Privacy Policy

1. Information We Collect

1.1 Personal Information You Provide

We collect information you voluntarily provide when using our Services:

• Account Information: Name, email address, phone number, mailing address, profile photo
• Identity Verification (KYC): Government-issued ID (Aadhaar card, PAN card, Passport, Voter ID) as required for KYC compliance under applicable Indian law
• Financial Information: Bank account details, UPI IDs, debit/credit card information (tokenised), financial statements
• Property Information: Property addresses, descriptions, photos, rental agreements, lease terms, rent amounts
• Communication Data: Messages between landlords and tenants, support requests, feedback, survey responses
• Professional / Business Information: GST registration number, business registration details, professional certifications (for landlords and property managers)

1.2 Sensitive Personal Data or Information (SPDI)

The following categories constitute Sensitive Personal Data or Information as defined under Rule 3 of the IT Rules, 2011, and are handled with enhanced care and explicit consent:

• Financial information including bank account, debit/credit card, and payment instrument details
• Passwords and authentication credentials
• Biometric data (if used for verification purposes)
• Information relating to physical, physiological, or mental health condition

We collect SPDI only with your free, informed, and specific consent, and only to the extent necessary for the stated purpose.

1.3 Information Collected Automatically

When you access our Services, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages viewed, features used, time spent, click patterns, search queries
• Location Information: Approximate location based on IP address, or precise location with your permission
• Cookies and Tracking: Session data, preferences, authentication tokens
• Performance Data: Application crashes, response times, system performance metrics

1.4 Information from Third Parties

We may receive information from third-party sources:

• KYC / Identity Verification Services: Identity confirmation, verification results
• Payment Processors: Transaction status, payment method verification
• Property Data Providers: Property valuations, market data, ownership records
• Social Media Platforms: Public profile information when you connect accounts
• Integration Partners: Data from connected accounting, maintenance, or other property management tools

2. How We Use Your Information

2.1 Service Provision

• Create and manage user accounts and profiles for landlords and tenants
• Facilitate property listings, tenant onboarding, and lease management
• Process rent payments, security deposits, and other financial transactions via UPI, NEFT, RTGS, IMPS, debit/credit cards, and other RBI-approved payment methods
• Enable communication between landlords and tenants through the platform
• Provide maintenance request tracking and coordination
• Generate reports, analytics, and insights for property management
• Issue GST-compliant tax invoices and rent receipts for subscription services

2.2 Security and Legal Compliance

• Verify user identity (KYC) and prevent fraud
• Comply with legal obligations under the IT Act 2000, DPDP Act 2023, Prevention of Money Laundering Act 2002 (PMLA), Companies Act 2013, GST Act, and other applicable Indian laws
• Detect and prevent security threats, abuse, and unlawful activities
• Maintain records as required by law (minimum 8 years under Companies Act 2013; 6 years under GST Act for tax records)

2.3 Communication and Marketing

• Send transactional notifications (payment confirmations, rent reminders)
• Send promotional communications and product updates (only with your consent; you may unsubscribe at any time)
• Respond to your enquiries and provide customer support

3. Information Sharing and Disclosure

We do not sell or rent your personal information to third parties. We may share your information only in the following circumstances:

3.1 With Your Consent

• When you explicitly authorise us to share information with third parties
• When you connect third-party services or integrations to your account
• When you participate in joint promotions or surveys

3.2 Service Providers (Data Processors)

We engage third-party service providers who process data on our behalf, bound by confidentiality and data processing agreements:

• Payment Processors: To process rent payments and financial transactions (RBI-authorised payment aggregators and gateways)
• KYC / Identity Verification: For user verification and fraud prevention
• Cloud Infrastructure: For secure data storage and processing
• Communication Services: For email, SMS, and push notifications
• Analytics Providers: For usage analysis and service improvement
• Customer Support Tools: For providing technical assistance

3.3 Disclosure Between Platform Users

As a B2B2C platform, certain information is shared between landlords and their tenants to facilitate the rental relationship:

• Landlords can view tenant profile information, lease details, and payment records for properties they own or manage
• Tenants can view their own lease details, payment history, and landlord contact information
• Disclosure is limited to what is necessary for the property management relationship

3.4 Legal Requirements

• To comply with applicable central, state, or local laws of India, regulations, or court orders
• To respond to lawful requests from government authorities or regulatory bodies (including GSTN, Income Tax department, RBI, SEBI, or law enforcement)
• To enforce our Terms of Service or other agreements
• To protect our rights, property, or safety, or that of others
• To investigate potential fraud or security breaches

3.5 Business Transfers

In the event of a merger, acquisition, amalgamation, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.

