from multiple sources to create composite profiles.

2. PURPOSES OF DATA COLLECTION AND USE. We collect and use your information for the following purposes: (a) Platform Operations: To create and manage your account, authenticate your identity, verify your eligibility, process your requests, deliver services, handle technical support, investigate and resolve issues, monitor platform performance, detect and prevent fraud, maintain security, and ensure compliance with our terms and applicable law. (b) Payment Processing: To facilitate payment request creation, presentation, tracking, and reporting. We transmit only necessary information to payment gateways. We receive transaction status and reference identifiers but do not receive, store, or process sensitive financial data. (c) Communication: To send you transactional messages, service announcements, policy updates, security alerts, payment reminders, complaint status updates, visitor pass notifications, administrative communications, and other service-related messages. (d) Analytics and Improvement: To analyze usage patterns, understand user behavior, measure feature popularity, identify technical issues, optimize platform performance, develop new features, conduct A/B testing, generate statistical reports, and improve user experience. (e) Marketing and Engagement: To send promotional content, community updates, announcements, newsletters, feature highlights, and other marketing materials (you may opt-out of marketing communications). (f) Legal Compliance: To comply with legal obligations, respond to lawful requests from authorities, enforce our terms, protect rights and safety, investigate violations, cooperate with law enforcement, and participate in legal proceedings. (g) Risk Management: To assess credit risk, conduct background checks, detect fraudulent activities, implement fraud prevention measures, monitor for unauthorized access, and identify security threats. (h) Aggregated Analytics: To create anonymized, aggregated datasets for statistical analysis, research, benchmarking, and business intelligence that do not identify you personally.

3. INFORMATION WE DO NOT COLLECT OR STORE. CivicNest explicitly does not collect, store, process, or retain: (i) Credit card numbers, debit card numbers, or payment card details of any type; (ii) Digital wallet credentials, passwords, or authentication tokens; (iii) UPI PIN numbers, MPIN codes, or other sensitive payment credentials; (iv) Bank account numbers, routing numbers, IFSC codes, or banking credentials; (v) Sensitive personal information such as Aadhar number, PAN number, SSN, or other government identification numbers (except as required for verification by designated third parties using secure encrypted channels); (vi) Biometric data including fingerprints, iris scans, or facial recognition data (except through official identity verification vendors); (vii) Complete payment history or detailed transaction records beyond transaction status and amounts; (viii) Your passwords or authentication secrets (we use hashing and salting); (ix) Health information, genetic data, or other sensitive categories under data protection law; (x) Information provided by you to society administrators that is intended to remain confidential between you and the administrator.

4. PAYMENT GATEWAY DATA HANDLING. When you initiate a payment through the Platform, your payment information is transmitted directly to our third-party payment gateway providers (including but not limited to PhonePe and other UPI providers). These payment gateways are independent data controllers with their own privacy policies and data protection measures. CivicNest does not intercept, store, process, or have access to the payment data you submit to these gateways. The payment gateway's privacy policy governs how they collect, use, and protect your payment information. You should review the payment gateway's privacy policy and terms before initiating any transaction. The payment gateway is responsible for compliance with PCI-DSS and all applicable financial regulations. CivicNest receives only a transaction confirmation (success or failure) and a transaction reference identifier from the payment gateway. You are responsible for understanding the payment gateway's data practices.

5. DATA SHARING AND DISCLOSURE. We may share your information in the following circumstances: (a) With Service Providers: We share necessary information with third-party vendors and service providers who assist us in platform operation, including cloud hosting providers, email service providers, payment processors, analytics services, identity verification services, customer support platforms, and marketing service providers. These service providers are contractually obligated to maintain data confidentiality and security. (b) Within Your Society: Depending on your role and the society's configuration, limited information (name, email, phone number, residential unit) may be visible to society administrators, other members, and management personnel for communication, billing, and administrative purposes. You can control visibility settings where available. (c) Public Information: Any information you choose to post publicly on the Platform (announcements, community messages, testimonials) may be visible to other users and the public. Do not post sensitive information publicly. (d) Legal Compliance: We may disclose information if required by law, court order, government request, regulatory requirement, or when we believe in good faith that disclosure is necessary to protect rights, privacy, safety, or property, or to prevent fraud. (e) Business Transactions: In the event of merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice of any such change. (f) Aggregated and Anonymized Data: We may share aggregated, de-identified, or anonymized data that does not identify you for research, marketing, analytics, and other business purposes. (g) User Consent: We share information with third parties when you explicitly consent or request such sharing.

