VERISPACE PRIVACY POLICY
INTRODUCTION
This Privacy Policy (“Policy”) governs the manner in which Verispace Technologies Pvt. Ltd. (hereinafter referred to as “Verispace”, “We”, “Us”, or “Our”) collects, uses, stores, shares, discloses, processes, and protects Personal Information and Sensitive Personal Data or Information (SPDI) of: – Users/Admins (individual customers registering on the Platform), and
– Rental Business Owners (individuals or legal entities offering goods/services on rent through the Platform),
collectively referred to as “You” or “Data Subjects”.
This Policy is formulated in accordance with the provisions of the Information Technology Act, 2000, read with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and takes into account global best practices of data protection. This Policy may also be updated to reflect requirements under India’s Digital Personal Data Protection Act, 2023 (DPDP Act), once in force.
By accessing, using, registering with, or interacting on the Verispace platform (“Platform”), You consent to the collection, use, and disclosure of Your information in accordance with this Policy. If You disagree with the terms of this Policy, You should not use or access the Platform.
This Policy is to be read together with the Verispace Terms and Conditions applicable to Your role (User or Rental Business Owner), and is incorporated therein by reference.
DEFINITIONS AND SCOPE
For this Privacy Policy, the following terms shall have the meanings ascribed to them below, unless the context otherwise requires:
“Personal Information” means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available, is capable of identifying such person. This may include, but is not limited to, name, contact number, email address, government-issued identification number, residential address, occupation, and other profile details submitted at the time of registration or while using the Platform.
“Sensitive Personal Data or Information (SPDI)” includes, without limitation, passwords, financial information (such as bank account or payment details), biometric data, official identifiers (such as Aadhaar, PAN, Passport numbers), health or sexual orientation information (if voluntarily submitted), and any other data classified as sensitive under applicable law.
“Rental Business Owner” means any individual, firm, or legal entity operating a rental service that is registered on the Verispace Platform to evaluate Users, upload rent agreements, and interact with potential customers.
“User” or “Admin” means any natural person who registers on the Verispace Platform to seek, access, or engage in rental services offered by a Rental Business, and whose profile may be subject to verification, referral, scoring, or blacklisting by participating Rental Businesses.
“Processing” shall mean and include any operation or set of operations performed on Personal Information, whether by automated means or otherwise, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.
“Applicable Law” means all laws, statutes, regulations, ordinances, and rules that apply to the collection, use, processing, or protection of Personal Information, including but not limited to the Information Technology Act, 2000, the IT Rules, 2011, and the DPDP Act, 2023 (once notified and enforced).
This Policy applies to all Personal Information and SPDI: – collected by Verispace through the Platform, APIs, online forms, referrals, rent agreements, verification tools, or customer service channels; – submitted voluntarily by You in the course of using any Verispace service; – generated by Your interactions with Rental Businesses, including verification status, reviews, scoring, blacklisting, and communication history.
This Policy does not apply to any data collected by Rental Business Owners outside the Verispace Platform, nor to any offline transactions independently conducted between You and a Rental Business. In such cases, the privacy policies or terms of such businesses shall apply exclusively.
CATEGORIES OF DATA COLLECTED
Verispace collects a range of Personal Information and Sensitive Personal Data or Information (SPDI) from Users and Rental Business Owners to provide a secure and functional rental ecosystem. The type and scope of data collected may vary based on Your role on the Platform (User or Rental Business) and the services accessed by You.
For Users/Admins, Verispace may collect the following categories of information:
– Identity Data: Full name, date of birth, gender, photograph, Aadhaar number, PAN, Passport number, Driver’s Licence, and other government-issued identity documents; – Contact Information: Mobile number, email address, residential address; – Occupational Details: Name of employer, professional ID, designation, employment verification, and industry; – KYC and Verification Data: Face match data, geolocation-based address verification, video KYC inputs, and third-party API responses; – Platform Usage Data: Login history, devices used, referral history, review history, agreement activity, blacklisting status; – Referral and Reputation Metrics: Details of referral requests made or received, referral relationships (visible only to Verispace), and Premium status eligibility; – Rent Agreement Records: Digitally executed agreements, IP address logs, digital signature trails (if applicable).
For Rental Business Owners, Verispace may collect:
– Business Identity Information: Legal name of the business, nature of entity (individual/proprietorship/LLP/company), GSTIN (if applicable), registration documents, professional license or certifications; – Contact and Location Details: Official address, website URL, business contact number, business email, and social media profile links; – Authorized Representative Information: Name, mobile number, email ID, photo ID proof of the person operating the account on behalf of the business; – Operational and Engagement Data: List of Users registered through the business link, rent agreements created or executed, blacklisting actions taken, upgrade decisions, documents requested from Users, and internal reviews submitted; – Newsletter Contributions: Any incident reports, flags, or misconduct entries submitted to the Verispace internal alert system.
Automatically Collected Data for All Users:
– Device and Technical Information: IP address, device ID, browser type, operating system, time zone, and device geolocation (when enabled); – Cookies and Tracking Data: Platform usage metrics, session duration, navigation patterns, and clickstream data may be collected via cookies or analytics tools for security, feature optimisation, and user experience enhancements.
Verispace does not intentionally collect any financial information, such as bank account details or payment credentials, from Users unless such data becomes necessary in the future for subscription services or fee-based features, in which case explicit consent will be sought.
All data is collected either directly from You or through Your interaction with Verispace APIs, referral processes, or authorised Rental Business actions on the Platform.
LEGAL BASIS FOR COLLECTION AND USE OF DATA
Verispace collects and processes Personal Information and Sensitive Personal Data or Information (SPDI) only where there exists a lawful basis under applicable Indian data protection laws, including but not limited to the Information Technology Act, 2000, and (upon enforcement) the Digital Personal Data Protection Act, 2023. The legal grounds for such collection and processing may include one or more of the following:
Consent:
Your explicit, informed, and voluntary consent is the primary legal basis for the collection and processing of Your Personal Information and SPDI. Consent is obtained at the time of registration, document upload, referral requests, rent agreement execution, or other defined stages within the Platform. You have the right to withdraw Your consent at any time by submitting a written request, subject to Clause 9 of this Policy.
Contractual Necessity
Processing of specific data is necessary to perform the contractual obligations between You and Verispace or between You and other users of the Platform. This includes verifying identities, onboarding Users, enforcing rental agreements, and enabling the functionality of core Platform features.
Compliance with Legal Obligations:
We may collect or disclose Your information to comply with legal obligations under applicable laws, including Know Your Customer (KYC) obligations, cooperation with law enforcement, regulatory inquiries, judicial orders, and mandatory disclosures under Indian statutes or rules.
Legitimate Interests
We may process Your data where such processing is necessary for the legitimate business interests of Verispace or its Users, provided such interests do not override Your fundamental privacy rights. Legitimate interests include fraud detection, Platform security, improving service functionality, internal analytics, record retention for blacklisted individuals, and preventing abuse of referral privileges.
Public Interest or Legal Claims (where applicable):
Where required to safeguard the public interest or to defend legal claims arising out of rental defaults, blacklisting decisions, or user disputes, Verispace may retain or use certain Personal Information, especially where the data is linked to misconduct or risk-flagging mechanisms.
In all cases, Verispace ensures that data is collected for specific, explicit, and lawful purposes, and not further processed in a manner incompatible with such purposes unless required under law or with renewed consent.
PURPOSE OF DATA COLLECTION AND USE
Verispace collects, stores, and processes Personal Information and Sensitive Personal Data or Information (SPDI) for lawful and specific purposes that are directly aligned with the operation of its digital rental assessment and management platform. These purposes are communicated to You at the time of data collection and include, without limitation, the following:
Account Registration and Identity Verification:
To create and manage User and Rental Business accounts, verify identities using government-issued documentation, complete KYC procedures, and validate uploaded documents through API integrations or manual verification.
Enabling Platform Features:
To allow Users and Rental Business Owners to use the core functionalities of the Platform, including profile access, document submission, rent agreement execution, referral requests, Premium status upgrades, blacklisting actions, and internal communication.
Fraud Prevention and Security Monitoring:
To detect, investigate, and prevent fraudulent activity, identity manipulation, unauthorised access, multiple fake registrations, and misuse of referral or blacklisting tools, and to maintain the safety and integrity of the Platform.
Creditworthiness Evaluation and Risk Management:
To assess and score Users based on rental behaviour, verification status, referral history, and reviews submitted by Rental Businesses, and to generate risk alerts and scoring signals (VeriScore) for internal assessment purposes.
Internal Analytics and Performance Optimisation:
To conduct platform usage analysis, feature performance tracking, trend analysis, and service improvement initiatives using anonymised or pseudonymized data where possible.
Dispute Resolution and Platform Governance:
To retain records, correspondence, digital signatures, and audit trails of rental engagements and blacklisting actions, and to resolve disputes that arise between Users and Rental Business Owners, where such resolution is required or permitted under applicable terms.
Regulatory and Legal Compliance:
To comply with legal requirements, respond to lawful requests from governmental or judicial authorities, and maintain logs or backups as required under the Information Technology Act, 2000, or any successor legislation, including the DPDP Act, 2023 (once in effect).
Communication and Customer Support:
To send service-related messages, notify You of account activity, respond to support queries, communicate policy updates, or collect feedback, all while avoiding promotional or unsolicited marketing without Your consent.
Archival and Retention for Blacklist History:
To retain essential historical data of Users who are locally or globally blacklisted, for the purpose of enabling other Rental Businesses to make informed rental decisions and to maintain an industry-wide credibility register in good faith.
The use of Your data is restricted solely to these intended purposes and shall not be used for profiling, behavioural advertising, or non-consensual third-party sharing.
DATA SHARING AND DISCLOSURE
Verispace respects the confidentiality of Your Personal Information and Sensitive Personal Data or Information (SPDI) and does not sell, rent, or trade Your data to third parties. However, in the normal course of providing the Platform’s services, Verispace may share Your data with limited and trusted entities, strictly on a need-to-know basis and in accordance with this Privacy Policy and applicable law. Such sharing shall be for lawful, specific, and legitimate purposes as outlined below:
With Rental Business Owners:
If You are a User/Admin, Your profile data, submitted documents, verification status, and historical interaction records may be accessed by Rental Business Owners with whom You interact or register. This access is necessary to enable them to assess Your eligibility for rental engagements, Premium upgrades, or blacklisting actions. However, other than such designated Rental Businesses, no unrelated Business shall be given access to Your information.
With Verified Users (limited exposure):
If You are a Rental Business Owner, certain elements of Your business profile (e.g., name, address, uploaded rent agreement, and contact information) may be accessible to Users You engage with. However, individual review content, internal risk flags, and newsletter contributions shall not be disclosed to Users.
With Third-Party Verification Services and APIs:
Verispace may share limited data with authorised third-party service providers or government-approved KYC providers to verify Your identity, address, or employment details through Aadhaar, PAN, face match, GPS tagging, or video KYC technologies. Such third-party providers are bound by contractual obligations to maintain data confidentiality and security standards as per applicable law.
With Government Authorities or Law Enforcement:
Verispace may disclose Personal Information, documents, or user histories if required to do so under applicable law, or pursuant to a court order, government notice, regulatory directive, or legal process. This includes disclosures made to prevent fraud, enforce platform policies, or comply with obligations under the Information Technology Act, 2000, or the DPDP Act, 2023 (once effective).
With Legal Advisors and Auditors:
Where required for legal claims, dispute resolution, or regulatory audit, Verispace may share data with its professional advisors, including external legal counsel, auditors, and consultants, under confidentiality agreements.
In Case of Merger, Acquisition, or Business Transfer:
If Verispace undergoes a merger, acquisition, reorganisation, or transfer of business operations, in that case, your data may be disclosed or transferred to the acquiring entity as part of that transaction, provided that the receiving party continues to comply with this Privacy Policy or a substantially similar policy that affords equal or stronger protection.
With Your Consent:
Apart from the circumstances listed above, Verispace shall not disclose Your data to any external party without obtaining Your prior, explicit consent, and such consent shall clearly state the purpose and scope of data sharing.
All data disclosures are subject to strict access control, audit logging, and encryption protocols to prevent unauthorised access, misuse, or breach.
DATA RETENTION AND STORAGE
Verispace retains Personal Information and Sensitive Personal Data or Information (SPDI) for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a more extended retention period is required or permitted by applicable law, regulation, or contractual obligation.
