Privacy Policy – MAP HMS Staff App (KARTA)


Last updated: February 2026

App name: KARTA (MAP HMS Staff)

Publisher: OMAP Services Management Pvt Ltd


This Privacy Policy describes how we collect, use, and protect information when you use the MAP HMS Staff application (Staff App or KARTA) on your mobile device. The app is intended for use by staff of institutions (e.g. guards, wardens, campus managers, rectors, supervisors) that use the MAP HMS platform.


1. Information We Collect


1.1 Information you provide


Phone number – Used to sign in via one-time password (OTP) and to identify you to your institution.

Name, role, employee ID, hostel/tenant – Provided by your institution and displayed in the app (e.g. on your profile). We do not collect this directly from you; it comes from your organisation’s MAP HMS account.


1.2 Information collected automatically


Device and app usage – Such as device type, operating system, and app version, to support login, security, and troubleshooting.

Push notification token – So we can send you alerts (e.g. checklists, emergencies, requests) via Firebase Cloud Messaging. The token is stored on our servers and linked to your account for the duration of your use of the app.


1.3 Information generated through use of the app


Activity related to your role – For example checklist submissions, attendance marking, gate verification, leave/outpass/guest-entry actions, and emergency acknowledgements. This is processed to provide the service to your institution and to maintain records as required by your organisation.


2. How We Use Your Information


We use the information we collect to:


Authenticate you – Verify your identity via OTP and manage your session.

Provide the Staff App services – Show dashboards, checklists, attendance, gate operations, leave/outpass/guest entry, emergencies, and other features according to your role and your institution’s configuration.

Send push notifications – Deliver alerts and updates relevant to your role (e.g. checklist reminders, emergency alerts).

Operate and secure the service – Including troubleshooting, preventing abuse, and complying with applicable law.

Comply with legal and institutional requirements – Where your institution or the law requires processing or retention of data.


We do not use your data for advertising or for selling your personal information to third parties.


3. Legal Basis and Purpose


Contract and legitimate interests – Processing is necessary to perform our contract with your institution and to operate the MAP HMS platform (e.g. authentication, role-based access, notifications).

Legal obligation – Where we must retain or disclose data under law.

Consent – Where we rely on consent (e.g. for push notifications), you can withdraw it in your device settings or by uninstalling the app.


4. Data Sharing and Recipients


Your institution – Your institution (tenant) that uses MAP HMS has access to data related to you and your use of the app (e.g. profile, checklists, attendance, gate logs) as needed to run their operations.

Service providers – We use providers for hosting, SMS (OTP), and push notifications (e.g. Firebase). They process data only as necessary to provide these services.

Legal and safety – We may disclose information if required by law or to protect rights, safety, or property.


We do not sell your personal data.


5. Data Retention


Account and activity data – Retained for as long as your institution uses MAP HMS and as required by your institution’s policies and applicable law.

OTP and session data – Short-lived; OTPs and session tokens are invalidated after use or logout.

Push token – Removed or updated when you log out or uninstall the app.


6. Data Security


We use industry-standard measures to protect your data, including:


Encrypted connections (HTTPS) for data in transit.

Secure storage and access controls on our servers.

OTP-based login and secure token handling.


You should keep your device and app updated and not share your OTP or login details.


7. Your Rights


Depending on applicable law (e.g. GDPR, local data protection laws), you may have the right to:


Access – Request a copy of the personal data we hold about you.

Correction – Request correction of inaccurate data (some data may be editable only by your institution).

Erasure – Request deletion, subject to legal and contractual retention requirements.

Restriction or objection – Request restriction of processing or object to certain processing.

Data portability – Request your data in a structured, machine-readable format where applicable.


To exercise these rights, contact your institution’s MAP HMS administrator or us using the contact details below. You may also have the right to lodge a complaint with a supervisory authority.


8. Children


The Staff App is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has been registered or data has been submitted in error, please contact your institution or us.


9. Changes to This Policy


We may update this Privacy Policy from time to time. The Last updated date at the top will be revised when we do. Continued use of the app after changes constitutes acceptance of the updated policy. For material changes, we may notify you via the app or through your institution.


10. Contact


For privacy-related questions or requests regarding the MAP HMS Staff App:


Publisher: OMAP Services Management Pvt Ltd

Web: mapservices.in

Email: Use the contact or support details provided on mapservices.in, or through your institution’s MAP HMS administrator.


For matters that involve your employment or institutional data, your institution’s administrator remains the primary point of contact.


This privacy policy applies to the MAP HMS Staff App (KARTA) and the data processed by OMAP Services Management Pvt Ltd in connection with that app.