This Privacy Policy ("Policy") describes how Exergy Infotech, operating as SaralDesk ("we", "us", "our"), collects, uses, stores, and protects personal information when you visit our website, create an account, or use our hospitality management platform and services.
This Policy applies to all users of SaralDesk, including hotel owners, restaurant operators, their staff members, and end guests whose information is processed through the Platform. By using SaralDesk, you consent to the practices described in this Policy.
We collect only what we need, use it only for stated purposes, store it securely in India, and never sell it. We believe your data belongs to you — we are simply its custodian while you use our platform.
This Policy should be read alongside our Terms & Conditions. In the event of any conflict between the two documents, the Terms & Conditions shall prevail.
We collect different categories of data depending on your relationship with SaralDesk:
- Full name, business name, and designation of the account holder.
- Email address, mobile number, and WhatsApp number.
- Business address, GST number, and PAN number (for billing and compliance).
- Payment details processed securely through our payment gateway partner (Razorpay). We do not store raw card numbers.
- Subscription history, plan details, and billing records.
- Guest name, contact number, email, and address entered during check-in.
- Government-issued identity document scans or uploads (Aadhaar, Passport, Driving Licence) required for Police Form C compliance.
- Nationality, date of birth, and purpose of visit (for foreign nationals under the Foreigners Act, 1946).
- Booking dates, room preferences, and stay history.
For guest data, SaralDesk acts as a Data Processor on your behalf. You (the hotel/restaurant owner) are the Data Controller and remain responsible for obtaining appropriate consent from your guests for data collection and retention as required under applicable law.
- IP address, browser type, operating system, and device identifiers.
- Pages visited, features used, session duration, and clickstream data.
- Error logs, crash reports, and performance diagnostics.
- Geolocation data (city/region level only, derived from IP address).
| Purpose | Data Used | Basis |
|---|---|---|
| Providing the Platform | Account data, subscription data | Contract |
| Processing Payments | Billing data, GST number | Contract |
| Police Form C Compliance | Guest identity data, nationality | Legal Obligation |
| Customer Support | Account data, usage data | Legitimate Interest |
| Platform Improvement | Anonymised usage data, crash logs | Legitimate Interest |
| Marketing Communications | Email address, name | Consent |
| Security & Fraud Prevention | Technical data, IP address | Legitimate Interest |
| Legal Compliance & Audits | Billing records, contracts | Legal Obligation |
We will never use your data for purposes not listed above without obtaining your explicit consent in advance.
SaralDesk processes personal data under the following legal bases in accordance with India's Digital Personal Data Protection Act, 2023 (DPDPA) and internationally recognised data protection principles:
- Consent: For marketing emails, newsletters, and non-essential cookies. You may withdraw consent at any time without affecting prior processing.
- Contractual Necessity: Processing required to deliver the Services you have subscribed to, including account management and billing.
- Legal Obligation: Processing required to comply with Indian law, including Police Form C filing under the Foreigners Act, 1946, and GST record-keeping under the CGST Act, 2017.
- Legitimate Interest: Processing for security monitoring, fraud prevention, product analytics, and platform improvement, where such interests are not overridden by your rights.
SaralDesk does not sell, rent, or trade your personal data. We share data only in the following limited circumstances:
- Razorpay — Payment processing. Governed by Razorpay's own PCI-DSS certified privacy practices.
- Cloud Infrastructure Provider — Secure data hosting within India (AWS Mumbai / equivalent).
- Communication Services — Transactional email and SMS delivery (OTP, invoices, alerts).
- Analytics Tools — Anonymised, aggregated usage analytics to improve Platform performance.
All sub-processors are bound by contractual data processing agreements that require them to maintain confidentiality and security standards equivalent to ours.
We may disclose your data if required to do so by a valid court order, government authority, or applicable law — including to law enforcement for guest records under the Foreigners Act or in the investigation of a crime. We will notify you of such requests where legally permitted to do so.
Sell your personal data or your guests' data to advertisers, data brokers, or any third party for commercial purposes. This is a firm commitment, not just a policy — it is contrary to our business model and values.
SaralDesk uses cookies and similar tracking technologies on our website and platform. Cookies are small text files stored on your device that help us deliver and improve our Services.
| Cookie Type | Purpose | Duration | Can Opt Out |
|---|---|---|---|
| Essential | Login sessions, security tokens, CSRF protection | Session | No |
| Functional | Language preference, UI settings, last-viewed module | 1 year | Optional |
| Analytics | Page views, feature usage, performance monitoring | 90 days | Yes |
| Marketing | Retargeting, campaign tracking (only on public website) | 30 days | Yes |
You can manage or withdraw cookie consent at any time via the Cookie Preferences banner on our website or through your browser settings. Note that disabling essential cookies will prevent you from logging into the Platform.