3.6 Aggregated and De-identified Data

We may share aggregated or de-identified information that cannot be used to identify you individually for research, analytics, or business purposes.

4. Data Security and Protection

We implement reasonable security practices and procedures as mandated under Rule 8 of the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011:

4.1 Technical Safeguards

• Encryption: Industry-standard encryption (TLS) for data in transit; encryption at rest for sensitive data
• Secure Infrastructure: Cloud hosting with redundancy and continuous monitoring
• Network Security: Firewalls, intrusion detection systems, and DDoS protection
• Access Controls: Multi-factor authentication and role-based access permissions
• Vulnerability Management: Regular security assessments and penetration testing

4.2 Administrative Safeguards

• Employee Training: Regular privacy and security training for all personnel
• Incident Response: Established procedures for detecting and responding to data breaches
• Data Minimisation: Collection and retention of only information necessary for stated purposes
• Vendor Management: Due diligence and contractual protections for all third-party service providers

5. Your Privacy Rights

Under the Information Technology Act, 2000, the IT Rules, 2011, and the Digital Personal Data Protection Act, 2023, you have the following rights with respect to your personal data:

5.1 Access and Portability

• Right to Access: Request a summary of the personal data we hold about you, along with the purpose of processing
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Information: Know the identities of other Data Fiduciaries and Data Processors with whom your data has been shared

5.2 Correction and Deletion

• Right to Correction: Correct inaccurate or incomplete personal information we hold about you
• Right to Erasure: Request deletion of personal data that is no longer necessary for the stated purpose or where consent has been withdrawn (subject to legal retention obligations)

5.3 Consent and Nomination

• Right to Withdraw Consent: Revoke consent for data processing at any time. Withdrawal will not affect the lawfulness of processing prior to withdrawal, and may result in inability to access certain Services
• Right to Nominate: Under the DPDP Act 2023, nominate another individual to exercise your data protection rights in the event of your death or incapacity
• Right to Opt-Out: Unsubscribe from marketing communications at any time via the unsubscribe link in our emails or by contacting us

5.4 How to Exercise Your Rights

To exercise any of these rights, contact our Grievance Officer at admin@leazepro.com or through your account settings. We will:

• Acknowledge your request within 24 hours of receipt
• Respond to or resolve your request within 30 days as required under the IT Act, 2000
• Verify your identity before processing your request
• Inform you if we are unable to fulfil your request and the reason therefor

6. Data Retention

We retain personal data only as long as necessary to fulfil the stated purpose, or as required by applicable Indian law:

• Account Data: Retained while your account is active and for such period thereafter as required by applicable law
• Financial Records and GST Records: Minimum 72 months (6 years) from the end of the relevant financial year, as required under the Central Goods and Services Tax Act, 2017
• Books of Account: Minimum 8 years from the end of the relevant financial year, as required under Section 128 of the Companies Act, 2013
• Communication Records: Retained for 3 years for customer service and dispute resolution purposes
• Usage Data: Aggregated data may be retained indefinitely; individual usage data deleted after 2 years
• Legal Hold Data: Retained for as long as required for ongoing legal proceedings or regulatory investigations

7. Cross-Border Data Transfers

Your personal data is primarily stored and processed in India. We may transfer certain data to third-party service providers located outside India (e.g., cloud infrastructure, analytics). Such transfers are made subject to:

• Applicable provisions of the DPDP Act, 2023 and rules made thereunder
• Contractual safeguards with recipient entities to ensure comparable data protection standards
• RBI guidelines on payment data localisation — payment data is processed and stored domestically as required by the Reserve Bank of India

We do not transfer Sensitive Personal Data or Information outside India without your explicit consent, except as required by applicable law or court order.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for basic site functionality and security (cannot be disabled)
• Performance Cookies: Help us understand how you use our Services (anonymised analytics)
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements only with your explicit consent

You can manage cookie preferences through your browser settings or our cookie preference centre. Disabling certain cookies may affect the functionality of our Services.

9. Children's Privacy

Our Services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal data from minors. Under the DPDP Act, 2023, processing of personal data of children (under 18 years) requires verifiable parental consent. If we become aware that we have collected personal data from a child without appropriate consent, we will delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at admin@leazepro.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. When we make material changes, we will:

• Post the updated policy on our website with a new effective date
• Notify you of material changes via email or through our Services at least 30 days before they take effect
• Obtain fresh consent where required under applicable law (including the DPDP Act, 2023)

Your continued use of our Services after changes become effective constitutes acceptance of the updated Privacy Policy.

11. Grievance Officer

In accordance with the Information Technology Act, 2000 and the rules made thereunder, a director of the company has been designated to handle grievances relating to the processing of personal data. You may address any grievances to:

12. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: