1. Scope, Applicability and Legal Basis

This Policy applies to all visitors, registered users, listing owners, mess owners, roommates, tenants, chat participants, dashboard users, support users, and any person interacting with any digital touchpoint operated under Roomy™. It applies to browser interfaces, application interfaces, APIs, embedded integrations, and in-app modules.

Cookie and tracking processing may be performed on one or more legal grounds including consent (where required), performance of requested services, legitimate business interests, information security, fraud prevention, legal compliance, and enforcement of contractual rights and platform safety obligations.

2. What Are Cookies and Tracking Technologies

2.1 Cookies

Cookies are small text files placed on your browser or device to identify sessions, retain settings, secure account access, and improve platform functionality.

2.2 Similar Tracking Technologies

• Local Storage: Browser-based key-value storage used for non-sensitive preferences and state management.
• Session Storage: Temporary browser storage used for tab-scoped sessions and workflow continuity.
• Pixels/Beacons: Tiny tracking elements used to measure campaign performance, feature usage, and communication outcomes.
• SDKs: Mobile software components used for analytics, attribution, crash diagnostics, and messaging delivery.
• Device Identifiers: IDs such as app instance identifiers, push tokens, and platform-level advertising or analytics identifiers.
• API Session Tokens: Secure tokenized identifiers used for authenticated requests and anti-abuse controls.
• Fingerprinting Signals: Technical characteristics (where legally permitted) used for abuse prevention and anomaly detection.

3. Why Roomy™ Uses Cookies and Tracking Technologies

• To provide core functionality, maintain sessions, and enable account login and secure access.
• To process OTP and authentication sequences and protect account integrity.
• To remember preferences (language, theme, dashboard view, filters, saved actions).
• To personalize search results and user experiences across property, mess, and roommate modules.
• To support location and map experiences, including geospatial search and autocomplete flows.
• To detect and prevent fraud, spam, bot traffic, abuse, credential stuffing, and suspicious behavior.
• To measure performance, troubleshoot errors, optimize page delivery, and improve API reliability.
• To perform analytics, product improvement, A/B testing, campaign measurement, and marketing attribution.
• To maintain audit logs and legally defensible records for lawful investigations and dispute resolution.

4. Cookie Classification by Purpose and Duration

The exact cookie name, issuer, retention period, and value format may change over time due to product, legal, regulatory, or security requirements.

5. Essential, Authentication and Security Cookies

5.1 Essential Cookies

Essential cookies are required for core platform operation and cannot be fully disabled through the in-platform preference center without impacting service availability.

5.2 Login and Authentication Cookies

These cookies maintain authenticated sessions for website, web app, dashboards, and APIs after successful login.

5.3 OTP Session Cookies

OTP session cookies and temporary tokens support secure login verification and controlled expiry of one-time validation flows.

5.4 Remember Me Cookies

Where enabled, remember-me cookies preserve selected login continuity on trusted devices, subject to revocation and risk-based controls.

5.5 Security Monitoring Cookies

• Device and session integrity checks
• Suspicious activity detection
• Session hijack protection and anomaly scoring
• Automated threat intelligence controls

6. Preference, Search, Wishlist and Personalization Cookies

6.1 User Preference Cookies

Preference cookies store non-sensitive selections including language, selected city, sorting mode, display options, and selected workflow states.

6.2 Language and Theme Preferences

Language and UI preference settings may be stored to provide a consistent experience across sessions and devices.

6.3 Dashboard Preferences

Dashboard modules may store preferred layouts, selected tabs, filters, and operational widgets for authenticated users.

6.4 Search and Discovery Cookies

• Search history cookies for quick recall of recent searches
• Mess, roommate, and property filter persistence
• Recently viewed property cookies
• Saved query and recommendation continuity states

6.5 Wishlist Cookies

Wishlist and save-state cookies facilitate quicker retrieval of saved listings and improve continuity for in-progress selection journeys.

7. Location, Map and Geospatial Technologies

7.1 Location and GPS Cookies

Where permitted by device settings, approximate location or GPS-related signals may be used to enable geo-relevant listings and map-based experiences.

7.2 Map-Related Cookies and Storage

Map interfaces may use cookies and local storage for tile caching, viewport memory, search area persistence, and latency optimization.

