FACILITI Privacy Policy

Protecting Your Privacy with Privacy-First Technology

Version 1.1.1 Effective: 1 August 2025
Quick Navigation

1. Who We Are

FACILITI is operated by De Nada Tecnologia Private Limited, having its registered office at 44, 2nd Floor, Regal Building, Connaught Place, New Delhi 110001. We provide a privacy-first facility operating system used by residential societies, campuses and enterprises to manage verified access, security operations, asset records and related services. FACILITI interoperates with the quickprism® identity layer for DigiLocker-based verification.

2. Scope

This Policy explains how we handle personal data on the FACILITI admin dashboard and mobile applications, our public website, and our support channels.

3. Roles Under Law

For each site that deploys FACILITI, the site operator (client) determines why and how personal data is processed and acts as the data fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP). FACILITI acts as a data processor/service provider and processes data on the client's documented instructions. For our corporate website, account, billing and vendor management, FACILITI is the data fiduciary/controller.

4. What We Collect

Visitors and Guests

  • quickprism® alias or quickID (pseudonymous identifier)
  • Verification event status (e.g., DigiLocker verified)
  • Visit metadata such as timestamp, site or branch, pass type, and event outcome
  • Device and network metadata (strictly for security and fraud prevention)

Residents or Members (if enabled by the client)

  • Basic account profile provided by the client
  • Access permissions
  • Visit history

Security Staff and Supervisors

  • Work account identifiers
  • Attendance or roster events
  • Checkpoint scans
  • Incident actions and acknowledgements

Client Administrators

  • Name
  • Business contact details
  • Role and permissions
  • Activity audit trails

Support and Billing

  • Support tickets
  • Call, chat or email records
  • Plan and invoice data

5. Website Telemetry

Privacy-First Approach: We do not run marketing cookies or trackers.

On the dashboard, essential security cookies are used to verify that an authorized user is accessing the dashboard.

6. Important Design Choice

Privacy by Design: When quickprism is used, identity proofing occurs on the user's device or within Quickprism.
  • FACILITI does not receive raw Aadhaar, PAN or similar identity documents.
  • FACILITI receives an alias or verification result, along with event metadata, which is needed for security operations.
  • Entities using FACILITI do not receive the user's private data for non-security purposes.

7. Why We Process Data

Verified Access

To provide verified access, pass issuance and accurate entry or exit logs.

Security Operations

To operate security alerts, blocklist checks and incident workflows.

Operational Analytics

To present operational dashboards, analytics and audit reports required by clients or law.

Support & Improvement

To provide support, troubleshooting, safety monitoring and service improvement.

Legal Compliance

To comply with legal obligations and enforce terms.

9. Data Minimisation and Retention

By default, no raw personal identity data is stored on FACILITI servers.

Access to personal data is secured using the quickID protocol.

The following data remains available to the client within its FACILITI account for as long as the client uses FACILITI services:

  • Visit logs
  • Incident records
  • Audit trails
  • Support records
  • Billing data

When a client ceases using FACILITI, access to the account is revoked, and associated data is either deleted or irreversibly anonymised by termination processes and applicable legal obligations.

10. Sharing and Sub-processors

Personal data is not sold.

Data is shared only with:

  • The client and its authorised personnel to operate their sites.
  • Sub-processors bound by confidentiality and data-processing terms, used for hosting, security, and service delivery.
  • Authorities, when required by law or to protect rights, security, and safety.

11. Current Sub-processors and Regions

Amazon Web Services

AWS India regions

Microsoft Azure

Microsoft Azure India regions

Private Servers

De Nada Tecnologia's private servers are located in India

12. Hosting and Storage Location

Amazon's AWS and Microsoft's Azure are used to process data on servers physically located within the jurisdiction of the Republic of India. De Nada Tecnologia's private servers, used for specific transactions, are also located in India.

13. International Transfers

No cross-border data transfers are performed.

14. Security

Encryption

Encryption in transit and at rest, key management, and access segregation.

Access Control

Role-based access control and least-privilege by default.

Monitoring

Continuous logging, anomaly detection, and incident response runbooks.

Assessments

Regular vulnerability management and independent assessments by CERT-In empanelled auditors.

Audit Cycles

VAPT 2025 and SAR 2025 audit cycles.

15. Your Rights

Data principals can request access, correction, updating, erasure, grievance redressal, and nomination as per applicable law. The client handles some requests as the data fiduciary and responses are provided within statutory timelines, or within 30 days if no specific timeline is prescribed.

16. Client Responsibilities

The client's role as the data fiduciary for sites using FACILITI services includes:

  • (a) Providing appropriate notices and consents to data principals.
  • (b) Determining lawful bases and retention policies.
  • (c) Configuring role-based access.
  • (d) Responding to data principal requests and instructing FACILITI as needed.
  • (e) Ensuring accuracy, security, and minimisation of any data the client inputs into the services.

17. Contact Path

Data principals (visitors, residents, personnel) should first contact the relevant site operator (data fiduciary).

For issues concerning the FACILITI platform or unresolved requests:

Note: Client administrators should use their assigned customer success channel for priority support.

18. Children

FACILITI is intended for managed premises. If children's data is involved (e.g., school campuses), clients are responsible for obtaining required consents and notices. FACILITI processes such data only on the client's instructions.

19. Grievance Officer or Data Protection Officer

Name: Ms. Pooja Sharma

Email: [email protected]

Phone: (+91) 8851113045

20. Changes to This Policy

This policy may be updated to reflect changes in law, technology, or business practices. The effective date and version will be revised, and any material changes will be communicated on the company's website or via the admin console.

21. Contact

Company: De Nada Tecnologia Private Limited

Address: 44, 2nd Floor, Regal Building, Connaught Place, New Delhi 110001

Emails: [email protected] | [email protected] | [email protected]