Data Protection & Security Practices
Last updated: September 8, 2025
At Livista360.ai, operated by Livista360 AI Private Limited, protecting your data and safeguarding platform integrity are core commitments. This page explains—in plain language—how we secure your information, prevent fraud, and how you can stay safe while using our services.
1. Purpose & Scope
These practices apply to all users of Livista360.ai (buyers, sellers, builders, agents, vendors, contractors) across our web and mobile interfaces, covering identity data, listing data, documents, payments, and communications. This page complements (and does not replace) our Terms & Conditions and Privacy Policy.
2. Our Security Principles
- Privacy by design: We collect only what we need to provide and improve the service.
- Defense in depth: Multiple, layered controls (encryption, verification, manual checks, AI, access controls).
- Transparency: Clear explanations of what we collect, how we use it, and when we share it.
- User control: You can access, correct, and delete your data (as per our Privacy Policy).
3. Encryption & Data Protection
- Data in transit: All traffic between your device and Livista360.ai uses SSL (HTTPS) to prevent interception.
- Data at rest: Personal information and any verification documents are stored using encryption.
- Key management: Encryption keys are safeguarded using industry-standard controls.
- Secrets handling: Access tokens, credentials, and webhook secrets are stored securely and rotated when needed.
Important: We do not sell user data. We also do not collect device/browser fingerprinting beyond what's essential for security and performance.
4. Verification & Authentication
- OTP & Email Verification: We use OTP and email verification to ensure real users and prevent automated abuse.
- KYC for Partners: Builders, agents, and vendors may be required to submit KYC/ID proof and business documents before their profiles, listings, or campaigns go live.
- Session protection: Session tokens are safeguarded; suspicious login patterns can trigger re-verification.
- Passwords (if used): Where applicable, passwords are stored using industry-standard hashing (never in plain text).
5. Fraud & Spam Prevention
- Manual moderation: Every property listing is manually reviewed by our admin team, typically within 24–48 hours.
- AI detection: Our AI systems analyze patterns to flag fake listings, duplicates, and suspicious activity for review.
- Repeat violations: Accounts that repeatedly violate policies may be permanently blocked.
- Audit trail: We maintain internal logs of moderation actions to ensure accountability and continuous improvement.
6. Payment Security
- Trusted gateways: All payments and refunds are processed via reputed payment gateways (e.g., Razorpay/PayU/Stripe or equivalent) which comply with PCI-DSS standards.
- No card storage: We never store your card or bank details on Livista360.ai servers.
- Refunds: When refunds are issued, we share only the minimum necessary details with the payment gateway to complete the transaction.
- Webhook security: Gateway callbacks are validated using signed secrets and strict verification.
7. Access Controls & Staff Practices
- Least privilege: Internal access to user data is strictly role-based and limited to authorized personnel who need it to perform their duties.
- Training & awareness: Staff handling sensitive processes receive security and privacy training.
- Reviews: Access rights and logs are periodically reviewed; anomalies are investigated.
8. Infrastructure Protection & Monitoring
- Hardened hosting: Our infrastructure uses standard protections (firewalls, network segmentation, rate limiting).
- Patching & updates: Critical systems are patched on a regular cadence.
- Monitoring: Availability, errors, and suspicious events are monitored; alerts are triaged by the admin team.
- Backups: Encrypted backups help with disaster recovery; restores are tested periodically.
9. Data Retention, Deletion & Backups
- Account deletion: You can delete your account from My Profile or by emailing support@livista360.com.
- 30-day window: Deleted accounts remain inactive for 30 days (to allow recovery upon re-login). After this, data is permanently deleted, subject to legal or compliance holds.
- Backups: Backups containing your data are encrypted and follow the same retention controls; they age-out or are overwritten per policy.
- KYC/documents: Verification documents are encrypted and retained only as long as required for compliance, dispute resolution, or fraud prevention.
10. Cookies & Local Storage
- Purpose: We use cookies and localStorage to keep you logged in securely, remember preferences, support AI-powered recommendations, and measure performance.
- Control: You may disable cookies in your browser, though some features may not function properly without them.
- No sale of data: Analytics is used to improve the service; we do not sell tracking data.
11. Transparency & Data Sharing (When It Happens)
We do not share your data for third-party marketing. We only share data in these cases:
- You choose to connect with a builder/agent/vendor/contractor—then we share only the relevant enquiry details.
- Payments & refunds—we share the minimum details required by payment gateways to process transactions.
- Legal or safety reasons—we may share data with authorities to investigate fraud, disputes, or unlawful activity.
- Operational vendors under contract—where strictly necessary to deliver features you use, under confidentiality and security obligations.
12. User Safety Guidelines (Please Read)
To help keep your experience safe:
- Never share OTPs or passwords with anyone—even if they claim to be from Livista360.
- Verify property ownership and documents independently before paying any amount.
- Meet in safe, public places and use secure payment methods.
- Report suspicious listings, users, or messages to support@livista360.com with screenshots or links.
- Beware of unrealistic offers and pressure tactics; take your time to review.
13. Reporting & Support
- Fraud reporting channel: Email support@livista360.com with the subject line "Fraud Report" and include listing links, user IDs, phone/email, payment receipts, and any screenshots.
- How we respond: We acknowledge receipt, review the case, take necessary actions (suspension/ban), and, where applicable, assist law enforcement with verified information.
- Priority handling: Threats to user safety, financial loss, or platform integrity are prioritized.
14. Incident Response & Notifications
If we detect a security incident:
- Contain & assess the event to limit impact.
- Investigate & remediate the root cause.
- Notify affected users and/or authorities as required by law, providing guidance (e.g., password resets, re-verification) where relevant.
- Post-mortem & improvements to prevent recurrence.
15. Vendor & Third-Party Onboarding
- Due diligence: Partners (payment processors, verification tools, communication providers) undergo suitability and security reviews.
- Contracts & obligations: Vendors operate under confidentiality and data-protection obligations aligned with our policies.
- Responsibility: Third-party onboarding of builders/agents/vendors is carried out by Livista360 with validation steps to ensure authenticity and compliance.
16. Age Restrictions
Livista360.ai is for users 18+ only. If we learn we've inadvertently processed data for a minor, we will delete it on request and block access.
17. International Expansion
We currently operate in India. As we expand internationally, we will update our controls and notices to align with relevant regulations (e.g., GDPR/CCPA) and reflect any region-specific rights.
18. Changes to These Practices
We may update this page as our services and regulations evolve. We will notify users of significant changes (email/in-app). Continued use after updates signifies acceptance.
Quick FAQ
Q1. How is my data protected?
Data is encrypted in transit (HTTPS) and at rest. Access is restricted by role, and verification documents are encrypted and stored securely.
Q2. Do you store my card information?
No. Payments are handled by PCI-DSS compliant gateways; we never store your card/bank details.
Q3. What happens if a listing looks fake?
Our AI flags it for review; admins investigate within the moderation window. Repeat violators are blocked.
Q4. Can I delete my account and data?
Yes. Delete from My Profile or email support. Your account is inactive for 30 days (in case you change your mind). After that, it's permanently deleted unless legally required to retain certain records.
Q5. When do you share my data?
Only (a) when you request to connect with a partner, (b) to process payments/refunds, or (c) if required by law to prevent or investigate fraud or illegal activity.