Terms & Conditions

PRIVACY POLICY

Last Updated: Saturday, 20 December 2025
Place: Kolkata, West Bengal, India

Thank you for accessing and using IVY NEST. In the event this Privacy Policy is not available in a language understood by you, you are required to immediately contact IVY NEST at grievance@ivynestapartments.com. Failure to raise such communication within twenty-four (24) hours of receipt of this document, coupled with your acceptance by clicking the “I ACCEPT” or “ACCEPT & CONTINUE” button, shall be deemed as your acknowledgment, understanding, and acceptance of this Privacy Policy in its entirety.

This Privacy Policy constitutes an electronic record generated by a computer system and does not require any physical or digital signature in accordance with the Information Technology Act, 2000 and rules made thereunder. By clicking the “I ACCEPT” button, you expressly consent to be legally bound by this Privacy Policy and the associated Terms of Service.

If you do not agree with any provision contained herein, you must refrain from accessing or using the IVY NEST digital platform, mobile application, website, or any services facilitated thereon.

“Ivy Nest Apartments”, together with its affiliates, associate companies, and subsidiaries (hereinafter collectively referred to as “Ivy Nest Apartments”, “IVY NEST”, “we”, “us”, or “our”), operates a technology-enabled digital platform that provides residential accommodation and rental solutions to intending occupiers and/or licensees.

Our services cater to a diverse user base including, without limitation:

• Digital nomads
• Remote workers
• Students
• Working professionals
• Community-focused residents
• Short-term and long-term occupiers

Through our platform, we facilitate access to and discovery of:

• Paying Guest (PG) accommodations
• Rental flats and apartments
• Room-sharing residences
• Hostels
• Co-living spaces
• Co-working spaces
• Workation stays
• Vacation homes and short-term accommodation

In addition, IVY NEST functions as an Online Travel Agency (OTA) by aggregating, displaying, and facilitating online discovery and booking of verified accommodation listings. The platform operates entirely through digital and electronic means, acting strictly as a technology intermediary and facilitator, and does not act as a landlord, property owner, broker, or governmental authority unless expressly stated otherwise.

This Privacy Policy describes how Ivy Nest Apartments, in its capacity as a Data Fiduciary / Controller, collects, uses, stores, processes, shares, and protects Personal Data and Sensitive Personal Data when you:

• Visit or use our website (“Site”);
• Access the IVY NEST mobile or desktop applications (“App(s)”);
• Use IVY NEST email plugins, browser extensions, or other digital interfaces; or
• Interact with any service, feature, or tool that links to this Privacy Policy.

This Policy explains:

• What categories of personal information are collected;
• The purposes and lawful bases for processing such information;
• How users may access, correct, withdraw consent for, or request deletion of their personal data; and
• The safeguards implemented to protect such data.

We do not use or disclose Personal Data except as expressly stated in this Privacy Policy, the Terms of Service, or as required by applicable law.

Capitalised terms not defined herein shall have the meaning assigned to them under the Terms of Service.

Supplemental clauses, notices, or privacy-related disclosures published on the Site from time to time are hereby incorporated into this Privacy Policy by reference.

We reserve the right to modify or update this Privacy Policy at our sole discretion to reflect changes in legal, regulatory, operational, or business requirements. Updates shall be reflected by revising the “Last Updated” date. Continued use of the platform after such publication constitutes your deemed acceptance of the revised Privacy Policy.

What personal data do we process?
We may process personal data depending on how you interact with IVY NEST, including information provided during registration, booking, communication, verification, or customer support interactions.

Do we process sensitive personal data?
Yes, sensitive personal data may be processed where strictly necessary, with your explicit consent or as permitted under applicable law.

Do we receive information from third parties?
We may receive information from public databases, marketing partners, social media platforms, independent accommodation providers, and other lawful third-party sources.

How do we process your information?
Personal data is processed to provide, operate, improve, and administer our services; facilitate bookings and communications; prevent fraud; ensure platform security; and comply with legal obligations. Processing occurs only where a lawful basis exists.

When and with whom is personal data shared?
Data may be shared in limited circumstances with verified third parties, service providers, independent accommodation partners, payment gateways, or authorities as required by law.

How do we protect your information?
We implement reasonable technical and organisational security measures. However, no system can be guaranteed to be completely secure, and absolute security cannot be assured.

What rights do users have?
Depending on applicable law, users may have rights relating to access, correction, withdrawal of consent, erasure, and grievance redressal.

How can you exercise your rights?
Requests may be submitted by emailing grievance@ivynestapartments.com. All requests are handled in accordance with applicable data protection laws.

1. OVERVIEW

1.1 Applicability
This Privacy Policy applies to all users of IVY NEST services across India, including users who access or interact with the website, mobile or desktop applications, features, tools, and any ancillary or connected services (collectively, the “Services”).

