Privacy Policy

1. Information We Collect

1.1 Account Information

When you register for Proxvera, we collect your name, email address, phone number, property name, property type, country, timezone, and login credentials. For billing purposes, we collect your business name, address, and tax identification numbers (such as GSTIN).

1.2 Property Data

Data you enter while using the Service, including room configurations, rate plans, reservations, financial records, procurement data, inventory records, menu items, staff information, and all other operational data related to your property.

1.3 Guest Data

Information about your property's guests that you enter into the system, including names, contact details, identity documents, reservation details, billing records, preferences, and feedback. You are the data controller for guest data; we process it on your behalf (see Section 3).

1.4 Usage Analytics

We automatically collect information about how you interact with the Service, including pages visited, features used, session duration, browser type, device information, IP address, and error logs. This data is used solely to improve the platform and diagnose technical issues.

2. How We Use Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, and maintain the Proxvera platform and all its modules
• Billing & Payments: To process subscription payments, generate invoices, and manage your account
• Customer Support: To respond to your enquiries, troubleshoot issues, and provide technical assistance
• Product Improvement: To analyse usage patterns (in aggregate), identify bugs, and improve features
• Communication: To send essential service notifications, billing alerts, security updates, and (with your consent) product announcements
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Security: To detect, prevent, and address fraud, abuse, and security threats

3. Data Processing Role

Under the GDPR and DPDP Act frameworks:

• For your account data: Axveth LLP is the data controller (or "Data Fiduciary" under DPDP Act). We determine how and why your account information is processed.
• For guest data and property operational data: You (the Customer) are the data controller. Axveth LLP acts as a data processor (or "Data Processor" under DPDP Act), processing this data only on your behalf and according to your instructions.

As a data processor for guest data, we will only process such data as necessary to provide the Service and will not use it for any independent purpose.

4. Data Storage & Security

We take the security of your data seriously and implement industry-standard measures:

• Encryption at Rest: All data stored in our databases is encrypted using AES-256 encryption
• Encryption in Transit: All data transmitted between your browser and our servers is protected using TLS 1.2 or higher
• Server Location: Primary data is hosted on India-based servers. Backups may be stored in geographically distributed locations for disaster recovery
• Access Controls: Strict role-based access controls limit who can access production systems
• Password Security: User passwords are hashed using Argon2ID and are never stored in plain text
• Regular Audits: We conduct periodic security reviews and vulnerability assessments

While we implement strong safeguards, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but commit to promptly notifying affected users in the event of a data breach.

5. Data Sharing

We do not sell or rent your data. We share data only in the following limited circumstances:

• Payment Processors: Razorpay and Stripe process your subscription payments. They receive only the billing information necessary to complete transactions.
• Email Service Providers: SendGrid and/or ZeptoMail deliver transactional emails (invoices, booking confirmations, password resets) on our behalf.
• SMS Providers: 2Factor and/or Twilio deliver OTP and notification messages on our behalf.
• Channel Managers & OTAs: If you enable integrations, reservation and availability data is shared with your connected channel manager (e.g., AxisRooms) and online travel agencies as configured by you.
• Legal Requirements: We may disclose data if required by law, court order, or government request.

All third-party service providers are bound by data processing agreements and are required to handle your data in accordance with applicable privacy laws.

6. Third-Party Services

Proxvera integrates with the following third-party services. Each has its own privacy policy:

We encourage you to review the privacy policies of these third-party services.

7. Cookies & Tracking

We use cookies and similar technologies to operate the Service. For full details, please see our Cookie Policy.

In summary, we use essential cookies for session management and security, and may use analytics cookies to understand how the platform is used. We do not use advertising or tracking cookies.

8. Data Retention

We retain your data for as long as your account is active and you maintain an active subscription. Upon termination or cancellation:

• 30-day export window: You have 30 days after termination to export your data
• Active deletion: After the export window, we delete your data from active systems within 90 days
• Backup purge: Residual copies in encrypted backups are purged according to our standard backup rotation schedule (typically within 180 days)
• Legal retention: We may retain certain data longer if required by law (e.g., billing records for tax compliance)

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Correction: Request correction of inaccurate or incomplete personal data
• Right to Deletion: Request erasure of your personal data, subject to legal retention requirements
• Right to Portability: Receive your data in a structured, commonly used, machine-readable format
• Right to Object: Object to processing of your personal data for specific purposes
• Right to Withdraw Consent: Withdraw previously given consent at any time
• Right to Grievance Redressal: Under the DPDP Act, you may raise a grievance with our Data Protection Officer or the Data Protection Board of India

To exercise any of these rights, contact our Data Protection Officer at the address listed in Section 13.

10. Children's Privacy

Proxvera is a business-to-business service intended for use by hospitality professionals. The Service is not directed at individuals under the age of 18, and we do not knowingly collect personal data from minors. If we become aware that we have collected personal data from a person under 18, we will take steps to delete that information promptly.

11. International Data Transfers

Our primary servers are located in India. If you access Proxvera from outside India, your data may be transferred to and processed in India. Where we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or other mechanisms approved under applicable law.

Some third-party service providers (such as Stripe, SendGrid, and Twilio) may process data in jurisdictions outside India. These providers maintain their own data protection certifications and comply with applicable international data transfer regulations.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you by email and update the "Last Updated" date at the top of this page.

We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Data Protection Officer

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a complaint about how we handle your data, please contact our Data Protection Officer: