Privacy Policy

Haviva is an AI-powered property management platform developed and operated by Haviva, an MSME-registered business in Tamil Nadu, India. The platform is accessible via the Haviva mobile application (Android and iOS) and the website at www.haviva.net.

Haviva connects property owners and tenants on a single, secure platform — enabling rent management, tenant verification, document storage, AI-assisted communication, and community management.

This Privacy Policy applies to:

• All users of the Haviva mobile application (Android & iOS)
• All visitors to www.haviva.net
• All persons who interact with Haviva's services in any capacity

Haviva's services are intended solely for users located in India. By using the App or website, you confirm that you are accessing Haviva from within India and that you consent to the practices described in this Policy.

This Policy complies with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and applicable Google Play Developer Program Policies.

Haviva operates with two distinct user roles, each with different data access and responsibilities:

• Property Owners: Register independently, subject to admin approval. Can create and manage tenant profiles, properties, charges, and communications.
• Tenants: Accounts are created by Owners. Tenants receive login credentials by email and must update their password on first login. Tenants can view charges, pay rent, submit documents, and interact with the AI-powered community features.

We collect only the minimum data necessary to provide our services. The following table outlines the categories of personal data collected:

Data is collected through the following mechanisms only:

• Direct Input: Information you or your Owner provide when creating or updating your account.
• Document Upload: ID documents and agreements uploaded voluntarily by users via the in-app document feature. These are scanned using our FCS (Full Content Scan) AI engine for verification purposes.
• Payment Actions: Rent payment activity recorded when tenants make payments via Cashfree. We do not receive or store raw card or UPI details — Cashfree processes payments on their PCI-DSS compliant infrastructure.
• In-App Communications: Messages sent between Owners and Tenants via the in-app email feature, delivered via Mailgun to the recipient's registered email address.
• AI Chatbot Interactions: Queries submitted to the AI chatbot are processed to generate responses. Queries are not stored or used for any purpose beyond generating your answer.

All data collected by Haviva is used exclusively for the following purposes. We do not use your data for advertising, profiling, or any purpose not listed below:

• Platform functionality: Account management, authentication, and core app features
• Property management: Enabling rent tracking, charge management, document storage, and owner-tenant communication
• Identity verification: Processing uploaded ID documents through FCS and TesseractOCR to verify tenant identity
• AI-powered features: Providing chatbot answers via RAG (Retrieval-Augmented Generation) against your tenancy documents; enabling semantic document search via Vector Database
• Payment processing: Facilitating rent payments via Cashfree and tracking payment records
• Push notifications: Sending in-app and system notifications related to your account (e.g., payment reminders, service request updates)
• Legal compliance: Responding to lawful requests from Indian government authorities or courts

Haviva does not share, sell, or rent your personal data to third parties. The only limited exceptions are:

• Within the Platform (Owner–Tenant): Owners may see tenant names, unit numbers, contact details, and documents for the properties they manage. Tenants in the same community may see the name and unit number of their neighbors only.
• Payment Processor (Cashfree): Payment transactions are handled by Cashfree Payments India Pvt. Ltd. Cashfree receives only the data necessary to process a transaction. Their privacy policy governs their data use.
• Email Delivery (Mailgun via Cloudflare): Outbound emails (tenant invitations, owner–tenant messages) are delivered via Mailgun. Only the recipient email address and message content are transmitted.
• Legal & Regulatory Authorities: If required by Indian law, court order, or lawful authority, we may disclose user data to the extent legally mandated.
• Business Transfer: In the event of a merger, acquisition, or transfer of Haviva's business, user data may be transferred as part of that transaction. You will be notified in advance.

We retain your personal data only for as long as your account is active or as required to provide you our services.

• Active Accounts: Data is retained for the duration of your account.
• Account Deletion: Upon deletion request, all personal data is permanently deleted immediately in this sequence: Emergency contacts → Private details → Vehicle details → Service requests → Rewards records → Transaction records → Account settings → Activity logs → Tenant details → User record.
• Tenant Removal by Owner: When an Owner removes a Tenant, the Tenant's personal profile data will not be retained and notification will be sent to the Owner.
• AI Chatbot Queries: Not retained after the response is generated.
• Rent Payment Screenshots: Deleted immediately after UTR verification.