1.2 Controller and Legal Compliance
IVY NEST is a digital platform owned and operated by Ivy Nest Apartments. We are committed to protecting and respecting your privacy and process personal data in accordance with applicable Indian laws, including the Information Technology Act, 2000 (and rules framed thereunder), the Digital Personal Data Protection Act, 2025, the Consumer Protection Act, 2019, the Consumer Protection (E-Commerce) Rules, 2020 (as amended), and other applicable national and state laws governing personal data processing.

1.3 Purpose of Collection and Processing
We collect and process personal data to provide, operate, maintain, and continuously improve our Services, including facilitating discovery, comparison, booking, and management of accommodation and related services through our technology platform and OTA functionality.

1.4 Policy Updates and Review
This Privacy Policy may be updated from time to time to reflect legal, regulatory, or operational changes. Users are encouraged to review this Policy periodically. Continued use of the Services after publication of any update constitutes acceptance of the revised Policy.

1.5 Third Parties and Confidentiality
All partners, independent partners, vendors, and service providers who work with or for us and who have access to personal data are required to comply with this Privacy Policy and applicable law. No third party is permitted to access or process sensitive personal data held by us without first entering into a legally enforceable confidentiality and data-processing arrangement consistent with applicable law.

2. DEFINITIONS & INTERPRETATION

2.1 Definitions

For the purposes of this Privacy Policy, unless the context otherwise requires:

2.1.1 “Account” means a unique account created by a user to access the Services or any part thereof.

2.1.2 “Company” / “IVY NEST” / “We” / “Us” / “Our” means Ivy Nest Apartments, the owner and operator of the IVY NEST digital platform.

2.1.3 “Country” means India.

2.1.4 “Data Fiduciary / Controller” means the Company, which determines the purposes and means of processing personal data under applicable law.

2.1.5 “Device” means any device capable of accessing the Services, including a computer, smartphone, or tablet.

2.1.6 “Cookies” means small data files placed on a user’s device by a website or application to enable functionality, analytics, and user experience enhancements.

2.1.7 “Personal Data” means any information that relates to an identified or identifiable natural person, including information that can directly or indirectly identify such person, as defined under applicable Indian data protection laws.

2.1.8 “Sensitive Personal Data” means such categories of personal data as may be notified or recognised under applicable Indian law from time to time, requiring enhanced safeguards.

2.1.9 “Service(s)” means the IVY NEST website, applications, features, tools, and related digital services.

2.1.10 “Service Provider / Data Processor” means any natural or legal person engaged by the Company to process personal data on its behalf for purposes related to the Services, subject to contractual and legal safeguards.

2.1.11 “Usage Data” means data collected automatically during use of the Services, including technical and diagnostic information such as page visit duration and interaction metrics.

2.1.12 “Website” means the IVY NEST website accessible at https://ivynestapartments.com.

2.1.13 “You” / “User” / “Data Principal” means the individual accessing or using the Services, or the legal entity on whose behalf such individual acts, as applicable.

Cross-border references:
Certain definitions (e.g., relating to foreign regulatory concepts) may be referenced only to the extent required for limited operational interactions with users or service providers outside India. Primary governance of this Policy remains Indian law.

2.2 Interpretation

Words with initial capital letters have the meanings assigned above.
Singular includes plural and vice-versa; headings are for convenience only and do not affect interpretation.

3. COLLECTION AND USE OF PERSONAL DATA

3.1 Categories of Personal Data Collected

In the course of providing access to and operating the IVY NEST platform and related Services, the Company may collect and process certain personal data provided directly by you or generated through your use of the Services. Such personal data may include, without limitation:

a) Email address
b) First name and last name
c) Mobile or telephone number
d) Residential or correspondence address, including city, state, postal/ZIP code
e) Usage Data (as defined below)

The provision of certain personal data may be mandatory for registration, booking, communication, customer support, compliance, or transactional purposes. Failure to provide such data may limit your ability to access or use certain features of the Services.

3.2 Usage Data

3.2.1 Usage Data is collected automatically when you access or use the Services.

3.2.2 Usage Data may include technical and diagnostic information such as:

• Internet Protocol (IP) address
• Browser type and version
• Pages visited on the platform
• Date and time of access
• Time spent on pages
• Device identifiers and other diagnostic or performance data

3.2.3 When the Services are accessed through a mobile device, additional information may be collected automatically, including:

• Type of mobile device
• Unique device identifiers
• Mobile operating system
• Mobile browser type
• Mobile IP address

3.2.4 The Company may also collect information transmitted by your browser or device whenever you interact with the Services, for purposes including security, analytics, troubleshooting, and service improvement.

Usage Data is processed in a manner consistent with applicable law and is used primarily in aggregated or pseudonymised form.

4. SOURCES OF PERSONAL INFORMATION

The Company collects personal data from the following sources:

4.1 Directly from You
Information voluntarily provided by you, including through account registration, forms, preferences, communications, bookings, payments, or customer support interactions.

