Nishmira Technologies

Privacy Notice

Effective Date: August 9, 2025

General Information  

1. Introduction  

Nishmira Technologies Private Limited (“we,” “us,” or “our”), a company incorporated under the laws of India, is committed to protecting the privacy of users of Shamixo FM, our Computer-Aided Facility Management (CAFM) Software-as-a-Service platform (“Service”). Shamixo FM is accessible via our web application, Android app, and iOS app, designed to empower facility management companies worldwide with tools for hierarchical location management, asset management, preventive and corrective maintenance, store management, user and role management, real-time monitoring, and reporting.

This Privacy Notice explains how we collect, use, disclose, store, and protect your personal information when you use the Service. It applies to all users, including facility managers, employees, and other authorized personnel of facility management companies that subscribe to Shamixo FM. By accessing or using the Service, you agree to the practices described in this notice.

2. Scope of This Privacy Notice  

This Privacy Notice covers the processing of personal information through the Shamixo FM web app, Android app, and iOS app, which operate as a unified service. It applies to all data collected from users globally, regardless of their location, and is designed to comply with applicable privacy laws, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and India’s Digital Personal Data Protection Act, 2023 (DPDP Act). This notice does not apply to third-party services linked from our platform, which have their own privacy policies.

Data Collection and Use  

3. Information We Collect  

We collect the following categories of information to provide and improve the Service:

Personal Information  

  • Account Information: Name, email address, phone number, job title, employee ID, and organization details provided during account registration or by your organization’s super admin.
  • Biometric Data: For users opting into biometric login on the Android or iOS app, we collect fingerprint or facial recognition data, processed securely on your device and not stored on our servers.
  • Payment Information: Billing details, such as credit card or bank account information, collected via third-party payment processors (Paddle, PayPal) when you subscribe to the Service.
  • User-Generated Content: Data you input, such as facility records, maintenance schedules, asset details (e.g., equipment serial numbers, model numbers), building blueprints, layouts, and images of assets or equipment.

Usage Data  

  • Device Information: IP address, device type, operating system, browser type, app version, and unique device identifiers.
  • Geolocation Data: Precise geolocation data from your mobile device’s GPS (with your consent) for field work features, such as tracking maintenance tasks or asset locations, and approximate location based on IP address.
  • Interaction Data: Pages visited, features used, time spent on the Service, and clickstream data to understand user interactions.
  • IoT Sensor Data: Data from connected IoT devices, such as environmental sensors or equipment monitors, to support real-time monitoring and predictive maintenance.

Automatically Collected Data  

  • Cookies and Tracking: Information collected via cookies, LocalStorage, and Google Analytics for session management, analytics, and performance optimization (see Section 10).
  • Analytics Data: Aggregated data on user interactions to improve functionality and generate insights, such as performance KPIs or predictive maintenance analytics.

4. How We Collect Information  

We collect information through the following methods:

  • Directly from You: When you create an account, input facility management data, upload blueprints or images, or contact our support team.
  • Automatically: Through your interactions with the Service, including web and mobile app usage, cookies, LocalStorage, and Google Analytics.
  • From IoT Devices: When you integrate IoT sensors with Shamixo FM for real-time monitoring or predictive maintenance.
  • From Third Parties: From your organization’s super admin (who may provide your account details), payment processors (Paddle, PayPal), or hosting/storage providers (GoDaddy, Cloudflare R2).

5. How We Use Your Information  

We use your information for the following purposes:

  • Service Delivery: To provide, operate, and maintain Shamixo FM, including managing hierarchical locations, assets, maintenance schedules, stores, and user roles.
  • Real-Time Monitoring and Analytics: To enable real-time monitoring of facilities and generate automated reports, such as maintenance schedules or performance KPIs.
  • Predictive Maintenance: To analyze IoT sensor data and user-generated content for predictive maintenance insights (with AI-driven insights planned for future implementation).
  • Account Management: To authenticate users, manage subscriptions, and process payments via third-party processors.
  • Communication: To send service-related notifications (e.g., maintenance alerts, subscription updates) via email or in-app push notifications and respond to support inquiries.
  • Improvement and Development: To analyze usage patterns, enhance user experience, and develop new features, such as AI-driven analytics.
  • Security and Compliance: To detect and prevent fraud, unauthorized access, or other malicious activities and ensure compliance with legal obligations.
  • Personalization: To tailor the Service to your preferences, such as customizing dashboards or reports based on your role or organization.

Data Sharing and Storage  

6. How We Share Your Information  

We do not share your personal information with other clients or unrelated third parties except in the following circumstances:

  • Service Providers: We share data with trusted third-party providers to operate the Service, including:
  • GoDaddy: For cloud hosting of the Service and data storage.
  • Cloudflare R2: For secure storage of user-generated content, such as blueprints and images.
  • Paddle and PayPal: For processing subscription payments.
  • Google Analytics: For analyzing user interactions to improve the Service.
  • Legal Obligations: We may disclose information if required by law, regulation, or legal process (e.g., court orders, subpoenas) or to protect our rights, property, or safety.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to a successor entity, subject to equivalent privacy protections.
  • With Your Consent: We may share data with other parties if you explicitly consent, such as sharing maintenance reports with your organization’s contractors.

