SmartSoochi Privacy Policy

Effective Date: 01 January 2020

Last Updated: 22 February 2026

This Privacy Policy explains how SmartSoochi, a unit of Smart 24×7 Response Private Limited (“SmartSoochi,” “we,” “our,” or “us”), collects, uses, stores, shares, and protects your information when you use our web and mobile platforms, APIs, and associated services (collectively, the “Platform”).

SmartSoochi respects your privacy and is committed to ensuring transparency, accountability, and compliance with data protection laws.

1. Purpose and Scope

1.1 This Policy applies to all users, organizations, partners, and visitors who interact with the SmartSoochi Platform or website.

1.2 The purpose of this Policy is to outline:

  • What data we collect and why.

  • How we process and store that data.

  • Your rights regarding your personal information.

  • How to contact us for privacy-related queries.

    1.3 This Policy complies with applicable Indian data protection laws (Information Technology Act 2000 and SPDI Rules 2011) and aligns with principles under the EU General Data Protection Regulation (GDPR).

2. Data We Collect

SmartSoochi collects both Personal Data and Operational Data required to provide its digital checklist, task, and workforce management services.

2.1 Personal Data We may collect the following personal details from users:

  • Full name, email address, and phone number.

  • User ID, organization name, and role.

  • Biometric (Face) Data: Our application captures a facial image of employees during registration and attendance marking. From this image, the system generates a mathematical representation of the face (face embedding/template) used solely for identity verification. We store only the facial embedding; raw facial images are not permanently stored after processing.

  • Device information, IP address, and login timestamps.

  • Location data (via GPS or geofencing, where authorized).

2.2 Operational and Organizational Data Collected to enable workflow and compliance automation:

  • Checklists, audit logs, inspection results, and attachments (images, videos, documents).

  • Comments, task completion evidence, and ratings.

  • Time, date, and GPS-stamped event data.

2.3 Automatically Collected Data Our systems may automatically log browser type, operating system, device identifiers, app usage metrics, and crash logs to optimize performance.

3. Purpose of Data Processing

SmartSoochi uses collected data strictly for legitimate business and service purposes.

3.1 Biometric (Face) Data Use Face data is collected and used strictly for:

  • Employee identity verification.

  • Attendance recording.

  • Prevention of proxy or fraudulent attendance.

  • Prohibition: Face data is not used for advertising, marketing, profiling, surveillance, or any unrelated analytics.

3.2 General Service Delivery To create accounts, authenticate users, and manage checklists, workflows, and dashboards.

3.3 Performance Monitoring & AI Validation To track task completion, verify photo/video submissions, detect anomalies, and prevent fraud.

3.4 Legal Compliance To ensure audit trails and fulfill statutory or regulatory obligations.

4. Consent and Lawful Basis

4.1 By registering or using the Platform, you consent to the collection and processing of your data in accordance with this Policy.

4.2 For sensitive data such as biometrics or location, SmartSoochi seeks explicit consent during onboarding.

4.3 Users may withdraw consent at any time by emailing privacy@smartsoochi.com. However, withdrawal may restrict functionality or lead to account deactivation.

5. Data Security Measures

SmartSoochi adopts a defense-in-depth approach to safeguard all information.

5.1 Biometric Security Facial embeddings are securely stored on our protected servers using industry-standard encryption (AES-256) and strict access controls.

5.2 Infrastructure & Encryption

  • AES-256 encryption for data at rest; TLS 1.3 for data in transit.

  • Cloud hosting on AWS/Azure with Virtual Private Clouds (VPCs).

  • Regular vulnerability assessments and penetration testing (VAPT).

  • Multi-Factor Authentication (MFA) and Role-Based Access Control (RBAC).

6. Data Retention and Deletion

6.1 SmartSoochi retains data only for as long as necessary to provide services or comply with legal obligations.

6.2 Biometric Retention & Deletion Face data is retained only for as long as necessary to provide attendance functionality and while the employee remains active in the organization’s system. Facial embeddings are permanently deleted when:

  • The employee record is deleted.

  • The organization requests removal.

  • The service relationship ends.

6.3 General Retention The default data retention period is 90 days post-subscription termination. Backup data may be stored for an additional 30 days for disaster recovery. Upon contract expiration, data is securely deleted using cryptographic erasure methods.

7. Sharing and Disclosure

7.1 Third-Party Sharing (Biometrics) We do not sell, rent, or share face data with any third parties. Face data is processed and stored only within our controlled server infrastructure for employee attendance verification purposes.

7.2 General Disclosures We may share non-biometric data only with authorized personnel of the subscribing organization, cloud service providers under strict data processing agreements, or to comply with court orders.

8. User Rights

Depending on your jurisdiction, you may have the following rights:

  • Right to Access & Correction: Obtain a copy of your data or rectify inaccurate info.

  • Right to Erasure: Request deletion of personal data where legally permissible.

  • Right to Data Portability: Receive a machine-readable copy of your data. Requests can be submitted to privacy@smartsoochi.com.

9. Contact and Grievance Redressal

For questions, concerns, or to exercise your rights, please contact:

Data Protection Officer (DPO) SmartSoochi Technologies Private Limited

New Delhi, India

Email: security@smartsoochi.com

Grievance Officer: Complaints will be acknowledged within 24 hours and resolved within 15 working days as per Indian IT Rules.

10. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of India. All disputes are subject to the exclusive jurisdiction of the courts of New Delhi, India.

Your Consent: By using SmartSoochi, you consent to the collection and processing of your information as described in this Privacy Policy.