1. Scope and Applicability

This Privacy Policy governs collection, use, storage, sharing, transfer, retention, deletion, and protection of data processed through Roomy™. It applies to account holders, listing owners, mess owners, members, tenants, landlords, roommate seekers, invitees, visitors, support users, moderators, and any person interacting with the platform.

Roomy™ operates as a technology platform and intermediary enabling discovery, listing, communications, request management, moderation, analytics, and paid visibility services. The platform does not become a party to private off-platform arrangements between users unless explicitly stated in a signed company contract.

2. Definitions

• Personal Data: Any data relating to an identifiable individual.
• Sensitive Information: Includes government identity data, financial indicators, login credentials, and risk signals processed under strict controls.
• User Content: Text, media, listing details, profile details, chats, reports, reviews, and documents uploaded by users.
• Platform Modules: Property, Mess, Roommate, Chat, Neighbourhood Community, Payments, and Support systems.
• Two-Layer Expense System: Expense processing for both owner-level and member-level financial management in PG/hostel or co-living scenarios.

3. Personal Data We Collect

3.1 Account and Authentication Data

• Name, email, phone number, encrypted password hash, OTP validation metadata, login timestamps, session identifiers.
• Security events for login, password reset, email update, phone update, account deactivation/reactivation, and account deletion requests.
• Suspicious login indicators including IP patterns, failed attempts, and anomaly scores.

3.2 Profile and Preference Data

• Profile photo, biography, language preference, lifestyle preferences, same-gender-only settings, smoking/drinking/pet preferences, and other roommate suitability data.
• Wishlist interactions, likes, saves, and recommendation actions.

3.3 Property and Listing Data

• Property types, lister types, location details, photos/videos/documents, edit history, view counts, request-to-join records, tenant management records, removal/leave events, package usage and paid priority records.
• Verification submissions and moderation outcomes including temporary suspension and permanent ban records.

3.4 Mess and Expense Data

• Mess listing data, media, owner/member records, request management logs, mark-paid/mark-unpaid/mark-past-due events, member removal and leave logs.
• Expense entries, split ratios, shared utility expenses, two-layer expense records, payment tracking metadata, and settlement status markers.

3.5 Roommate Data

• Roommate profile fields, invites, manage-invite actions, profile likes, preference filters, verification artifacts, moderation flags, and fake-profile risk signals.

3.6 Chat and Community Data

• One-to-one, property, mess, roommate, neighbourhood, and support chat messages, attachments, timestamps, deletion status, reports, blocks, and moderation actions.
• Community group posts, comments, media, reactions, report records, and group moderation actions.

3.7 Payment and Billing Data

• Package purchases, points transactions (listing/request points), subscription plan details, invoices, taxes, partial refund records, cancellation logs, failed-payment events, promotional credits and expiry events.
• Payment gateway reference IDs and status callbacks. Full card details are not stored by Roomy™ unless explicitly permitted by law and secure standards.

3.8 Device, Technical and Risk Data

• Browser type, OS, app/device identifiers, network metadata, IP logs, user-agent signatures, cookie IDs, API logs, abuse-monitoring telemetry.
• Anti-spam, anti-phishing, anti-malware, anti-automation, and scraping defense signals.

4. How We Collect Data

1. Directly from users through forms, uploads, chat, support, and dashboard actions.
2. Automatically through cookies, SDKs, logs, analytics events, moderation tools, and device fingerprinting signals.
3. From trusted third parties including payment partners, verification providers, maps providers, fraud-prevention partners, and lawful databases where permitted.
4. From other users when they submit requests, reports, invites, disputes, references, or complaints concerning a user.

5. Purposes of Processing

• To create, operate, secure, and improve platform services and module workflows.
• To perform authentication, OTP validation, suspicious login detection, and account recovery controls.
• To process request-to-join workflows, listing lifecycle management, member/tenant management, and invitation systems.
• To deliver location-based and map-based search experiences and recommendation systems.
• To calculate and show analytics, view counts, dashboard insights, and package performance.
• To detect, prevent, investigate, and prosecute abuse, fraud, fake listings, fake profiles, impersonation, harassment, hate speech, malware uploads, phishing, hacking, and policy violations.
• To process payments, taxes, invoices, refunds, cancellations, and service-fee accounting.
• To comply with applicable law, regulatory requests, judicial orders, and law enforcement directions.

6. Product-Module Data Handling

6.1 Property Module

Data is processed for listing creation/editing/deactivation/deletion, verification, media review, map rendering, request-to-join processing, manage-request decisions, tenant management, remove-tenant events, leave-property records, paid package activation, and moderation outcomes. Users remain solely responsible for accuracy and legality of listing details and media.

6.2 Mess Module

Data is processed for mess listing management, request-to-join, member management, paid/unpaid/past-due status operations, expense and split tracking, two-layer owner-member accounting, meal plan and utility entries, and moderation controls. Mess owners and members remain responsible for financial and factual correctness.

6.3 Roommate Module

Data is processed for profile matching, same-gender-only filtering, lifestyle preference compatibility, likes, invites, invite management, profile moderation, fake-profile screening, and safety reports. Matching outputs are probabilistic and are not guarantees of compatibility or safety.