Your organization’s data (e.g., facility records, asset details) is isolated from other clients’ data, ensuring no cross-client sharing occurs.

7. Data Retention  

We retain your personal information for as long as your organization maintains an active contract with us to provide the Service. Specific retention details include:

  • Account and User-Generated Data: Retained during the active subscription period to ensure continuity of service.
  • Archived Data: Upon contract termination, we archive your data for auditing and potential feature enhancement purposes. Archived data is stored securely and anonymized where possible.
  • Deletion Requests: Your organization’s super admin may request deletion of user data via the Service’s interface. We will delete data within 30 days of such a request, unless retention is required for legal or auditing purposes.
  • Payment Data: Payment details are managed by third-party processors (Paddle, PayPal) and are not stored on our servers beyond what is necessary for transaction processing.
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely to improve the Service.

8. International Data Transfers  

As a global service, Shamixo FM may store or process data on servers located outside India, such as in Singapore, via GoDaddy’s cloud hosting infrastructure. We implement safeguards to protect your data during international transfers, including:

  • Standard Contractual Clauses (SCCs): For transfers to jurisdictions without adequate data protection laws, we use SCCs approved by the European Commission or equivalent mechanisms.
  • Data Minimization: We transfer only the data necessary for the Service’s operation.
  • Security Measures: All data transfers are encrypted using industry-standard protocols (e.g., TLS 1.3).

If you are located in the European Economic Area (EEA), United Kingdom, or other regions with strict data transfer regulations, we ensure compliance with applicable requirements.

User Rights and Controls  

9. Your Privacy Rights  

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Deletion: Request deletion of your data, subject to legal or contractual retention requirements.
  • Portability: Receive your data in a structured, commonly used, and machine-readable format.
  • Objection: Object to certain processing activities, such as analytics, where applicable.
  • Restriction: Restrict processing of your data under specific circumstances.
  • Withdraw Consent: Withdraw consent for processing (e.g., geolocation or biometric data) at any time, without affecting the lawfulness of prior processing.

To exercise these rights, your organization’s super admin must submit a request via the Shamixo FM interface or by contacting us at [email protected]. We will respond within 30 days (or as required by applicable law). Note that only super admins can manage user data deletion or portability for their organization’s accounts, as per our role-based access controls.

10. Cookies and Tracking Technologies  

We use cookies, LocalStorage, and Google Analytics to enhance your experience on the web app:

  • Essential Cookies: Required for session management, authentication, and core functionality of the Service.
  • Analytics Cookies: Used by Google Analytics to collect anonymized data on user interactions, such as pages visited and time spent, to improve performance and usability.
  • LocalStorage: Stores user preferences and session data to maintain continuity across sessions.

You can manage cookie preferences via your browser settings. Disabling essential cookies may impair the Service’s functionality. Our mobile apps use push notifications for CAFM-related alerts (e.g., maintenance reminders) but do not employ additional tracking features.

For more details, please review our Cookie Policy, accessible within the Shamixo FM interface.

11. Third-Party Services  

Shamixo FM integrates with the following third-party services, which may process your data under their own privacy policies:

  • GoDaddy: Hosts our servers and stores data, including user-generated content.
  • Cloudflare R2: Provides secure storage for blueprints, images, and other large files.
  • Paddle and PayPal: Process subscription payments and collect billing information.
  • Google Analytics: Analyzes user interactions to inform service improvements.

We ensure that all third-party providers adhere to strict data protection standards. Links to their privacy policies are available within the Service.

Security and Compliance  

12. Data Security  

We implement robust security measures to protect your data, including:

  • Encryption: Data is encrypted in transit (using TLS 1.3) and at rest (using AES-256) on GoDaddy and Cloudflare R2 servers.
  • Access Controls: Role-based access ensures only authorized users (e.g., super admins, facility managers) can access specific data, enforced via our user and role management module.
  • Regular Security Audits: We conduct periodic audits to identify and mitigate vulnerabilities.
  • Industry Standards: Shamixo FM complies with ISO 27001, a globally recognized information security management standard, to ensure best practices in data protection.

Despite these measures, no system is completely secure. We promptly notify users of any data breaches, as required by law.

13. Children’s Privacy  

Shamixo FM is designed for professional use by facility management companies and does not knowingly collect or process personal data from individuals under 16 years of age. If we discover that a minor’s data has been collected, we will delete it immediately and take steps to prevent future occurrences.

14. Changes to This Privacy Notice  

We may update this Privacy Notice to reflect changes in our practices, legal requirements, or Service features. We will notify you of material changes via email and in-app notifications at least 30 days before they take effect. The updated notice will be posted on the Shamixo FM web app and mobile apps, with the new effective date clearly indicated.

Contact and Support  

15. Contact Us  

For questions, concerns, or requests regarding your personal information or this Privacy Notice, please contact us at:

Email: [email protected]
Physical Address: Nishmira Technologies Private Limited, 27, Rd 4, East Singhbhum, 832110, IndiaWe aim to respond to all inquiries within 30 days. If you are not satisfied with our response, you may contact your local data protection authority (e.g., the Data Protection Authority of India for Indian residents or the Information Commissioner’s Office for UK residents).