Privacy Policy

1. Who we are

Royal Ticket is a multi-tenant SaaS product. The "platform operator" is RoyalPOS. The "tenant" is the lot operator who uses Royal Ticket to run their business. If you visited a venue that uses Royal Ticket, the tenant — not RoyalPOS — is the controller of your ticket data.

2. What we collect

From parking-lot operators (tenants)

• Company name, contact email, phone, GST number (optional)
• Operator accounts: name, email, phone, password (hashed)
• Location, billing-rule, and printer configuration you create
• Tickets, payments, and reports your operators generate
• Device identifiers + IP for the mobile app's sync trail

From lot customers (people who park)

• Vehicle number (when entered or auto-detected by camera OCR)
• Driver phone (optional, when supplied)
• Entry / exit timestamps, charges, and payment mode

From website visitors

• Lead-form submissions: name, email, phone (optional), city, location count
• IP address, browser user-agent, referrer URL — for spam filtering only
• Cookies for session management on /admin and /app (no advertising cookies)

3. Why we collect it

• To deliver the service — login, sync, billing, receipts, reports
• To respond to enquiries — when you submit the lead form, we contact you about a possible plan
• To improve the product — aggregated, anonymous usage signals only
• To meet legal obligations — tax records, subscription invoicing

We do not sell your data. We do not share it with advertisers. We do not use customer or operator data to train AI models.

4. How long we keep it

• Tickets & payments: retained as long as the tenant's account is active, plus 7 years for tax compliance
• User accounts: retained while active; disabled accounts purged after 24 months of inactivity
• Lead-form submissions: kept up to 24 months unless you ask earlier deletion
• Server logs: 90 days rolling

5. How we store it

• Each tenant company gets its own isolated MySQL database
• Passwords are hashed using bcrypt — never stored in plain text
• API tokens (Sanctum) are stored hashed
• Data is hosted in India (parking.royalcrm.in)
• Daily encrypted backups are retained for 14 days

6. Who we share data with

We do not share your personal data except:

• Payment processors — when you (a tenant) pay for your subscription, billing info is shared with the payment gateway only as required to complete the transaction
• Hosting infrastructure — our cloud provider holds encrypted data at rest
• Legal compliance — when required by Indian law or a valid court order

7. Cookies & trackers

We use functional cookies only for keeping you logged into the admin panels. We do not use advertising or behavioural-tracking cookies. The lead form uses browser localStorage to remember whether you have already dismissed it (a single flag — no tracking).

8. Your rights

Under DPDP 2023 and similar laws you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to be forgotten") — subject to legal retention rules
• Withdraw consent for marketing communication at any time
• Lodge a complaint with the Indian Data Protection Board

To exercise any of these rights, write to support@royalcrm.in with the subject line "Privacy request". We respond within 30 days.

9. Children

Royal Ticket is a B2B product not intended for use by anyone under 18. We do not knowingly collect data from minors.

10. Changes to this policy

We may update this page when we change the product or the law changes. Material changes will be notified via email to all tenant admins. The "Last updated" date above is your authoritative reference.

11. Contact

Questions, requests, or complaints:
Email: support@royalcrm.in
Website: parking.royalcrm.in

This policy is provided in good faith and is not legal advice. For questions that require a binding interpretation, consult a qualified lawyer in your jurisdiction.