Privacy Policy

Version 1.2.0 Effective Date: February 02, 2026

1. Introduction

This Privacy Policy document provides a comprehensive technical and legal overview of how Gharvanta ("the Platform", "we", "us") processes, stores, and protects user data. We operate under a "Privacy by Design" framework, ensuring that data protection is integrated into every layer of our technology stack—from initial user registration to media delivery and long-term storage.

By accessing our services via gharvanta.com or any of its subdomains (including office.gharvanta.com), you acknowledge the practices described in this document. We encourage you to read this in conjunction with our Terms of Service.

2. Data Classification and Collection

We categorize the data we collect into the following distinct classes to ensure appropriate security measures and residency policies are applied:

2.1 Personally Identifiable Information (PII)

  • Profile Data: Involves the collection of your full legal name, verified email address, and primary contact number for account lifecycle management.
  • Professional Credentials: For Agents, Brokers, and Builders, we collect RERA registration numbers, company incorporation details, and professional biographies to establish platform trust.
  • Authentication Data: We utilize advanced hashing standards (bcrypt and pbkdf2) to store your credentials. Under no circumstances do we store raw, plaintext passwords.

2.2 KYC and Sensitive Verification Data

Security Level: Tier 1 (Encrypted & Restricted)

  • Identity Verification: Digitized copies of government-issued IDs (Aadhar, PAN, Voter ID) required for professional account activation.
  • Ownership Proofs: Property title deeds, utility bills, and tax certificates provided by sellers for the "Shield Verified" listing status.
  • Storage Protocol: These assets are never stored in our primary database; they are offloaded to Cloudinary's secure, private vaults.

2.3 Media and Asset Data

  • Visual Assets: High-resolution images, 360-degree panoramas, and video tours of property listings.
  • Technical Metadata: Our system processes EXIF data and geolocation markers to verify the origin and location accuracy of property listings.

2.4 Technical Telemetry

  • Network Identifiers: IP addresses, user-agent strings, and browser specifications.
  • Behavioral Analytics: Login timestamps, session duration, and navigation paths through our /dashboard and /api endpoints to prevent unauthorized access and DDoS attacks.

3. Infrastructure and Data Residency

Gharvanta utilizes a globally distributed, cloud-native infrastructure centered around the following core providers:

Relational Data (Neon DB)

User profiles, listing details, and transaction logs are stored in high-performance Postgres clusters. Data is isolated within regional VPCs (AWS Asia Pacific 1) and protected by mandatory SSL/TLS 1.3 encryption.

Non-Relational Assets (Cloudinary)

All binary data (images, KYC documents, raw project files) is managed via Cloudinary. We leverage signed URLs and expiring tokens to ensure that private documents are not indexable by public search engines.

Edge Compute (Vercel)

Application logic is executed via Serverless functions on the Vercel edge network. No persistent PII is stored on the edge; it serves only as a secure gateway to our backend services.

4. Data Retention and Destruction

We maintain a strict schedule for data lifecycle management:

  • 01.
    Active Accounts:

    Maintained for the duration of the service agreement between the user and the Platform.

  • 02.
    Deactivation Period:

    Upon account closure, data enters a 30-day "Frozen State" where it is hidden from the public but maintained for recovery. After 30 days, PII is purged.

  • 03.
    Statutory Archival:

    Financial logs and KYC backups for verified transactions are archived for up to 7 years to comply with Anti-Money Laundering (AML) and financial audits.

5. User Rights Under Information Technology Act

In accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, users are entitled to:

  • Right of Access: You may request a comprehensive report of all personal data Gharvanta holds on you.
  • Right of Portability: A machine-readable export of your data is available upon request for transfer to other platforms.
  • Right of Rectification: You can update any out-of-date or incorrect information through your dashboard or via support ticket.
  • Right to be Forgotten: You can request total deletion of your identity from our systems, barring data we are legally required to keep.