Privacy Policy

This Privacy Policy explains how Decipher Consultancy Services (“we”, “us”, “our”) — the operator of the Realzent Software-as-a-Service platform (“Realzent”, “the Platform”, “the Service”) — collects, uses, shares, retains, and protects your personal data when you access or use the Service. It is published in compliance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and the Digital Personal Data Protection Rules (as notified) along with applicable Indian information-technology and consumer-protection law.

1. Who we are

Realzent is operated by Decipher Consultancy Services, a firm based in India. For the purposes of the DPDP Act we act as the Data Fiduciary in respect of personal data of our account holders (real-estate agents, brokerages and their authorised team members) and as a Data Processor in respect of personal data that account holders upload about their own customers (leads, clients, prospects) while using the Service. References to “you” mean a Data Principal under the DPDP Act.

2. Personal data we process

We collect the following categories of personal data:

CategoryExamplesSource
Identity & account data Name, phone number, email, business name, RERA registration number, GSTIN, city, password (stored hashed) Provided by you at signup / onboarding
Workspace & operational data Leads, deals, builders, projects, property cards, site visits, commissions, invoices, documents you upload Entered or uploaded by you while using the Service
Communication data Messages sent via the Service (email, WhatsApp, SMS templates), contact-form submissions, support tickets Provided by you / generated by use
Billing & subscription data Plan, subscription status, invoice records, payment transaction identifiers. We do not store card numbers, CVV or bank credentials — these are handled directly by our payment gateway (Razorpay). Generated by subscription / Razorpay
Technical & usage data IP address, user-agent, device type, language, referer URL, pages viewed, feature usage events, timestamps, error logs Collected automatically
Cookies & similar technologies Session identifiers, CSRF tokens, preference cookies. See our Cookie Policy. Set by the Service

2.1 Sensitive personal data

We do not intentionally collect sensitive personal data such as financial account details, biometric identifiers, health information, sexual orientation, religious beliefs, caste/tribe, or political affiliation. If you choose to upload such data into the Service (for example, as part of a customer record), you confirm that you have obtained all necessary consents from the relevant Data Principal and that you alone are responsible for the lawfulness of that processing.

3. Purposes for which we process your data

Each category above is processed only for the specific, lawful purposes listed below:

4. Legal basis for processing

Under the DPDP Act we rely on the following lawful grounds:

5. Notice and consent

Before we collect personal data that requires consent, you are presented with this Privacy Policy and a clear opt-in. You may withdraw your consent at any time by writing to our Grievance Officer (see Section 12) or by deleting your account. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal, and may also mean we can no longer provide some or all of the Service.

6. Children

The Service is intended for use only by individuals aged 18 or above. We do not knowingly collect personal data of children (persons below 18 years of age) or persons with disabilities who have a lawful guardian, except with verifiable consent of the parent or guardian as required by Section 9 of the DPDP Act. We do not track, profile, or run targeted advertising directed at children. If you believe we have inadvertently collected such data, contact our Grievance Officer and we will delete it without undue delay.

7. How we share your personal data

We do not sell your personal data. We share it only with the parties below and only to the extent necessary:

RecipientPurposeLocation
Razorpay Software Pvt. Ltd.Payment processing, subscription billing, refundsIndia
Cloud and hosting providers (e.g. Contabo / AWS / Cloudflare)Infrastructure, content delivery, DDoS protection, edge TLSEU / Global edge
Anthropic, OpenAI, Google (Gemini), PerplexityAI-assisted features (script generation, RERA intelligence, market reports). Inputs to these models are governed by the respective provider's terms; we do not opt in to using your data for model training.United States / Global
Communication providers (WhatsApp Business API, Twilio / SMTP)Sending messages on your behalf when you initiate themGlobal
Tax / accounting professionalsGST and statutory filingsIndia
Courts, regulators, law-enforcementCompliance with lawful orders, subpoenas, or statutory noticesIndia
Acquirers in a corporate transactionIf we merge, sell or restructure, we may transfer personal data to a successor entity. You will be notified of any such transfer.Depending on transaction

All processors we engage are contractually bound to process your data only on our instructions, maintain appropriate security safeguards, and comply with the DPDP Act and applicable laws.

8. Cross-border transfers

Some of our processors (cloud, AI providers, edge CDN, communication APIs) operate outside India. Such transfers are made only to countries that are not restricted under Section 16 of the DPDP Act or by any notification of the Central Government. Where the data leaves India we ensure equivalent contractual protections through Data Processing Agreements (DPAs), Standard Contractual Clauses, or recognised certifications.

9. Data retention

We keep personal data only for as long as necessary for the purpose it was collected, after which it is deleted or anonymised. Indicative retention periods:

Type of dataRetention
Account credentials and workspace dataWhile your account is active. Deleted within 90 days after account closure, subject to the next rows.
Invoices, GST records, tax filings8 financial years (as required by Indian tax law)
Audit logs (logins, security events)180 days
Marketing-consent recordsUntil consent is withdrawn + 3 years (for proof)
Contact-form submissions90 days from receipt, unless a professional engagement is established
BackupsUp to 60 days on a rolling basis; data subject to deletion requests will be removed from backups in the next scheduled cycle

10. Your rights as a Data Principal

Subject to the DPDP Act and reasonable verification of your identity, you may:

Most account-level rights can be exercised directly inside the Service (Profile and Settings). For everything else, write to our Grievance Officer. We will acknowledge your request within 72 hours and respond substantively within 30 calendar days, unless the law requires sooner.

11. Security of your data

We take reasonable security safeguards to protect personal data, including:

No system is perfectly secure. In the event of a personal-data breach that is likely to result in risk to you, we will notify both you and the Data Protection Board of India within the timelines prescribed under the DPDP Rules.

12. Grievance Officer

Designated Grievance Officer (DPDP Act, Section 8(9))

Name
Mr. Subesh Kumar
Role
Grievance Officer, Decipher Consultancy Services
Email
[email protected]
Phone
+91 9911202099
Address
Decipher Consultancy Services, India
Response time
Acknowledgement within 72 hours; substantive response within 30 days

If you are not satisfied with the resolution provided by the Grievance Officer, you may approach the Data Protection Board of India at the address notified by the Central Government from time to time.

13. Changes to this Privacy Policy

We may revise this Privacy Policy from time to time. When we make a material change, we will bump the version number, update the “Last updated” date, and — where required — request renewed consent. The version of the Privacy Policy you accepted is recorded in your user record and can be reviewed on request. Earlier versions remain available on request to the Grievance Officer.

14. Contact

For any questions about this Privacy Policy or how we handle your personal data, please write to our Grievance Officer (Section 12) or use our contact form.

Read next: Terms of Service · Cookie Policy · Grievance Redressal