1. In short
2. Data we collect
You give us directly
- Account: name, email, password (hashed), phone number, city, professional role (broker / agent / owner / developer), and (for brokers) RERA registration ID.
- Listings & requirements: property details — locality, BHK, sqft, price, photos, amenities, and any descriptions you write.
- Network activity: co-brokers you save, ratings, reviews, offer/bid history.
- Communications: messages to support, dispute reports, and any data you submit through forms.
Collected automatically
- Technical data: IP address, browser/device type, OS version, page-view timestamps, error logs.
- Usage data: which listings you view, search queries (without raw text being sent to third parties), feature interactions.
- Auth tokens: session cookies / localStorage entries that keep you logged in.
3. Why we collect it
| Purpose | Lawful basis (DPDP) |
|---|---|
| Run the matching engine and show you relevant listings/requirements | Consent & legitimate use |
| Verify your identity and RERA status to maintain trust | Legitimate use |
| Send transactional emails (signup confirmation, password reset, match alerts) | Performance of contract |
| Detect fraud, abuse, and policy violations | Legitimate use |
| Comply with legal obligations (IT Rules, RERA, tax law) | Legal compliance |
| Send product updates and marketing emails | Consent (opt-out anytime) |
4. How we share data
We do not sell your personal data. Limited sharing happens only as below:
- Other brokers in the network: your name, role, city, profile photo, and listings are visible by design — that's the network. Phone numbers are masked by default and only revealed if you toggle "Show phone publicly" in Settings.
- Service providers: Supabase (database & auth, hosted in Asia Pacific), Vercel (hosting & CDN), email-delivery providers for transactional mail. All are bound by contractual data-protection terms.
- Legal requests: when required by valid Indian legal process (court order, IT Act notice). We notify you where lawful.
- Business transfers: if BrokerNetwork.in is acquired or merged, your data may transfer subject to this Policy.
5. Storage & security
Personal data is stored on Supabase Postgres (project region: ap-south-1, Mumbai) with row-level security ensuring you can only edit your own records. Passwords are hashed using bcrypt; sessions use signed JWTs with rotation. Data in transit is protected with TLS 1.2+.
Despite reasonable safeguards, no system is fully impenetrable. If we detect a personal-data breach affecting you, we will notify you and the Data Protection Board within the timelines required by the DPDP Act.
6. Cookies & analytics
We use a small number of first-party cookies and localStorage entries strictly for:
- Authentication (session tokens, "remember me")
- UI preferences (notification toggles, last-viewed tab)
- Caching read-states (which notifications you've seen)
We do not run Google Analytics, Meta Pixel, or any third-party advertising/retargeting trackers. We may add privacy-respecting product analytics (PostHog or self-hosted) in future and will update this Policy if so.
7. Your rights under the DPDP Act, 2023
As a Data Principal, you have the right to:
- Access: request a copy of all personal data we hold about you.
- Correction: update inaccurate or incomplete data — most fields are editable in Settings → Profile.
- Erasure: request deletion of your account and personal data. The in-app option is at Settings → Account → Reset all app data; for full backend deletion, email us.
- Withdraw consent: opt out of marketing emails at any time via the unsubscribe link or by contacting us.
- Grievance redress: contact our Grievance Officer; if unresolved, escalate to the Data Protection Board of India.
- Nominate: nominate another individual to exercise your rights in case of incapacity (under Section 14 of the DPDP Act).
We respond to verified requests within 30 days.
8. Data retention
We retain personal data for as long as your account is active, plus the periods below:
- Listing & match history: 24 months after deletion (for dispute resolution).
- Financial records (paid plans): 8 years (income-tax compliance).
- Auth & access logs: 180 days.
- Communications with support: 36 months.
9. Children
Matchnclose is not directed at users under 18 years of age. If we discover that we have collected data from a minor without verifiable parental consent, we will delete it promptly.
10. Changes to this Policy
Material changes will be communicated by email or in-app notice at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact us
- Privacy / DPO: privacy@coclose.in
- Grievance Officer: grievance@coclose.in (response within 15 days under IT Rules, 2021)
- General: hello@coclose.in
- Operator: BrokerNetwork.in