For Users/Admins, Your data shall generally be retained for a period of three (3) months following verification, subject to periodic renewal upon document expiry or account activity. However, if You are locally or globally blacklisted, Verispace reserves the right to retain Your Personal Information, blacklisting history, verification records, and rental engagement logs for an extended period necessary to maintain platform integrity, protect Rental Business Owners, and prevent fraud or repeated delinquency.
For Rental Business Owners, Your business registration information, User interaction history, blacklist actions, rental agreements, and newsletter contributions shall be retained for the duration of Your active subscription or platform association, and thereafter for such period as required to comply with legal obligations, resolve disputes, or enforce rights.
In general, Verispace shall apply the following principles for retention: – Data linked to active accounts shall be retained as long as the account remains active and in good standing. – Data linked to closed or deleted accounts (other than blacklisted accounts) shall be retained for a minimum period of ninety (90) days and up to one (1) year for backup, audit, fraud prevention, or legal compliance purposes. – Blacklist-related data, dispute histories, and audit trails shall be retained for a period determined by Verispace’s risk management policies or for the period mandated under law, whichever is longer.
All retained data shall be securely stored using industry-standard encryption techniques, access control measures, and secure server infrastructure. Verispace undertakes reasonable administrative, technical, and physical safeguards to prevent loss, misuse, unauthorised access, disclosure, alteration, or destruction of retained data.
Upon expiry of the retention period or upon successful exercise of a valid data deletion request (subject to Clause 9 of this Policy), Verispace shall securely delete, anonymise, or aggregate the Personal Information in a manner that ensures it cannot reasonably be reconstructed or linked to any individual.
DATA SECURITY PRACTICES
Verispace is committed to safeguarding the confidentiality, integrity, and availability of Your Personal Information and Sensitive Personal Data or Information (SPDI). To this end, Verispace has implemented a range of reasonable security practices and procedures, in compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and aligned with global best practices for data protection.
Verispace employs administrative, technical, and physical security measures to protect Your data against unauthorised access, disclosure, alteration, loss, or destruction. These measures include, but are not limited to: – Data Encryption: Personal data is encrypted both in transit and at rest using industry-standard encryption protocols such as SSL/TLS for communications and AES for storage. – Access Controls: Strict user access management practices, including multi-factor authentication, role-based access controls, and regular access audits, are maintained to ensure that only authorised personnel can access sensitive information. – Secure Servers and Infrastructure: Data is hosted on secure servers within India or other permitted jurisdictions under stringent physical security controls, redundancy mechanisms, and disaster recovery planning. – API Security: All third-party integrations and API communications are secured using encryption keys, secure tokens, and secure transmission channels to protect the integrity of data exchanges. – Regular Security Testing: Verispace conducts periodic vulnerability assessments, penetration testing, and system security reviews to identify and mitigate emerging threats. – Training and Awareness: Employees and contractors of Verispace handling Personal Information are subject to confidentiality obligations and are trained on data privacy, information security, and incident response protocols.
Despite these robust measures, You acknowledge that no digital platform can guarantee absolute security. Consequently, Verispace disclaims liability for any unauthorised access, cyberattack, system compromise, or loss of data that occurs despite its reasonable efforts, unless such breach arises solely due to Verispace’s gross negligence or wilful misconduct.
In the unlikely event of a data breach affecting Your Personal Information, Verispace shall comply with applicable legal obligations, including: – notifying the affected individuals (where required), – informing relevant regulatory authorities (where required), – initiating corrective actions to mitigate further damage.
You are advised to take precautions to protect Your login credentials, avoid phishing attempts, use strong passwords, and immediately report any suspected security incident or suspicious activity to Verispace at support@verispace.in
YOUR RIGHTS REGARDING YOUR DATA
Verispace recognises Your rights as a Data Subject under applicable Indian laws, including the Information Technology Act, 2000, and anticipates compliance with emerging frameworks such as the Digital Personal Data Protection Act, 2023. Accordingly, You are entitled to exercise the following rights in respect of Your Personal Information and Sensitive Personal Data or Information (SPDI) collected by Verispace:
(a) Right to Access: You have the right to request access to the Personal Information held by Verispace about You. Upon receiving a valid request, Verispace will provide a summary of the data being processed, the purposes of processing, and the categories of recipients, subject to reasonable verification of Your identity.
