Legal & Compliance

Privacy
Policy

Effective Date: March 5, 2026

How Smartvisit.in collects, protects, and manages personal data through our Hotel Visitor Management System.

Read Policy

This Privacy Policy describes how Smartvisit.in ("Company", "we", "our", "us") collects, uses, stores, and protects personal data through the Hotel Visitor Management System ("Service"). By using our Service, hotels ("Clients") agree to the terms outlined in this Privacy Policy.

Contents

1 Scope of This Policy 2 Data We Collect 3 Purpose of Data Collection 4 Data Ownership 5 Data Storage & Security 6 Data Retention Policy 7 Data Sharing 8 Visitor Rights 9 Hotel Responsibilities 10 Liability, Legal Rights & Remedies 11 Additional Provisions

1 Scope of This Policy

This Privacy Policy applies to:

  • Hotels using our dashboard and visitor management system.
  • Visitors who submit their information through the QR-based check-in system.

2 Data We Collect

Through the visitor check-in system, the following information may be collected:

  • Visitor full name
  • Contact number
  • Selfie photograph
  • Guest name (person being visited)
  • Room number
  • Purpose of visit
  • Check-in and check-out time & duration
  • Device/browser metadata (for security logging)

We collect only the information necessary for security, compliance, and record-keeping purposes.

3 Purpose of Data Collection

Collected data is used strictly for:

  • Hotel security management and preventing unauthorized access.
  • Visitor tracking and monitoring.
  • Legal compliance and law enforcement assistance.
  • Internal record keeping and generating visitor reports (including police/export formats).

Note: We absolutely do not use visitor data for marketing purposes.

4 Data Ownership

All visitor data belongs solely to the respective hotel using the Service. We act only as a Data Processor, and the hotel acts as the Data Controller under applicable Indian data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act). We process data strictly as instructed by the hotel.

5 Data Storage & Security

We implement reasonable technical and organizational security measures, including:

  • SSL encryption (HTTPS) during data transmission.
  • Access-controlled dashboards and Password-protected administrative access.
  • Secure server-side database storage with restricted credentials.
  • Audit logging for administrative access and periodic backups.

While we take reasonable security measures, no digital system can guarantee 100% security.

6 Data Retention Policy

Visitor data is retained for a configurable period determined by the hotel. The default retention period is 90 days. After the retention period expires, data may be automatically deleted or archived as per hotel configuration.

7 Data Sharing

We do not sell, rent, or trade visitor data. Visitor data may only be disclosed:

  • To the respective hotel.
  • When required by law.
  • In response to lawful government or law enforcement requests.

8 Visitor Rights

Visitors may request access to their stored information, correction of inaccurate information, or deletion of their data (subject to legal retention requirements). Such requests must be made directly to the hotel where the visit occurred.

9 Hotel Responsibilities

Hotels are responsible for:

  • Informing visitors that their data is being collected and displaying appropriate consent notices at reception.
  • Using the system lawfully and maintaining secure access credentials.
  • Ensuring compliance with local legal requirements.

10 Liability, Legal Rights & Remedies

The Company implements reasonable industry-standard security practices to protect personal data. However, no digital system can guarantee absolute security. The Company shall not be held liable for:

  • Misuse of data by hotel staff.
  • Weak passwords, credential sharing, or unauthorized access caused by hotel negligence.
  • Improper device handling at the hotel premises.
  • Security incidents originating from third-party hosting providers beyond our direct control.
  • Force majeure events (including cyberattacks beyond reasonable defensive capacity).

If a hotel provides verifiable and documented evidence that a data breach occurred solely due to proven negligence, willful misconduct, or failure to implement reasonable security safeguards by the Company, the hotel reserves the right to pursue legal remedies in accordance with applicable Indian laws.

In such cases, unless otherwise agreed through a separate written service agreement, the Company's total liability shall be limited to the subscription fees paid by the hotel in the preceding three (3) months. Nothing in this policy restricts statutory rights available under applicable law.

11 Additional Provisions

Data Breach Notification: In the event of a confirmed data breach affecting stored personal data, we will notify the affected hotel within a reasonable time and assist in required legal notifications if applicable.

Third-Party Hosting: The Service may use third-party hosting infrastructure. We ensure reasonable security standards are maintained by such providers.

Changes to This Policy: We reserve the right to update this Privacy Policy at any time. Updated versions will be posted on our website with a revised effective date.

Contact Information

For privacy-related inquiries, please reach out to us.

support@smartvisit.in Chennai, Tamil Nadu, India
Back to top