6.4 Chat Module

Chat content may be processed for delivery, storage, indexing, report/block workflows, anti-spam and anti-abuse enforcement, and legal compliance. Roomy™ may remove or retain chat data where necessary for legal defense, fraud prevention, and policy enforcement.

6.5 Neighbourhood and Community Module

Area-based groups, posts, comments, and moderation records are processed to maintain community safety. Political/religious conflict content, hate speech, violent threats, scams, and promotional spam may be restricted or removed.

6.6 Payments Module

Payment data is processed to manage subscriptions, points, packages, priority listings, invoices, GST, refunds, cancellations, failed transactions, delayed settlement events, and lawful accounting/audit requirements.

7. Authentication and Account Security Data

• OTP and login systems generate transactional logs for fraud controls and legal defensibility.
• Email/phone update and password reset flows may require extra verification and temporary account locks.
• We may block, challenge, delay, or reject suspicious sessions, devices, or IP ranges without prior notice.
• Account deletion requests may be queued, verified, and lawfully delayed where disputes, abuse, dues, or legal holds exist.

8. Location, Maps, Device, Cookie and Analytics Data

8.1 Location and Maps

Location services may use GPS, network location, and map provider APIs. Map outputs may contain errors due to third-party data quality. Users are responsible for verifying physical location and legal status before any transaction.

8.2 Cookies and Tracking

Essential, preference, analytics, security, and marketing cookies may be used according to consent settings and lawful requirements. Disabling cookies may reduce functionality.

8.3 Analytics

Events such as page views, search filters, module usage, dashboard actions, click paths, and conversion metrics may be collected for platform optimization, risk controls, and abuse detection.

9. Moderation, Fraud and Abuse Prevention

Roomy™ deploys manual and automated moderation systems. We may scan, flag, rank, restrict, remove, suspend, or permanently ban accounts, listings, profiles, chats, media, groups, and transactions that appear risky or non-compliant.

• Fake profiles, fake listings, fake messes, impersonation, spam, abuse, hate speech, phishing, scraping, bot activity, malware uploads, and hacking attempts are prohibited.
• Risk scoring and automated moderation may produce false positives; platform decisions remain final unless reversed by authorized review.
• Evidence may be retained and shared with law enforcement and courts where legally required.

10. Data Sharing and Disclosure

Data may be shared on a need-to-know basis with:

• Other users, where functionality requires visibility (for example listing owners, mess owners, invitees, request participants).
• Payment processors, invoicing systems, fraud-prevention providers, cloud infrastructure providers, communication and notification providers, and analytics providers.
• Moderators, auditors, legal counsel, and affiliates for compliance and platform protection.
• Government agencies, regulators, police, courts, and statutory bodies under lawful demand or legal necessity.

We do not guarantee confidentiality of data that users voluntarily disclose publicly in listings, posts, community groups, or chats.

11. Cross-Border and Vendor Processing

Some vendors may process data on servers outside your state or outside India as permitted by law and contractual safeguards. By using the platform, users consent to such transfers where required for service delivery, security, analytics, and compliance.

12. Retention Schedule and Deletion Timelines

• Account and security logs: retained as required for fraud prevention, audit, and legal compliance.
• Listings/profile/media records: retained during active status and archived after deletion/deactivation as per legal defense or complaint windows.
• Expense/payment/invoice records: retained for tax, accounting, audit, dispute, and statutory obligations.
• Chat/moderation records: retained for safety, policy enforcement, and legal proceedings where required.
• Deletion requests: implemented after identity verification and legal hold checks; some data may be anonymized instead of fully erased.

13. User Rights and Control Choices

Subject to law, users may request access, correction, update, export, deactivation, or deletion of data. Requests may be refused, limited, or delayed where required by law, ongoing disputes, security concerns, unpaid dues, fraud investigation, or lawful retention obligations.

Users can manage selected controls through profile settings, notification settings, cookie preferences, and account tools. For unresolved issues, users may contact the Grievance Officer.

14. Children and Restricted Users

The platform is intended for individuals who are legally competent to contract under Indian law. Use by minors is prohibited unless explicitly allowed by lawful guardian-managed features approved by the platform. Accounts violating this rule may be terminated immediately.

15. Security Controls and Incident Handling

• Encryption, access controls, environment segregation, logging, and operational security are used to protect data.
• No platform can guarantee absolute security; users must protect credentials and report suspicious activity immediately.
• In case of a security event, actions may include forced logout, credential reset, temporary suspension, and lawful notifications.

16. Legal Bases, Compliance and Lawful Requests

Processing may rely on user consent, contract performance, legitimate business interest, legal obligations, fraud defense, network security, and enforcement of legal rights. We may process and disclose data to defend the company, management team, employees, moderators, affiliates, and vendors in legal claims and investigations.

17. Grievance Officer and Contact

Grievance Officer: [Insert Grievance Officer Name/Designation]

Email: [email protected]

Phone: +919096223228

Postal Address: Vadve Complex, 375, Nanekarwadi Fata, Khed, Pune, Maharashtra - 410501, India

For valid legal notices, include account identifier, module involved, timeline, and supporting evidence.

18. Policy Updates and Prevailing Terms

Roomy™ may amend this Policy at any time to reflect legal, operational, security, or product changes. Updated versions become effective as notified. Continued use after effective date constitutes acceptance of revised terms.

If any clause is held invalid, remaining clauses will survive and remain enforceable.