4.2 Indirectly from You
Information generated through your interaction with the Services, including behavioural and usage-related data.

4.3 Automatically through Technology
Information collected via cookies, device identifiers, log files, and similar technologies deployed on your device when you access or use the Services.

4.4 From Service Providers and Partners
Information received from third-party service providers engaged for analytics, payment processing, communications, hosting, customer support, fraud prevention, or other lawful operational purposes, subject to contractual and statutory safeguards.

5. COOKIES AND TRACKING TECHNOLOGIES

5.1 Use of Cookies and Similar Technologies

The Company uses cookies and similar tracking technologies, including web beacons, tags, and scripts, to operate, analyse, improve, and secure the Services.

Cookies are small data files placed on your device that enable functionality, preferences, analytics, and performance measurement.

You may configure your browser to refuse cookies or alert you when cookies are being sent. However, disabling cookies may affect the availability or functionality of certain features of the Services.

Cookies may be classified as:

• Session Cookies, which are deleted when you close your browser; and
• Persistent Cookies, which remain on your device until deleted or expired.

5.2 Types of Cookies Used

5.2.1 Essential / Necessary Cookies

• Type: Session Cookies
• Administered by: The Company
• Purpose:
  These cookies are required to enable core functionality of the Services, including user authentication, account security, and fraud prevention. Without these cookies, requested services cannot be provided.

5.2.2 Cookie Consent Cookies

• Type: Persistent Cookies
• Administered by: The Company
• Purpose:
  These cookies record whether you have accepted or acknowledged the use of cookies on the platform.

5.2.3 Functionality Cookies

• Type: Persistent Cookies
• Administered by: The Company
• Purpose:
  These cookies allow the platform to remember user preferences such as login state, language, or display settings, enhancing usability and personalisation.

5.2.4 Performance and Analytics Cookies

• Type: Persistent Cookies
• Administered by: Third-party service providers
• Purpose:
  These cookies collect information regarding platform traffic, usage patterns, and feature performance. Data collected may be linked to a pseudonymous identifier associated with your device and is used to analyse trends, test new features, and improve user experience.

5.3 Additional Information

For further details regarding cookies, tracking technologies, and your choices, please refer to the Cookie & Tracking Policy or the relevant section of this Privacy Policy, which forms an integral part hereof.

6. USE OF PERSONAL DATA

6.1 Purposes of Processing

The Company may collect, store, use, disclose, and otherwise process Personal Data strictly for lawful purposes connected with the operation of the IVY NEST platform and the provision of its Services, including but not limited to the following:

6.1.1 Service Provision and Operations
To provide, operate, maintain, secure, and monitor the Services, including analysing platform usage, performance, and functionality.

6.1.2 Account Creation and Management
To register, authenticate, administer, and manage your user account, and to enable access to features and functionalities available to registered users.

6.1.3 Contractual Performance
To enter into, perform, comply with, and enforce contracts arising from bookings, subscriptions, rentals, service requests, payments, cancellations, refunds, or any other legally binding arrangement entered into through the platform.

6.1.4 Communications
To communicate with you through email, telephone calls, SMS, messaging platforms, push notifications, or other lawful electronic means regarding:

• Account activity
• Bookings and transactions
• Service-related updates
• Security alerts
• Policy changes
• Operational or regulatory communications

Such communications shall be limited to what is necessary, reasonable, and proportionate.

6.1.5 Marketing and Promotional Communications
To provide information about services, offers, updates, or events that may be relevant to you, subject to your consent and applicable opt-out rights under Indian law.

6.1.6 User Requests and Support
To receive, manage, respond to, and resolve your queries, complaints, service requests, and grievance submissions.

6.1.7 Corporate Transactions
To evaluate, negotiate, or execute any merger, acquisition, restructuring, financing, sale, transfer, or reorganisation of the Company or its assets, whether as a going concern or as part of insolvency or liquidation proceedings, subject to applicable legal safeguards.

6.1.8 Analytics, Improvement, and Compliance
To conduct data analysis, identify trends, measure effectiveness, improve platform functionality, enhance user experience, prevent fraud, ensure security, and comply with applicable legal and regulatory obligations.

6.2 Disclosure and Sharing of Personal Data

The Company may disclose Personal Data only in the following circumstances and strictly on a need-to-know basis:

6.2.1 Service Providers
With third-party service providers engaged for analytics, hosting, payment processing, communications, customer support, fraud prevention, or technical operations, under binding contractual and confidentiality obligations.

6.2.2 Business Transfers
In connection with or during negotiations relating to mergers, acquisitions, asset transfers, or corporate restructuring, subject to legal safeguards and continuity of data protection.

6.2.3 Affiliates
With group entities, subsidiaries, or affiliates under common control, provided such entities adhere to this Privacy Policy and applicable data protection laws.

