
Data Processing Policy
How UROSECURE processes personal data on behalf of your organisation as a compliant data processor.
Last Updated: 6 July 2026
01.Overview
This Data Processing Policy governs how Europa Technosoft Pvt. Ltd. ("UROSECURE") processes personal data on behalf of client organisations ("Data Fiduciaries") who use our entry security platform. UROSECURE acts as a Data Processor under a written agreement with each client, in line with applicable data protection laws including India's Digital Personal Data Protection Act, 2023 ("DPDP Act"). Individuals whose data is processed (visitors, hosts, staff) are "Data Principals". We process personal data only on the documented instructions of the client Data Fiduciary and for the purposes set out below.
02.Categories of Data Processed
- Visitor identity: full name, photograph, contact number, government ID type and number.
- Visit metadata: date, time, entry point, purpose of visit, host name, duration, and exit time.
- Behavioural data: visit frequency, access patterns, and AI-generated risk scores.
- USOP Passport data: persistent visitor profile linked across multiple registered organisations.
- Staff and host data: names, designations, and contact details of personnel using SecureMe.
- Device and access logs: IP addresses and timestamps from UroCloud dashboard access.
03.Processing Purposes
- Visitor registration and identity verification at UROGuard entry consoles.
- Real-time host notification and visitor approval via SecureMe.
- Generation of entry logs, attendance records, and security reports.
- AI-powered anomaly detection and behaviour pattern analysis.
- Long-term record storage for compliance, audit, and investigation purposes.
- Cross-organisation visitor identity verification via USOP Passport (only where enabled).
04.Data Retention
Data is retained based on the following schedule: • Visitor entry records: 10 years (configurable by organisation) • Photographs: 5 years from date of visit • AI behaviour profiles: 3 years from last visit • Dashboard access logs: 1 year • Deleted accounts: purged within 30 days of termination request Organisations may configure shorter retention periods from the UroCloud dashboard at any time.
05.Sub-Processors
- Cloud infrastructure: Secure data centre providers operating within India.
- SMS gateway: For SecureMe OTP and notification delivery.
- Email service: For dashboard alerts and report delivery.
- All sub-processors are bound by data processing agreements with equivalent protections to this policy.
06.Data Transfers
All data is stored and processed within India by default. Cross-border transfers are not performed unless explicitly enabled by the client organisation and compliant with applicable law. UROSECURE will notify clients before implementing any change to data residency.
07.Security Measures
- AES-256 encryption at rest for all stored visitor and organisational data.
- TLS 1.3 for all data transmitted between UROGuard, SecureMe, and UroCloud.
- Multi-factor authentication for UroCloud administrator accounts.
- Role-based access control — staff see only data relevant to their role.
- Automated anomaly detection on data access patterns.
- Annual third-party security audits and penetration testing.
08.Children's Data
Where the platform processes data about individuals under 18 (for example, students in the school safety module), the client organisation, as Data Fiduciary, is responsible for obtaining verifiable parental or guardian consent as required by Section 9 of the DPDP Act. UROSECURE does not use children's personal data for behavioural monitoring, profiling for advertising, or targeted advertising. AI analytics are applied to operational security data and are not used to track or profile individual children beyond the campus-safety purpose configured by the institution.
09.Data Principal Rights
When a Data Principal (visitor, host, or staff member) requests access to, correction of, or erasure of their data, the client organisation is the Data Fiduciary responsible for responding. UROSECURE will assist by providing tools in UroCloud to locate, export, or delete individual records within 5 business days of a verified request forwarded by the client.
10.Breach Notification
In the event of a data breach affecting client data, UROSECURE will notify the affected organisation within 72 hours of becoming aware, including the nature of the breach, categories of data affected, estimated number of individuals affected, and measures taken or proposed.
11.Contact
Data Protection queries — Grievance Officer: Mr. Amarjit Singh Europa Technosoft Pvt. Ltd. Office No. G02, C-30, C Block Road, Sector 63, Noida 201309 Email: a.singh@urosecure.com | Phone: +91-9717050201
Questions about this policy?