ProRentz

Privacy Policy

ProRentz ยท Version 1.2 ยท Effective 2026-07-03 ยท Compliant with the Digital Personal Data Protection Act, 2023

1. Introduction

ProRentz ("we", "us", "our") respects your privacy. This Privacy Policy explains what personal data we collect about you, how we use it, with whom we share it, how long we keep it, and your rights under the Digital Personal Data Protection Act, 2023 ("DPDP Act").

This Policy applies to your use of the ProRentz mobile application, web application, and related services (collectively, the "Service"), regardless of how you access them.

By creating an account or using the Service, you confirm you have read and understood this Policy. Your continued use of the Service is your ongoing consent to processing as described here. You can withdraw consent at any time (see Section 9).

2. Who is the Data Fiduciary?

Under the DPDP Act, ProRentz (registered in Tamil Nadu, India) is the "Data Fiduciary" โ€” the entity that determines the purpose and means of processing your personal data.

For grievances or to exercise your rights under this Policy, contact our Privacy Officer at r.rajieev@gmail.com. We will respond within 30 days as required by Section 13 of the DPDP Act.

3. What Personal Data We Collect

We collect only the data we need to provide the Service. The categories below are the maximum we may hold about you โ€” actual data depends on your role and how you use the Service.

Identity & contact data: name, phone number, email (if provided), profile photo (if uploaded), Aadhaar last-4 digits only (we never store the full 12 digits).

Tenancy data: property address, rent amount, deposit amount, rent due day, lease start/end dates, parent/guardian name and relation (for rental agreements), permanent address, ID number (last 4 digits only).

Payment records: rent payment amount, date, payment method (UPI / Cash / Bank Transfer / Cheque), pending/verified status. We do NOT store UPI PINs, card numbers, CVVs, bank login credentials, or any payment instrument details.

Communication data: in-app chat messages between landlord and tenant, maintenance request descriptions, photos uploaded to maintenance requests.

Device & technical data: IP address, browser type, device type, push notification subscription endpoint, app version, and timestamps of activity. Captured for security monitoring and fraud prevention.

Location data: GPS coordinates of properties when you choose to share them; stored only with your explicit map-pin action.

Subscription data (landlords only): plan type, payment status, billing transaction IDs (issued by Cashfree โ€” not actual card details).

Reviews & reputation data: star ratings (1โ€“5) and written reviews you give or receive as a landlord or tenant, and the display name shown alongside a review โ€” your organisation name if you are a landlord, or a masked first name and last initial only if you are a tenant.

Property-inquiry data (marketplace): when you send an inquiry about a listing, your name, phone number, and message, together with the Google account you signed in with to send it.

4. Why We Process Your Data

We use your personal data only for the following purposes (DPDP Act Section 5(1)(i)):

(a) Providing the Service: managing your account, displaying your tenancy/property data, recording payments, sending notifications, enabling chat, generating rental agreements.

(b) Security & fraud prevention: detecting unauthorized access, blocking abuse, enforcing rate limits, investigating suspicious activity.

(c) Communications: transactional notifications about rent, leases, maintenance, plan expiry. You can opt out of marketing communications at any time, but transactional notifications are essential to the Service.

(d) Legal compliance: retaining records for tax (Income Tax Act), tenancy disputes (state Rent Acts), and audit requirements.

(e) Service improvement: aggregated, non-identifying analytics to fix bugs and improve features. We do NOT use individual user data for advertising or sell it to advertisers.

(f) Reputation & marketplace trust: to let a prospective tenant see a landlord's public rating before enquiring, and to let a landlord check a prospective tenant's reputation from previous landlords before offering a tenancy โ€” reducing fraud and mismatches on both sides. Ratings are shown in aggregate first; written detail is disclosed only to a party with a genuine dealing.

We do NOT use your data to train AI models or for any purpose not listed here without your fresh, specific consent.

5. Lawful Basis & Consent

Our primary lawful basis for processing is your consent (DPDP Act Section 6), given when you accept this Policy at signup.

Some processing happens under Section 7 ("Certain Legitimate Uses") โ€” for example, retaining records to comply with tax law or to defend against a legal claim. These do not require separate consent.

We never use "deemed consent" loopholes, dark patterns, or pre-ticked boxes. Consent is always an active opt-in.

6. Who We Share Data With

We share your data only with the parties below, only for the purposes stated:

(a) Other users in your tenancy: landlords see their tenants' data (necessary for tenancy management); tenants see their landlord's payment details (UPI ID, bank info) for rent payment. Service-persons see job-relevant tenant info.

(b) Cloud infrastructure providers (Data Processors): Render (hosting), Supabase (PostgreSQL database) โ€” both bound by data processing contracts requiring DPDP-equivalent protection.

(c) Cashfree Payments: our payment gateway for two flows: (i) landlord subscription billing via our platform Cashfree account, and (ii) optional online rent, which settles directly into the landlord's OWN Cashfree merchant account (we never hold or route rent money). Cashfree is a separate Data Fiduciary subject to its own privacy policy.