6.2.4 Business and Technology Partners
With partners involved in providing ancillary services, integrations, or value-added offerings, where such sharing is necessary for service delivery or permitted by law.

6.2.5 User-Initiated Disclosures
Where you voluntarily disclose personal information in public or interactive areas of the platform, acknowledging that such information may be visible to other users.

6.2.6 Consent-Based Disclosures
For any other purpose expressly authorised by you through clear, affirmative consent.

7. RETENTION OF PERSONAL DATA

7.1 Retention Period

The Company shall retain Personal Data only for such duration as is reasonably necessary to fulfil the purposes outlined in this Privacy Policy, including:

• Performance and enforcement of contracts
• Compliance with statutory, regulatory, and accounting obligations
• Resolution of disputes
• Prevention of fraud and misuse
• Enforcement of legal rights and policies

Retention periods are determined based on the nature of the data, purpose of processing, and applicable legal requirements under Indian law.

7.2 Retention of Usage Data

Usage Data is generally retained for a limited duration and is primarily used for internal analysis, system improvement, security monitoring, and service optimisation.

Usage Data may be retained for longer periods where:

• Required to strengthen security or prevent fraud
• Necessary to comply with legal or regulatory obligations
• Used in anonymised or aggregated form

7.3 Deletion and Anonymisation

Upon expiry of the applicable retention period or withdrawal of consent (where legally permissible), Personal Data shall be securely deleted, anonymised, or irreversibly de-identified, unless continued retention is required by law.

8. TRANSFER OF PERSONAL DATA

8.1 Location of Processing

Your Personal Data is processed at the Company’s registered and operating offices in India and at such other locations where the Company, its affiliates, service providers, or processing partners maintain infrastructure or personnel.

Accordingly, your Personal Data may be transferred to, stored in, or accessed from jurisdictions outside your state, province, or country of residence, where data protection laws may differ from those applicable in your jurisdiction.

8.2 Consent to Transfer

By accepting this Privacy Policy and submitting your Personal Data through the Platform, you expressly consent to the collection, storage, processing, and transfer of such data in accordance with this Policy and applicable law.

8.3 Safeguards for Cross-Border Transfers

The Company shall take all commercially reasonable, legally mandated, and technically appropriate measures to ensure that:

• Personal Data is processed securely and lawfully;
• Transfers occur only for legitimate purposes;
• Adequate contractual, technical, and organisational safeguards are implemented;
• No transfer takes place to any entity or jurisdiction without appropriate data protection controls, security measures, and confidentiality obligations consistent with this Privacy Policy and Indian law.

9. LAWFUL USE AND DISCLOSURE OF PERSONAL DATA

This section supplements and must be read together with Section 6 (Use of Personal Data). No independent or expanded purpose is created beyond what is already disclosed.

9.1 Lawful Purposes of Use

The Company may process Personal Data for the following lawful purposes:

9.1.1 To operate, maintain, monitor, and improve the Platform and Services;

9.1.2 To register, authenticate, and manage user accounts;

9.1.3 To perform, administer, and enforce contracts entered into through the Platform, including bookings, subscriptions, payments, cancellations, refunds, and service fulfilment;

9.1.4 To communicate with users regarding transactions, security alerts, operational notices, policy updates, and service-related information through lawful electronic means;

9.1.5 To provide marketing, promotional, or informational communications, subject to consent and opt-out rights;

9.1.6 To receive, manage, and resolve user requests, complaints, and grievances;

9.1.7 To evaluate or execute mergers, acquisitions, restructurings, asset transfers, insolvency proceedings, or similar corporate events;

9.1.8 To conduct analytics, auditing, fraud prevention, compliance monitoring, service optimisation, and internal business assessments.

9.2 Disclosure of Personal Data

Personal Data may be disclosed strictly on a need-to-know and lawful basis in the following circumstances:

9.2.1 Service Providers
To third-party vendors engaged for hosting, analytics, payments, communications, customer support, or technical services, subject to binding confidentiality and data protection obligations.

9.2.2 Business Transfers
In connection with mergers, asset sales, financing, acquisitions, or corporate restructuring, subject to lawful safeguards.

9.2.3 Affiliates
To group entities, subsidiaries, or affiliates under common control, provided they adhere to equivalent data protection standards.

9.2.4 Business Partners
To partners involved in facilitating services, offers, or integrations, strictly for authorised purposes.

9.2.5 User-Initiated Disclosures
Where users voluntarily disclose information in public or interactive areas of the Platform, acknowledging that such information may become publicly accessible.

9.2.6 Consent-Based Disclosure
For any other purpose expressly authorised by the user through clear and affirmative consent.

10. STORAGE AND INTERNATIONAL TRANSFER OF PERSONAL INFORMATION

10.1 Data Storage

Your Personal Information, including system backups, is stored on:

• IVY NEST’s secure servers; and
• The secure servers of third-party service providers engaged by the Company.