6. DATA RETENTION AND DELETION. We retain your personal information for as long as necessary to provide services, fulfill legal obligations, resolve disputes, and enforce our agreements. After account termination, we retain some information (transaction records, audit logs) for legal and financial compliance for a period determined by applicable law and our policies. You may request deletion of your account and associated personal data by contacting us, subject to our legal retention obligations. Even after deletion, some information may be retained in backups, archives, or aggregate form. Certain information cannot be deleted due to legal or regulatory requirements. Payment-related information is typically retained for seven years for tax and financial compliance purposes.

7. DATA SECURITY MEASURES. We implement comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction: (i) Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL protocols (HTTPS). (ii) Encryption at Rest: Sensitive data stored on our servers is encrypted using industry-standard encryption algorithms. (iii) Access Controls: We implement role-based access controls restricting employee access to personal data based on job function. (iv) Authentication: User accounts are protected by passwords, and we encourage two-factor authentication. (v) Firewalls and Intrusion Detection: We use firewalls, intrusion detection systems, and network segmentation to protect against unauthorized network access. (vi) Regular Security Audits: We conduct periodic security assessments, penetration testing, and vulnerability scanning. (vii) Employee Training: Our staff receive data protection and security training. (viii) Incident Response: We have procedures to detect, investigate, and respond to security breaches. However, no security measure is completely foolproof. Despite our efforts, we cannot guarantee absolute security. You are responsible for maintaining confidentiality of your password and reporting suspicious activity.

8. COOKIES AND TRACKING TECHNOLOGIES. We use cookies (small text files stored on your device), web beacons (invisible pixels that track activity), local storage, session storage, and similar tracking technologies for: (i) Authentication and session management; (ii) Remembering preferences and settings; (iii) Analytics and usage measurement; (iv) Advertising and personalization; (v) Fraud detection; (vi) Performance monitoring. You can control cookie settings through your browser, but disabling cookies may impair platform functionality. We may use cookies from third parties for analytics and advertising purposes. Third-party providers may use cookies to serve you targeted advertising across other websites.

9. YOUR RIGHTS AND CHOICES. Depending on your jurisdiction, you may have the following rights: (a) Access: You have the right to request access to your personal data we hold. (b) Correction: You can request correction of inaccurate or incomplete information. (c) Deletion: You can request deletion of your personal data subject to legal retention obligations. (d) Data Portability: You can request your data in a portable, machine-readable format. (e) Opt-Out: You can opt-out of marketing communications at any time by clicking "unsubscribe" in emails or adjusting account settings. (f) Cookie Preferences: You can control cookie settings through your browser. (g) Complaint: If you believe we have violated your data protection rights, you can file a complaint with the appropriate data protection authority. To exercise these rights, contact us at privacy@elencocorporation.com with clear identification and documentation of your request.

10. THIRD-PARTY LINKS AND SERVICES. The Platform may contain links to third-party websites and services. This Privacy Policy applies only to CivicNest. We are not responsible for the privacy practices of third-party websites. You should review their privacy policies before sharing information with them.

11. CHILDREN'S PRIVACY. The Platform is not intended for children under 18 years of age. We do not knowingly collect information from children under 18. If we discover we have collected information from a child under 18, we will delete such information promptly. Parents or guardians who believe their child has provided information to us should contact us immediately.

12. INTERNATIONAL DATA TRANSFERS. Your information may be transferred to, stored in, and processed in countries other than your country of residence, which may have data protection laws different from your country. By using the Platform, you consent to such transfers. We implement appropriate safeguards including standard contractual clauses and data processing agreements.

13. CHANGES TO THIS PRIVACY POLICY. We may update this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on this page with a new "Last Updated" date. Your continued use of the Platform following any updates constitutes your acceptance of the revised Privacy Policy. If we make material changes, we may provide additional notice.

14. CONTACT US. For privacy-related questions, concerns, or to exercise your rights, you may contact us at: CivicNest Privacy Team, Email: privacy@elencocorporation.com, Or through the contact form on our website. We will respond to your request within 30 days or as required by applicable law. Please provide sufficient detail to identify your request and allow us to locate your information.

15. SUPPLEMENTAL DISCLOSURES. California residents have additional privacy rights under CCPA. Virginia residents have rights under VCDPA. EU residents have rights under GDPR. We maintain separate supplemental notices addressing these jurisdictions' specific requirements, available upon request. Indian residents' data is protected under applicable Indian data protection frameworks.

By using CivicNest, you acknowledge that you have read and understood this Privacy Policy, understand the types of information we collect, how we use it, with whom we share it, and your rights regarding your information. This Privacy Policy is binding and constitutes an enforceable agreement between you and CivicNest. If you do not agree with our privacy practices, you must immediately discontinue use of the Platform.