7.3 Google Maps and Google Places Autocomplete

If map and place search integrations are enabled, Google Maps and Google Places components may set or access their own cookies and identifiers as per their policies. Use of such integrations is subject to both this Policy and relevant third-party terms.

8. Chat, Community and Notification Tracking

8.1 Chat Session Cookies

Chat session and delivery-state identifiers may be used for one-to-one chats, support chats, property chats, mess chats, and roommate chats.

8.2 Community Chat Cookies

Community modules may use session markers and moderation tracking states to prevent abuse and preserve group integrity.

8.3 Notification Preference Cookies

Preference states for alerts, reminders, and in-platform notices may be retained to avoid repeated prompts and improve relevance.

9. Payments, Fraud Prevention and Abuse Controls

9.1 Payment Session Cookies

Payment flows may use temporary identifiers for checkout state, transaction continuity, invoice generation context, and anti-replay controls.

9.2 Fraud Prevention Cookies

Fraud-related cookies and identifiers help detect high-risk transactions, payment anomalies, account takeover attempts, and repeated abuse patterns.

9.3 Device Fingerprinting and Security Signals

Subject to applicable law and necessity, technical signals (browser characteristics, device configuration, network patterns, behavioral indicators) may be used to identify suspicious automation and coordinated fraud events.

9.4 Rate Limiting, Spam and Abuse Prevention

• Rate-limiting identifiers for API and login endpoint protection
• Spam mitigation tokens for forms, chat, and listing submissions
• Abuse-prevention controls for fake profiles, fake listings, and malicious scripts

10. Analytics, Product Intelligence and Experimentation

10.1 Analytics Cookies

Analytics cookies are used to understand engagement, product effectiveness, and feature stability across platform modules.

10.2 Behavior Tracking Signals

• Click tracking
• Scroll tracking
• Page visit tracking
• Session duration and funnel progression tracking

10.3 Heatmaps and Session Replay Tools

Where enabled, pseudonymized or masked interaction replay tools may be used for UX diagnostics, issue replication, and product optimization. Sensitive fields are handled with masking controls where technically available.

10.4 Conversion Tracking and A/B Testing

Cookies may be used to measure conversion events, campaign outcomes, and A/B test performance to improve user journeys, quality metrics, and reliability of listing discovery.

11. Marketing, Campaign and Referral Technologies

11.1 Marketing Cookies

Marketing cookies help measure campaign impact and improve relevance of communication where legally permissible.

11.2 Referral and Campaign Tracking Cookies

Referral links and campaign tags may store source identifiers, ad group context, and engagement timestamps.

11.3 Ad Platform and Retargeting Cookies

External ad platforms may set retargeting cookies to present relevant ads on third-party properties. Such cookies are controlled by those platforms and subject to their own terms and privacy documentation.

12. Third-Party Integrations and External Cookies

Depending on enabled modules and environments, the platform may integrate with third parties such as:

• Google Analytics
• Google Maps and Google Places
• Cloudflare and similar edge security/performance providers
• Payment gateways and payment fraud screening providers
• SMS and WhatsApp service providers (for delivery tracking and messaging telemetry)
• Error monitoring systems and observability vendors
• Communication and notification delivery partners

Third-Party Responsibility Disclaimer: Roomy™ does not own or fully control third-party cookies used by integrated services, external advertisers, linked websites, or embedded widgets. Users should review third-party policies independently.

13. Infrastructure, Performance and Technical Logging

• CDN and cache cookies for faster static and dynamic resource delivery
• Performance cookies for latency, rendering, and response-time optimization
• Load-balancing/session-affinity cookies where required
• API session tokens and request integrity markers
• Error monitoring identifiers and crash diagnostics correlation IDs
• Operational logging systems for security, uptime, and audit defensibility

14. Mobile SDK Tracking, Device IDs and Push Tokens

In mobile app environments, SDKs may collect app instance IDs, push notification tokens, device IDs, OS-level telemetry, and crash reporting data to support reliability, security, and communication features.

• Push notification token registration and refresh tracking
• Device-level anti-fraud and anti-abuse identifiers
• App performance and crash reporting systems
• Mobile attribution and campaign source tags where enabled

15. Data Collected Through Cookies and Tracking

Depending on module usage and consent settings, the following categories may be collected, generated, or inferred:

• IP address and network metadata
• Browser type, browser version, and user-agent details
• Device type, model signals, and operating system
• User behavior events and interaction paths
• Search activity, search filters, and search frequency
• Saved properties and wishlist actions
• Viewed listings and recently viewed items
• Chat activity and session state metadata
• Login history and authentication event traces
• Approximate location and map usage context
• Session duration and engagement timing metrics
• Referral source and campaign attribution identifiers

16. Consent, Banner, Preference Center and Withdrawal

16.1 Cookie Banner and Initial Choice

Where applicable, users are presented with a cookie banner enabling acceptance of all cookies, acceptance of necessary-only cookies, or category-level preferences.

16.2 Preference Center

Users can review and update cookie category choices through the Cookie Preference Center available on this page.

16.3 Withdrawal of Consent

Users may withdraw or modify non-essential cookie consent at any time. Withdrawal does not invalidate prior lawful processing performed before such withdrawal.

16.4 Continuing Use as Consent Signal

To the extent permitted by applicable law, continued platform use after receipt of banner/policy notice may be treated as consent or acknowledgment for categories not requiring express opt-in.

17. How to Disable Cookies and Tracking Permissions

17.1 Browser-Level Cookie Controls

Most browsers allow users to block, clear, or restrict cookies. Users may configure settings at browser level for cookie handling, third-party cookie rejection, private mode behavior, and site-level exceptions.

17.2 Mobile App Tracking Permissions

Users can manage app permissions for notifications, location, background refresh, advertising identifiers, and tracking access through device settings.

17.3 Analytics and Marketing Opt-Out

Where available, users may opt out of analytics and marketing categories from the Preference Center, and can additionally use external provider opt-out controls where provided by those third parties.

18. Operational Impact if Cookies Are Disabled

Disabling cookies or tracking permissions may result in degraded or unavailable functionality, including login continuity failures, repeated authentication prompts, broken search persistence, unreliable map behaviors, limited recommendation relevance, interrupted chat workflows, payment flow disruptions, and reduced fraud prevention effectiveness.

Roomy™ shall not be liable for user experience loss or transaction inconvenience arising from browser/device-level disabling of necessary technical controls.

19. Cross-Border Processing, Retention and Disclosure

Tracking-related logs and identifiers may be processed by authorized vendors in India or other jurisdictions subject to lawful safeguards, contractual controls, and applicable legal restrictions.

Cookie and tracking records may be retained for security, fraud, audit, legal compliance, and dispute-defense purposes for the period reasonably required by law, risk controls, and business continuity obligations.

Data may be disclosed to regulators, statutory authorities, law enforcement agencies, courts, or lawful requestors where required under binding legal process.

20. Liability Limitations and User Responsibility

• Roomy™ does not warrant uninterrupted operation of all third-party cookies, SDKs, or tracking integrations.
• The platform is not responsible for external website cookies, advertiser technologies, or third-party trackers beyond its operational control.
• Users are responsible for managing their own browser/device privacy settings and for reviewing policies of integrated third-party services.
• To the extent permitted by law, the company disclaims indirect, incidental, and consequential liabilities arising from tracking technology limitations, third-party outages, or user-controlled blocking settings.

21. Policy Changes and No-Prior-Notice Clause

Roomy™ may revise, amend, replace, or update this Cookie Policy at any time to reflect legal changes, technology changes, business practices, product enhancements, or security requirements. Unless mandatorily required by law, such updates may be implemented without prior individual notice.

Users are advised to review this Policy periodically. Continued use of the platform after updates constitutes acceptance of the revised Policy terms.

22. Contact and Grievance Redressal

Grievance Officer: [Insert Grievance Officer Name/Designation]

Email: [email protected]

Phone: +919096223228

Address: Vadve Complex, 375, Nanekarwadi Fata, Khed, Pune, Maharashtra - 410501, India

For privacy and cookie-related grievances, include your registered contact details, device information, approximate date/time of issue, and relevant screenshots/log references for faster resolution.