Appropriate administrative, technical, and physical safeguards are implemented to protect such data against unauthorised access, loss, misuse, or alteration.

10.2 International Transfers

Your Personal Data may be transferred across national borders, including to jurisdictions such as India and the United States of America, due to the location of servers, cloud infrastructure, analytics providers, payment processors, or operational vendors.

All such transfers shall comply with:

• Digital Personal Data Protection Act, 2025 (India)
• Information Technology Act, 2000 & Rules thereunder
• Contractual and security safeguards consistent with this Privacy Policy

10.3 EEA / International Users

If you are a resident of the European Economic Area (EEA) or any jurisdiction with enhanced data protection laws:

• Transfers outside the EEA shall occur only where adequate safeguards are in place, including:
  • Standard contractual clauses;
  • Equivalent contractual protections; or
  • Your explicit consent where required by law.
• The Company shall ensure that the recipient maintains an adequate level of data protection consistent with applicable international standards.

11. USE OF INFORMATION

11.1 Lawful Purposes of Use

Subject to applicable law, IVY NEST may collect, process, and use Personal Data and Usage Data strictly for the following lawful, specified, and legitimate purposes:

11.1.1 To enable, operate, and provide access to the Platform, including its website, mobile applications, browser extensions, plug-ins, and related digital tools;

11.1.2 To analyse usage trends, engagement patterns, and user behaviour for the purpose of understanding how the Platform and Services are accessed and utilised;

11.1.3 To maintain, enhance, and improve the functionality, performance, security, and reliability of the Platform and Services;

11.1.4 To personalise and customise user experience, including content display, interface preferences, and feature accessibility;

11.1.5 To facilitate platform-enabled financial and transactional tools, including expense tracking or payment-related functionalities where applicable;

11.1.6 To process, verify, facilitate, or enable payments, subscriptions, bookings, or other transactions conducted through authorised payment service providers;

11.1.7 To enable collaborative or shared features that allow users, where applicable, to share information within teams, groups, or organisational accounts;

11.1.8 To communicate with users regarding account activity, bookings, service updates, transactional notices, security alerts, and operational communications;

11.1.9 To conduct internal operations essential for service delivery, including system diagnostics, error resolution, software testing, analytics, research, monitoring, and platform optimisation;

11.1.10 To personalise the content, features, recommendations, and interfaces displayed on the website or application;

11.1.11 To respond to user enquiries, requests, complaints, and support issues relating to the Platform or Services;

11.1.12 To provide customer support services, including:

• directing enquiries to appropriate support personnel,
• investigating and resolving reported issues,
• monitoring, evaluating, and improving customer service quality;

11.1.13 For product development, innovation, and enhancement, including strengthening safety, security, fraud prevention, and risk mitigation measures;

11.1.14 To process and assess employment or engagement applications submitted through the Platform, where applicable.

11.2 Use and Sharing of Transaction Data

Notwithstanding anything to the contrary in this Privacy Policy, IVY NEST and its authorised third-party service providers may process and use Transaction Data strictly for the following purposes:

11.2.1 To receive and process transaction-related information from payment networks, banks, card issuers, or payment service providers for the purpose of enabling notifications, confirmations, reconciliation, or transaction-based actions;

11.2.2 To share limited and necessary transaction-related information with authorised vendors, contractors, or service providers solely to facilitate and administer payment processing, subscription management, booking fulfilment, or associated financial services;

11.2.3 To analyse Transaction Data for the generation of reports, summaries, or insights that may be made available to users for informational or record-keeping purposes.

All such processing shall be subject to confidentiality obligations, contractual safeguards, and applicable data protection laws.

11.3 Consent-Based and Contextual Use

IVY NEST may use Personal Data for any additional purpose that is:

• expressly disclosed at the time of data collection; or
• authorised by the user through clear and affirmative consent; or
• required or permitted under applicable law.

11.4 Aggregated and Anonymised Data

IVY NEST may collect, analyse, and use aggregated, anonymised, or de-identified data for statistical, analytical, operational, and research purposes, including but not limited to:

• assessing feature usage and platform performance;
• determining technical design requirements;
• identifying system inefficiencies or risk areas;
• improving service delivery and infrastructure planning.

Such data shall not be used to identify any individual user.

11.5 Communications and Engagement

Subject to user preferences and applicable law, IVY NEST may use collected information to communicate with users regarding:

• products, services, and platform features;
• promotions, surveys, studies, or feedback requests;
• policy updates, announcements, and service-related information.

Users retain the right to opt out of non-essential marketing communications in accordance with applicable law.

12. LEGAL BASIS FOR PROCESSING

12.1 Lawful Grounds of Processing

IVY NEST processes Personal Data strictly in accordance with applicable law and only where a lawful basis exists. The legal grounds for processing may vary depending on the nature of the data, the purpose of processing, and the user’s jurisdiction.

