Privacy Policy

Last updated: July 2026 · KalyanKart Co · support@kalyankart.com

1. What we collect

  • Account data: name, phone, email, city, country, language, RERA number (agents).
  • Business data you create: contacts, deals, listings, documents, showing records. Your client book belongs to you.
  • Consumer enquiries: when a property owner or buyer requests a free valuation, we collect their name, phone and property details with their explicit consent to be contacted by one verified agent.
  • Showing evidence: agent GPS check-ins, buyer visit-code confirmations and photos, recorded to a tamper-evident ledger to protect both parties.
  • Usage data: app events and, where enabled, advertising analytics (Meta Pixel) on public pages.

2. How we use it

To operate the service (CRM, marketplace, certificates, payments), to route consumer enquiries to verified agents, to provide AI assistance (drafts, matching, estimates), to prevent fraud, and — in de-identified, aggregated form — to improve our market-intelligence models. We do not sell personal data.

3. Where it lives

Data is stored on managed infrastructure in India (database and files in the Mumbai region; API in asia-south1). Processors we use: Razorpay (payments — we never store card numbers), Meta WhatsApp Cloud API and SMS/email providers (messages), Google Cloud / Gemini (AI processing), Supabase (database/storage), Vercel (web hosting).

4. Who can see what

Your CRM is visible only to you. Listing owner contacts are visible only to you and our verification team. Buyer phone numbers in exchange requests are hidden until acceptance and masked on certificates. Public pages show only what you choose to publish (listings, Reputation Passport).

5. Your rights (DPDP)

You may access, correct, export or delete your data — deleting your account removes your client book and profile; the ledger retains only cryptographic hashes and non-identifying event types so past certificates remain verifiable without exposing personal data. Consumers may opt out of agent contact at any time by replying STOP or contacting us. Requests: support@kalyankart.com — answered within 30 days.

6. Security

Passwords are hashed (bcrypt), sessions use short-lived tokens, one-time codes are hashed, access is row-scoped per account, and the event ledger is append-only at the database level. Report vulnerabilities to security@kalyankart.com.

7. Children

The service is for adults (18+) and is not directed at children.

This document is a launch template prepared for KalyanKart Co and is pending final review by legal counsel. It is provided in good faith and updated as the service evolves.