(b) Right to Correction: You have the right to request the rectification of any inaccurate, outdated, or incomplete Personal Information. Verispace shall correct such information after verifying the authenticity of the correction request.
(c) Right to Withdraw Consent: Where processing is based on Your consent, You have the right to withdraw such consent at any time by submitting a request through the designated support channel. However, withdrawal of consent may impact Your continued access to certain features or services on the Platform.
(d) Right to Deletion: You may request deletion of Your account and associated Personal Information by submitting an email to [Insert Contact Email]. Verispace will process Your request within a reasonable time, subject to: – retention of essential data for legal, regulatory, fraud prevention, or risk management purposes; – preservation of blacklisting records where necessary to maintain platform integrity, even after account deletion.
(e) Right to Restriction of Processing: In certain circumstances, You may request Verispace to restrict the processing of Your data, such as when contesting the accuracy of the information or where processing is unlawful, pending verification or resolution.
(f) Right to Data Portability (where applicable): Subject to technical feasibility, You may request a copy of Your Personal Information provided to Verispace, in a structured, commonly used, and machine-readable format, if such portability obligations are mandated under applicable law.
(g) Right to Object:You have the right to object to the processing of Your data for direct marketing purposes or for decisions based solely on automated processing that significantly affect You.
Verispace may require reasonable verification of Your identity before processing any data rights request. Verispace reserves the right to decline requests that are manifestly unfounded, excessive, repetitive, or where compliance would adversely affect the rights and freedoms of others or conflict with legal requirements.
All rights requests can be initiated by contacting support@verispace.in or through the support functionality available on the Platform.
GRIEVANCE REDRESSAL AND CONTACT INFORMATION
Verispace is committed to promptly addressing any grievances, concerns, or complaints You may have regarding the collection, use, processing, disclosure, or security of Your Personal Information and Sensitive Personal Data or Information (SPDI).
In compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, Verispace has designated a Grievance Officer to redress data protection-related grievances. The details of the Grievance Officer are as follows:
Name: Om Shah
Designation: Director
Email Address: om@verispace.in
Contact Address: Office 9, 3rd Floor, Siddharth Chambers, Appa Balwant Chowk, Opp. Rasik Sahitya, Pune – 411002
Working Hours: Mon to Fri, 10 am to 6 pm
You may submit any complaints or concerns by writing to the Grievance Officer via email or by submitting a request through the Platform’s customer support portal. For Verispace to effectively address Your grievance, You are advised to provide: – Your full name and registered contact details; – A clear description of the nature of the grievance or complaint; – Relevant supporting documents, if any; – Specific relief sought.
The Grievance Officer shall acknowledge receipt of Your complaint within forty-eight (48) hours and shall endeavour to resolve the complaint within a period of thirty (30) days from the date of receipt, in accordance with applicable legal requirements.
If You are dissatisfied with the response or resolution provided by Verispace, You retain the right to escalate the matter to the appropriate regulatory authorities or judicial forums as per applicable law.
Verispace encourages Users and Rental Business Owners to first exhaust the internal grievance mechanism before seeking external remedies, in the interest of fair and prompt resolution.
UPDATES TO THIS PRIVACY POLICY
Verispace reserves the right to amend, update, revise, or modify this Privacy Policy at its sole discretion, at any time, to reflect changes in legal or regulatory requirements, technological advancements, platform functionalities, data processing practices, or business needs.
Any material changes to this Privacy Policy shall be communicated by: – posting a revised version on the Verispace Platform,
– updating the “Last Updated” date at the top of the Policy, and/or
– notifying Users and Rental Business Owners via registered email addresses or prominent in-app alerts, wherever feasible.
You are advised to periodically review this Privacy Policy to stay informed about how Verispace is protecting and processing Your Personal Information. Your continued access to or use of the Platform after the effective date of any changes shall constitute Your express acceptance of the revised Policy.
If You do not agree with any part of the updated Privacy Policy, Your sole recourse is to discontinue the use of the Platform and request account deletion in accordance with Clause 9 of this Policy.
Verispace’s commitment to transparency, accountability, and lawful processing of data remains steadfast, and all changes to this Policy shall be made with a view to enhancing user protection and trust.