Without limitation, Personal Data may be processed on one or more of the following lawful bases:

12.1.1 Contractual Necessity
Where processing is necessary for the performance of a contract to which the user is a party, including account creation, booking facilitation, subscription services, payment processing, or provision of platform functionalities.

12.1.2 Consent
Where the user has provided free, specific, informed, unconditional, and unambiguous consent, including for marketing communications, profiling, cookies, or optional features. Consent may be withdrawn at any time in accordance with applicable law.

12.1.3 Legitimate Interests
Where processing is necessary for IVY NEST’s legitimate business interests, including platform security, fraud prevention, service improvement, analytics, customer support, and operational efficiency, provided such interests do not override the user’s fundamental rights.

12.1.4 Legal Obligations
Where processing is required to comply with applicable laws, regulations, judicial orders, statutory obligations, or lawful requests by competent authorities.

12.1.5 Cross-Border Users
Where users are located outside India (including the European Economic Area), IVY NEST ensures that processing is carried out in accordance with applicable international data-transfer safeguards and lawful bases recognised under the relevant jurisdiction, without limiting compliance under Indian law.

For any clarification regarding the legal basis of processing, users may contact grievance@ivynestapartments.com.

13. MARKETING COMMUNICATIONS & USER PREFERENCES

13.1 Marketing Communications

Subject to applicable law and user consent, IVY NEST may use Personal Data to communicate with users via:

• email,
• telephone calls,
• SMS,
• application notifications (including push notifications),
• social media platforms,
• postal communications (where applicable).

Such communications may relate to platform updates, service offerings, promotions, recommendations, surveys, or user engagement initiatives.

13.2 Profiling and Preference Analysis

IVY NEST may use automated tools and analytics to understand user preferences, interests, and usage behaviour in order to:

• personalise content and recommendations;
• improve relevance of communications;
• enhance service delivery and user experience.

Profiling is conducted in a proportionate manner and does not produce legal or similarly significant effects without lawful justification or consent, as required under the Digital Personal Data Protection Act, 2025.

13.3 User Control and Unsubscription

Users may withdraw consent or modify marketing preferences at any time by:

• clicking the “unsubscribe” link included in marketing emails;
• adjusting application or device notification settings;
• contacting accounts@ivynestapartments.com for preference updates;
• contacting grievance@ivynestapartments.com to object to profiling for direct marketing.

14. MARKETING OPT-OUTS & ADVERTISING CONTROLS

14.1 Consent-Based Marketing

IVY NEST does not send unsolicited promotional communications without user consent. Even where consent has been provided, users retain the right to opt out at any time.

Notwithstanding an opt-out, IVY NEST may continue to send essential service-related communications, including account notices, booking confirmations, security alerts, and statutory disclosures.

14.2 Browser-Specific Opt-Outs

Certain opt-out mechanisms are browser-specific. Users may be required to set preferences separately for each browser or device used.

14.3 Interest-Based Advertising Controls

Users may opt out of personalised advertising delivered by third-party advertising partners through the following industry-recognised platforms:

• Network Advertising Initiative (NAI): http://www.networkadvertising.org/choices/
• European Digital Advertising Alliance (EDAA): http://www.youronlinechoices.com/
• Digital Advertising Alliance (DAA): http://optout.aboutads.info/?c=2&lang=EN

Opt-out cookies are browser-specific and may need to be reset if cookies are deleted or browsers are changed.

14.4 Mobile Device Controls

Users may manage interest-based advertising preferences directly through their device settings, including:

• Android: “Opt out of Ads Personalization” or “Opt out of Interest-Based Ads”
• iOS: “Limit Ad Tracking” or equivalent privacy settings

15. TRANSFER OF PERSONAL DATA (INCLUDING CROSS-BORDER TRANSFERS)

15.1 Processing Locations

Your information, including Personal Data, is processed at IVY NEST’s operating offices and at other locations where its affiliates, service providers, or data processors are situated. Consequently, such information may be transferred to, stored on, or accessed from computer systems located outside your state, province, or country of residence, where data-protection laws may differ from those applicable in your jurisdiction.

15.2 Consent to Transfer

By accepting this Privacy Policy and submitting your Personal Data, you expressly consent to the transfer, storage, and processing of such data in accordance with this Policy and applicable law.

15.3 Safeguards for Transfers

IVY NEST undertakes all reasonable and appropriate technical, organisational, and contractual measures to ensure that Personal Data transferred across jurisdictions is processed securely, lawfully, and in accordance with this Privacy Policy. No transfer of Personal Data shall take place unless adequate safeguards are in place to protect such data against unauthorised access, misuse, or loss.

15.4 Global Information Systems

IVY NEST operates global information systems and may transfer Personal Data to jurisdictions outside the user’s country of residence, including India, for the purposes described in this Privacy Policy. Certain jurisdictions outside the European Economic Area (EEA) may not provide an equivalent level of data protection as recognised under EU law.

