Privacy Policy

We collect three categories of data:

• Customer (workspace) data: workspace name, slug, country, currency, branding assets, plan tier, billing identifiers.
• User data: email address, display name, locale preference, authentication identifiers from Firebase Auth (Google or Email/Password).
• Buyer enquiry data (Leads): name, email, phone, free-text message, the property the buyer was viewing. This data flows from the public listing-detail enquiry form into the workspace inbox.

We also collect automatic technical data: IP address, user agent, request timing, and Cloud Run server logs. These are used for security and operational analytics, not for advertising or profiling.

• To operate the Service — let workspaces manage listings and act on Leads.
• To authenticate users via Firebase Auth.
• To process subscription payments (if you are on a paid plan) via Razorpay or another payment processor.
• To send transactional emails (account confirmations, lead notifications, billing receipts).
• To improve the Service via aggregate, non-identifying analytics.

We do not sell, rent, or trade your personal data with third parties for their independent marketing.

Application data is stored in Google Cloud Platform's us-central1 region. Buyer enquiry data and listing media live in the same region. Authentication is handled by Firebase Auth (Google).

We share personal data only with these categories of processors:

• Cloud infrastructure — Google Cloud (Cloud Run, Cloud SQL, Cloud Storage). Bound by their data-processing terms.
• Authentication — Firebase Auth.
• Payment processing — Razorpay (for INR transactions) and optionally Stripe (for international cards). Card data is collected and stored by the payment processor; we never see or store card numbers.
• Email delivery — a transactional email provider for lead notifications and account emails.
• AI search — Google Vertex AI processes natural-language search queries to extract structured filters. Queries are not retained for model training.

We may disclose data to comply with legal process (court order, statutory requirement) or to protect against fraud, abuse, or security incidents.

We use a minimal set of first-party cookies and browser storage: authentication tokens (Firebase), locale preference, install-prompt state, impersonation banner state. We do NOT use third-party advertising cookies or cross-site tracking.

Active workspace data is retained while the workspace is active. After a workspace is closed, data is retained for 30 days in a soft-delete state to allow for accidental closure; after that, it is permanently deleted, except for billing/tax records retained as required by law (typically 7 years in India).

Subject to applicable law, you have the right to:

• access the personal data we hold about you;
• request correction of inaccurate data;
• request deletion (right to erasure), subject to legal retention obligations;
• withdraw consent for non-essential processing;
• request a portable export of your workspace data.

To exercise any of these rights, see Contact Us. Where required by law (e.g. DPDP Act), we will respond within 30 days.

The Service is not directed at children under 13 (or under 18 in jurisdictions where required). We do not knowingly collect data from children. If you believe a child has submitted personal data, please contact us and we will delete it.

We use industry-standard measures including TLS in transit, encryption at rest (managed by GCP), least-privilege service accounts, and row-level security in the database to keep tenants isolated. No system is perfectly secure; please notify us immediately if you suspect a breach.

For DPDP Act purposes, the Data Protection Officer is reachable via the email listed on Contact Us.

We may update this Policy periodically. Material changes will be notified via email or in-app banner. The "last updated" date at the top reflects the most recent revision.