We take extensive technical and organisational measures to protect your data from unauthorised access, disclosure, alteration, or destruction.
- All data is transmitted over HTTPS / TLS 1.2+ encrypted connections.
- Access to production data is restricted to authorised engineers under a strict role-based access control (RBAC) policy.
- Identity documents uploaded for Police Form C are stored in isolated, encrypted vaults with limited access controls.
- Regular security audits and vulnerability assessments are conducted on our infrastructure.
- In the event of a data breach affecting your personal data, we will notify you and relevant authorities within 72 hours of becoming aware of the breach.
While we implement industry-leading security practices, no method of transmission or storage is 100% secure. We encourage you to use strong passwords and enable two-factor authentication on your account.
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, comply with legal obligations, and resolve disputes.
| Data Category | Retention Period | Reason |
|---|---|---|
| Account & Subscriber Data | Active subscription + 90 days post-cancellation | Service delivery & data export window |
| Billing & GST Records | 7 years from transaction date | Indian Income Tax & GST Act requirements |
| Guest Identity Documents | As required by the Foreigners Act (typically 1 year); configurable by property | Regulatory compliance |
| Guest Booking Records | Subscriber's account duration + 90 days | Operational records |
| Usage & Analytics Data | 90 days (anonymised thereafter) | Platform improvement |
| Support & Communication Logs | 3 years from last interaction | Service quality & dispute resolution |
Upon expiry of the applicable retention period, data is securely and permanently deleted from all active systems and backup storage within 30 days of the deletion trigger.
Under the Digital Personal Data Protection Act, 2023 and internationally recognised data protection frameworks, you have the following rights regarding your personal data:
Submit your request to privacy@saraldesk.com with the subject line "Data Rights Request". We will respond within 30 days. In complex cases, this may be extended by an additional 30 days with prior notice. Requests are free of charge.
SaralDesk's Platform and Services are intended for use by business owners, operators, and their staff who are 18 years of age or older. We do not knowingly collect, store, or process personal data from individuals under the age of 18.
In the context of hotel guest management, guest records may include details of minor guests as part of a family booking. Such data is collected by the hotel (the Data Controller) for regulatory compliance purposes and is processed by SaralDesk solely as a Data Processor on the hotel's instructions.
If you believe that we have inadvertently collected personal data from a child under 18 in our subscriber base, please contact us immediately at privacy@saraldesk.com and we will take prompt action to delete such data.
The SaralDesk website and Platform may contain links to third-party websites, tools, or services — such as payment gateways, social media platforms, or documentation portals. This Privacy Policy applies solely to data processed by SaralDesk and does not cover the privacy practices of any third-party websites or services.
We encourage you to review the privacy policies of any third-party services you interact with. SaralDesk is not responsible for the privacy practices or content of external websites accessed via links from our Platform.
All payment processing is handled by Razorpay. SaralDesk does not receive or store raw card data. Razorpay is PCI-DSS Level 1 certified. For details on how Razorpay handles your payment data, please refer to Razorpay's Privacy Policy at razorpay.com/privacy.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Services we offer. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Send an email notification to your registered email address at least 14 days before the changes take effect.
- Display a prominent notice on the Platform dashboard informing you of the update.
For minor, non-material changes (such as typographical corrections or clarifications that do not affect how we use your data), we may update this page without prior notice.
Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you disagree with a material change, you have the right to close your account and request deletion of your data before the change takes effect.
If you have any questions, concerns, or complaints regarding this Privacy Policy or our data handling practices, please contact our Data Protection Officer (DPO):
| Contact Type | Details |
|---|---|
| Data Protection Officer | privacy@saraldesk.com |
| General Privacy Queries | support@saraldesk.com |
| WhatsApp Support | +91 98935 60964 |
| Response Time | Within 30 days of receiving your request |
| Registered Address | Exergy Infotech, Indore, Madhya Pradesh, India |
In accordance with the Digital Personal Data Protection Act, 2023, if you believe your data rights have been violated, you may first raise a grievance with us. If unsatisfied with our response, you may escalate to the Data Protection Board of India once operational, or approach the appropriate courts of jurisdiction in Indore, Madhya Pradesh.