15.5 International Safeguards

Where international transfers are undertaken, IVY NEST ensures appropriate safeguards, which may include contractual protections, access controls, encryption, and internal compliance frameworks. Additional information regarding such safeguards may be requested by contacting accounts@ivynestapartments.com.

All cross-border transfers are carried out in compliance with:

• the Digital Personal Data Protection Act, 2025,
• the Information Technology Act, 2000, and
• other applicable Indian and international data-protection laws.

16. SHARING AND DISCLOSURE OF PERSONAL INFORMATION

16.1 Third-Party Service Providers

IVY NEST may share Personal Information with third-party service providers strictly on a need-to-know basis to facilitate platform operations, including but not limited to:

• cloud hosting and infrastructure services,
• payment processing and financial services,
• communication, email, and notification services,
• analytics and system monitoring,
• customer support and operational tools.

Such service providers may include, without limitation: Amazon Web Services, Inc., SendGrid, Inc., Twilio, Inc., Slack Technologies, Inc., Segment.io, Inc.

All such disclosures are governed by contractual confidentiality and data-protection obligations.

16.2 Payment Processing

IVY NEST currently utilises Stripe, Inc. for payment processing and reserves the right to change payment service providers at its sole discretion. While IVY NEST complies with applicable PCI-DSS standards and industry-accepted security practices, users acknowledge that payment information is also governed by the payment processor’s own privacy policies.

Users are strongly advised to review the privacy policy of any payment processor before submitting payment information.

16.3 Permitted Disclosures

Personal Information may be disclosed in the following circumstances:

16.3.1 With User Consent
Where the user has expressly agreed to such disclosure.

16.3.2 Business Customers and Marketing
Where business users have consented to receive IVY NEST communications. Consumer Personal Data is not shared for third-party marketing purposes without explicit consent.

16.3.3 Legal Compliance
Where disclosure is required pursuant to applicable law, regulation, subpoena, court order, or lawful governmental request.

16.3.4 Protection and Enforcement
Where disclosure is necessary to prevent fraud, investigate security incidents, protect IVY NEST’s rights or property, enforce contractual terms, or ensure the safety of users or the public.

16.3.5 Corporate Transactions
In the event of a merger, acquisition, restructuring, asset sale, or similar transaction, Personal Information may be transferred as part of the business assets.

16.4 Testimonials and Endorsements

IVY NEST may display testimonials or endorsements on its platform with the user’s consent. Users may request modification or removal of such testimonials by contacting grievance@ivynestapartments.com.

16.5 Anonymous and Aggregated Data

IVY NEST may transfer anonymised or aggregated information in connection with corporate restructuring, sale, or assignment of business assets, provided such data does not directly identify individuals.

16.6 No Sale of Personal Data

IVY NEST does not sell or trade Personal Information. Disclosure of identifiable data occurs only in the limited circumstances set out in this Policy, including:

• compliance with law,
• legal proceedings,
• protection of rights and safety,
• prevention of unlawful or unethical activity,
• user consent or direction.

16.7 Third-Party Content and Advertising

Certain elements on the platform, including sponsored links or advertisements, may be supplied by third parties under contractual arrangements. Limited Personal Information may be shared to facilitate such services, including compliance with Google API Services User Data Policy
(https://developers.google.com/terms/api-services-user-data-policy).

Users may remove content they have shared using platform tools or by contacting grievance@ivynestapartments.com for assistance.

17. CONNECTING EMAIL ACCOUNTS AND SOCIAL MEDIA INTEGRATIONS

17.1 Voluntary Email Account Connectivity

You may voluntarily provide explicit and informed consent to connect one or more of your email accounts to your IVY NEST account. Upon such connection, the IVY NEST website and/or mobile application shall access and analyse only such limited and relevant email data as is strictly necessary for the provision of IVY NEST services.

IVY NEST does not store email message content, headers, bodies, attachments, or metadata in raw form. Email access is used solely for automated scanning and immediate extraction of service-relevant information, which is displayed to you in real time.

17.2 Scope and Nature of Email Access

Access to your email account is strictly read-only, unless you separately and expressly grant additional permissions. IVY NEST does not alter, modify, send, delete, or manipulate your email messages in any manner.

Where enabled, the IVY NEST platform may analyse emails received from a restricted whitelist of verified third-party senders (such as service providers or financial institutions) solely for identifying documents or records relevant to services availed by you (including account statements, booking confirmations, or transaction-linked communications). Extracted information is securely stored within your IVY NEST account for your reference.

17.3 Authorisation and Security

Email access is authorised exclusively through the official access mechanisms of the respective email service providers. All extracted information is processed and stored using appropriate technical and organisational safeguards consistent with applicable data-protection laws.

17.4 User Control and De-Linking

You retain complete control over email integrations. You may connect or de-link any email account at any time through the IVY NEST website or application. For example, Google Mail permissions may be managed at: https://myaccount.google.com/permissions. De-linking shall immediately revoke IVY NEST’s access to the relevant email account.