(d) Communication providers: WhatsApp Business API (for notifications you opted in to), web-push services (FCM / Mozilla / Apple).

(e) Government / law enforcement: only when required by a valid legal order under Indian law. We will notify you unless legally prohibited.

(f) Other users, for reputation: a review you write about a landlord is shown publicly on that landlord's listings to help other prospective tenants. A review a landlord writes about you as a tenant is shared โ€” with your name shown only as a masked first name and last initial โ€” with other landlords who look up your phone number to vet a prospective tenancy. Aggregate ratings are visible before any written detail is shown.

(g) The landlord you contact: when you send a property inquiry, your name, phone number, and message are shared with that property's landlord so they can respond to you.

We do NOT sell, rent, or trade your personal data to third parties for marketing or any other purpose.

7. International Transfers

Some of our infrastructure providers (Render, Supabase) may host data on servers located outside India. As required by Section 16 of the DPDP Act, we only transfer data to jurisdictions that provide adequate protection or under contractual safeguards.

We do not transfer data to any country restricted under DPDP rules. We will update this Policy if the central government issues a list of restricted countries and any of our providers fall on it.

8. Security Measures

We implement industry-standard technical and organizational measures appropriate to the sensitivity of the data, including:

Encryption: all data in transit is encrypted via HTTPS / TLS 1.2+. Database connections use SSL.

Authentication: passwords are stored as bcrypt hashes (never plaintext); JWT-based sessions; rate-limited login.

Access control: Row-Level Security (RLS) enabled on all database tables; multi-tenant org isolation enforced at the database level.

Audit logging: all login attempts, password changes, and consent events are logged.

Breach notification: in the event of a personal data breach, we will notify the Data Protection Board and affected users without undue delay, as required by DPDP Section 8(6).

9. Your Rights as a Data Principal

Under the DPDP Act you have the following rights, exercisable by contacting our Privacy Officer:

Right to information (Section 11): confirm what data we hold about you and how we process it.

Right to correction & erasure (Section 12): correct inaccurate data; delete data we no longer need (subject to legal retention obligations in Section 11).

Right of grievance redressal (Section 13): raise a complaint with our Privacy Officer; we respond within 30 days. If unresolved, escalate to the Data Protection Board of India.

Right to nominate (Section 14): nominate another individual to exercise your rights in the event of your death or incapacity.

Right to withdraw consent: stop processing any time. We will stop unless we have a separate lawful basis (e.g., legal retention).

Most rights can be exercised directly in the app: edit your profile, delete attachments, close your account from Settings. For anything not self-serve, email us.

10. How Long We Keep Your Data

Active accounts: we keep your data for as long as your account is active.

Closed accounts: after closure, we retain personal data for up to 7 years to comply with the Income Tax Act (records retention), the Indian Contract Act (limitation period for disputes), and applicable state Rent Acts. After this period, data is permanently deleted.

Audit logs: terms-acceptance records and security logs are retained for 7 years for legal evidentiary purposes.

Backups: routine backups may persist for up to 90 days after deletion before being overwritten.

Anonymized analytics: aggregated, non-identifying statistics may be retained indefinitely.

11. Children's Privacy

The Service is not directed at children under 18. Under Section 9 of the DPDP Act, we do NOT undertake tracking, behavioural monitoring, or targeted advertising directed at children.

If we learn that a person under 18 has created an account without verifiable parental consent, we will delete the account and associated data.

If you believe a minor is using the Service without consent, please email our Privacy Officer immediately.

12. Cookies & Local Storage

We use browser local storage to remember your login state, preferred language, and dark-mode setting โ€” this stays on your device.

Analytics: we use Google Analytics 4 (provided by Google LLC) to understand aggregate, non-identifying usage โ€” such as which pages are visited, device and browser type, and approximate (city/region-level) location derived from a truncated IP we do not store โ€” so we can fix bugs and improve the Service. Google Analytics sets first-party cookies (e.g. "_ga") and processes this data as our processor. We do NOT enable Google Signals, ad personalisation, or cross-site advertising. You can opt out with Google's browser add-on at https://tools.google.com/dlpage/gaoptout, and read how Google handles the data at https://policies.google.com/privacy.

We do not use Facebook Pixel or advertising trackers that profile you across other websites.

13. Changes to This Policy

We may update this Policy from time to time. Material changes (new categories of data collected, new sharing recipients, change in retention period) will be notified via in-app notice and you will be required to re-accept the updated Policy.

The current version is shown at the top of this document. The effective date marks when this version takes effect.

14. Contact & Grievance Redressal

Privacy Officer / Grievance Officer:

Name: Privacy Officer

Email: r.rajieev@gmail.com

Address: Tamil Nadu, India

Response SLA: 30 days (as required by DPDP Section 13(3))

If your grievance is not satisfactorily resolved by us, you have the right to escalate to the Data Protection Board of India under DPDP Section 28.