To request account deletion, use the in-app option (More > Account Settings > Delete Account) or contact us at [email protected]. Full details at haviva.net/delete-account.html.

In the event of a personal data breach that poses a risk to individuals, Haviva will:

• Notify all affected users within 72 hours of becoming aware of the breach, detailing the nature of the breach, data affected, and remedial action taken.
• Notify the Data Protection Board of India within 72 hours as required by the DPDPA 2023.
• Maintain an internal breach register for compliance and audit purposes.
• Take immediate remedial action to contain the breach and prevent further unauthorized access.

Haviva uses device biometric authentication (fingerprint or face recognition) as a security gate on every app launch, implemented via expo-local-authentication.

• Biometric data is processed entirely on your device within the device's secure hardware enclave (HSM).
• Biometric data is never transmitted to Haviva servers, never stored in our database, and never shared with any third party under any circumstances.
• If no biometrics are enrolled on your device, the gate is skipped gracefully and the login screen is displayed.
• Device passcode may be used as a fallback where permitted by the operating system.

Haviva implements multiple layers of security to protect your personal data at rest and in transit. Our encryption architecture is implemented in the backend using Java Spring Boot with dedicated encryption utilities:

Haviva's services are intended solely for users aged 18 years and above. We do not knowingly collect personal data from minors. If you are under 18, you must not use the Haviva application.

If we become aware that a user under the age of 18 has provided personal data, we will take immediate steps to delete that data and terminate the account. If you believe a minor has registered on Haviva, please contact us at [email protected].

Haviva displays property addresses on maps within the application using the device's native iOS or Android map application. Important clarifications:

• Haviva does not request or access your device's real-time GPS or location permissions.
• Property addresses entered by Owners are stored as text in our database — not as GPS coordinates.
• When a map is opened, the address is passed to your device's native map application (Apple Maps or Google Maps). Their respective privacy policies apply to that interaction.
• No location data is transmitted to or stored on Haviva's servers.

The Haviva mobile application does not use cookies, web beacons, pixel trackers, device fingerprinting, or any similar tracking technologies.

The Haviva website (www.haviva.net) is a static informational site deployed on Cloudflare Pages. Cloudflare may collect basic anonymized access logs as part of their infrastructure security services. Haviva itself does not set any cookies or tracking scripts on the website.

Under the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Indian law, you have the following rights with respect to your personal data:

• Right to Access: You may request a summary of the personal data we hold about you.
• Right to Correction: You may update or correct your personal data at any time through your in-app account settings.
• Right to Deletion / Erasure: You may request permanent deletion of your account and associated personal data.
• Right to Withdraw Consent: You may withdraw consent for non-essential data processing at any time. This will not affect the lawfulness of processing before withdrawal.
• Right to Grievance Redressal: You have the right to file a complaint with us or with the Data Protection Board of India if you believe your data rights have been violated.
• Notification Opt-Out: Push notifications can be disabled at any time through your device's notification settings or within the app.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Haviva integrates with the following third-party services. Each service operates under its own privacy policy:

Haviva's primary server infrastructure is located in Germany. By using Haviva, you consent to your personal data being transferred to and processed on servers located in Germany. We have implemented appropriate safeguards (AES-256 encryption, TLS in transit, access controls) to ensure your data remains protected in accordance with Indian data protection standards.

Haviva's app is developed for and targeted solely at users in India. No data is transferred for any purpose to countries outside of what is described in Section 16 above.

Haviva may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make changes:

• The updated policy will be posted at www.haviva.net/privacy.html with a revised Effective Date
• For material changes, we will notify users via an in-app notification or email
• Continued use of the app after the effective date constitutes acceptance of the updated policy
• The current policy version is always displayed within the Haviva app under the Privacy Policy section

For any privacy concerns, data access requests, deletion requests, or grievances, please contact the Haviva Privacy Team:

If you are not satisfied with our response, you have the right to approach the Data Protection Board of India once it is formally constituted under the DPDPA 2023.