RRIMS ยท Government of Nepal

Privacy Policy

Remote Resource and Infrastructure Monitoring System

RRIMS, the Remote Resource and Infrastructure Monitoring System, is a mobile and web platform used to report, verify, manage, and monitor public infrastructure issues in Nepal. This Privacy Policy explains how RRIMS collects, uses, stores, shares, and protects user information.

1. Information We Collect

  • Account information such as full name, mobile number, username, password hash, and optional email address.
  • Verification data such as WhatsApp OTP delivery status, verification attempts, and account activation records.
  • Profile details such as preferred language, location, geography assignment, role, and optional identity fields.
  • Report content such as issue descriptions, severity, photos, videos, voice notes, comments, and timestamps.
  • Operational and security data such as IP address, device fingerprint, audit logs, session history, and risk signals.
  • Location data that users provide directly or allow RRIMS to resolve from their device for infrastructure reporting.

2. How We Use Information

  • To register users, activate accounts, and secure login with WhatsApp-based OTP verification.
  • To process public infrastructure reports and route them to the correct engineer or government authority.
  • To support offline-first synchronization, incident tracking, notifications, audit trails, and service analytics.
  • To improve safety, detect abuse, enforce access controls, and meet governance and compliance obligations.

3. WhatsApp OTP Verification

RRIMS uses WhatsApp messages to send one-time verification and password reset codes. These messages are used to confirm control of a registered mobile number and to protect accounts. Email may be collected as an optional contact detail, but email verification is not required for normal account activation unless explicitly enabled by policy.

4. Legal and Government Use

RRIMS may be operated on behalf of public bodies, local governments, provinces, and central agencies. Data may be used for public service delivery, infrastructure maintenance, governance reporting, audit review, and legally authorized investigations.

5. Data Sharing

  • With authorized RRIMS personnel, field engineers, and government users based on role and geography permissions.
  • With technical service providers used for hosting, storage, notifications, WhatsApp delivery, and security operations.
  • When required by law, lawful order, public authority request, or incident response obligations.

6. Data Security

RRIMS uses role-based access controls, audit logging, secure session handling, password hashing, device and risk checks, and transport security controls intended to reduce unauthorized access. No system can guarantee absolute security, but RRIMS is designed for government-grade accountability and monitoring.

7. Data Retention

RRIMS keeps data for as long as necessary to provide services, maintain accountability, preserve evidence, satisfy public records requirements, or comply with legal retention obligations. Some records may be retained longer for audit, fraud prevention, infrastructure safety, or dispute resolution.

8. Your Choices

  • You may request updates to optional profile information where the system permits.
  • You may request account assistance, session revocation, or data deletion review through RRIMS support.
  • You can stop using RRIMS at any time, but some records already submitted may remain retained for public-service purposes.

9. Contact

For privacy, verification, or data access questions, contact RRIMS support at [email protected].