17.5 Google API Access and Data Use

Where Google services are used, IVY NEST accesses Google user data exclusively through officially supported Google APIs and limited scopes, including: email, profile, OpenID, and Gmail read-only.
The only Google user data stored is the email address and basic profile information necessary for account identification. No Google user data is shared with any third party under any circumstances.

17.6 Social Media and Third-Party Logins

You may choose to access or log in to IVY NEST services using third-party social networking platforms such as Facebook, Twitter, or Instagram. Any Personal Information shared with such platforms is governed solely by the privacy policies of the respective third-party services. IVY NEST does not control, endorse, or assume responsibility for the data practices of such platforms.

18. DATA RETENTION

18.1 Retention Principles

IVY NEST retains Personal Information only for so long as is necessary to fulfil legitimate business purposes, comply with applicable legal obligations, resolve disputes, and enforce contractual rights.

18.2 Deletion and Anonymisation

Where Personal Information is no longer required for the purposes stated in this Privacy Policy, such information shall be securely deleted or irreversibly anonymised. Where immediate deletion is not technically feasible, the data shall be securely stored and isolated from further processing until deletion is possible.

All retention and deletion practices are conducted in accordance with the Digital Personal Data Protection Act, 2025, the Information Technology Act, 2000, and applicable rules thereunder.

19. PRIVACY OF CHILDREN

19.1 Age Restriction

IVY NEST does not knowingly solicit, collect, or process Personal Information from children under the age of 16 years, in compliance with applicable data-protection and child-safety laws.

19.2 Parental Notification and Removal

If a parent or legal guardian becomes aware that a child has provided Personal Information to IVY NEST without appropriate consent, such parent or guardian may contact IVY NEST at grievance@ivynestapartments.com. Upon verification, IVY NEST shall take reasonable steps to promptly delete such information from its records.

20. SECURITY OF PERSONAL DATA AND DATA PRINCIPAL RIGHTS

20.1 Information Security Measures

The security of your Personal Data is of paramount importance to IVY NEST. Your Personal Information is stored on secure servers protected by appropriate technical, administrative, and organisational safeguards, and access is restricted to authorised personnel strictly on a need-to-know basis.

All promotional, referral, and access codes are generated as randomised alphanumeric sequences and are encrypted. Notwithstanding the foregoing safeguards, you acknowledge that no method of electronic transmission or storage is completely secure, and IVY NEST cannot guarantee absolute security of Personal Data. You are advised to maintain the confidentiality of your login credentials and not share your password with any third party.

20.2 Right to Erasure / Deletion of Personal Data

Subject to applicable law, you have the right to request deletion or erasure of your Personal Data. Upon receipt and verification of such request, IVY NEST shall delete or anonymise your Personal Data and shall direct its service providers to do the same, unless retention is required or permitted under law.

Deletion requests may be lawfully denied or restricted where retention of data is necessary to:

a) Perform contractual obligations, complete transactions, or provide services requested by you;
b) Detect, prevent, investigate, or respond to security incidents, fraud, or unlawful activity;
c) Debug, maintain, or improve platform functionality;
d) Comply with statutory, regulatory, or judicial obligations under Indian law;
e) Protect the legal rights, safety, or property of IVY NEST, its users, or the public;
f) Retain data for internal uses reasonably aligned with user expectations and lawful business operations; or
g) Any other lawful purpose compatible with the context in which the data was provided.

All deletion and retention practices are governed by the Digital Personal Data Protection Act, 2025, the Information Technology Act, 2000, and applicable rules framed thereunder.

21. CHANGES TO THIS PRIVACY POLICY

21.1 Policy Updates

IVY NEST reserves the right to modify, amend, or update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or technological developments.

21.2 Notice of Changes

Material changes to this Privacy Policy shall be notified by updating the “Last Updated” date and, where appropriate, by providing notice via email or a prominent notice on the Platform prior to such changes taking effect.

21.3 User Responsibility

You are advised to review this Privacy Policy periodically. Continued use of the Platform after the effective date of any revised Privacy Policy shall constitute your acceptance of such changes.

22. CONTACT INFORMATION & GRIEVANCE REDRESSAL

22.1 Contact Details

If you have any questions, concerns, or requests relating to this Privacy Policy, the processing of your Personal Data, or your rights under applicable law, you may contact IVY NEST at:

IVY Nest Apartments
Email: grievance@ivynestapartments.com
Website: https://ivynestapartments.com

22.2 Grievance Redressal

Any grievance relating to the collection, use, storage, or processing of Personal Data shall be addressed in accordance with the grievance redressal mechanism prescribed under the Digital Personal Data Protection Act, 2025, the Information Technology Act, 2000, and the Consumer Protection (E-Commerce) Rules, 2020. IVY NEST shall endeavour to resolve all valid grievances within the statutory timelines.