Privacy Policy
PMS by Saskey · effective 22 May 2026
PMS by Saskey ("the app", "we") is a hotel management system used by hotel staff to manage
rooms, bookings, housekeeping, and maintenance. This policy explains what data we collect
when you use the app or website at pms.saskey.in.
Who this applies to
The app is for hotel staff (admin, manager, receptionist, housekeeping, maintenance) only.
Hotel guests do not have accounts. Guest data is captured by staff during the booking,
check-in, and folio workflow.
What we collect
From staff users
- Name, email, role, and an encrypted (bcrypt-hashed) password.
- Login activity (last login timestamp).
- On mobile: a device push token (Expo / FCM / APNs) so we can deliver task notifications.
- On mobile: a long-lived refresh token (kept in the device's secure keychain) so staff don't have to log in every day.
- On mobile: device model, OS version, and a session identifier — used to label active sessions in case a phone is lost.
About guests (entered by staff, not the guest)
- Name, phone, email, address, ID number and type (Aadhar / passport / etc), nationality, GSTIN if applicable.
- Stay dates, room assignment, room rate, payment records.
- Any service requests or maintenance reports staff log against the booking.
How we use the data
- To operate the hotel — assign rooms, track stays, generate invoices, file GST.
- To send push notifications to staff phones for task assignments and shift events.
- To produce financial reports the hotel owner needs (P&L, Balance Sheet, GSTR).
- We do not sell data. We do not show advertising. We do not share data with third parties
except as required for the service (e.g. the push notification provider, Expo) or as
required by Indian law.
Where the data lives
All data is stored in a Supabase Postgres instance (hosted on AWS in Mumbai region) and
backed up to encrypted snapshots. The mobile app talks to our API at
pms-api.saskey.in over HTTPS. Push tokens are sent to Expo's notification
service (a Google FCM / Apple APNs relay).
Permissions the app asks for
- Notifications — to deliver task assignments and ticket alerts. You can
deny this; the app still works but you'll need to manually open it to see new work.
- Network — to reach our API.
- The app does NOT request access to your camera, microphone, contacts, calendar,
location, photos, or any other device data.
Data retention
- Guest records are retained for the duration of the property's relationship with the
guest plus any retention period required by Indian tax / hospitality law (currently 8
years for GST records).
- Staff accounts can be deactivated by the property's admin at any time. Refresh tokens
for that staff member are immediately revoked.
- Push tokens are deleted when staff sign out or when Expo reports them as invalid.
Children's data
The app is for hotel staff. We do not knowingly collect data from anyone under 18 as a
user. Guest records may include children's names as part of a booking (parent staying with
minor) — these are handled with the same protections as any other guest record.
Your rights (under DPDP Act 2023)
As a staff user, you can ask your property's admin to remove your account. You can also
email us directly at the address below. As a guest whose data was entered into PMS by a
property, your contact point is the property itself — they control your record. We are
the data processor; they are the data fiduciary.
Contact
Saskey Technologies (operator of PMS)
Email: aramu3112@gmail.com
Address: 103/A Raja Colony, Trichy, Tamil Nadu 620001, India.
Changes to this policy
We'll update this page if our practices change. Material changes will bump the "effective"
date at the top.