Privacy Policy.
Last Updated: 11 July 2026
This policy describes what PlotPro collects, why, who it is shared with, and the rights available to builders, their teams, and end-customers — under India's DPDP Act, 2023 and, where applicable, the GDPR.
1. Introduction and Our Roles
This Privacy Policy explains how [PLACEHOLDER: legal entity name and registered address] ("PlotPro") handles personal data across the builder portal, project microsites, and the customer portal.
PlotPro acts in two distinct roles. For builder and staff accounts, platform billing, and PlotPro's own analytics, PlotPro is the data fiduciary under India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the data controller under the EU General Data Protection Regulation (GDPR), where it applies.
For enquiries, unit allocations, messages, and other end-customer records captured through a builder's microsite or the customer portal, PlotPro is a data processor acting on the builder's documented instructions — the builder is the fiduciary or controller for that data.
2. Information We Collect
Builder and staff accounts:
- identity and contact details — full name, email address, phone number, and profile photo;
- credentials — a salted password hash, or a Google sign-in identity where Google is used (PlotPro never stores Google passwords);
- organization details — company name, logo, addresses, and public profile content;
- security records — login timestamps, IP address, and browser user-agent kept in a login audit trail;
- consent records — the time at which the Terms of Service and this Policy were accepted.
End-customers:
- contact details submitted with an enquiry — name, email address, and phone number;
- sign-in events for the customer portal (one-time email codes; no passwords are stored);
- unit allocation records, stage history, messages exchanged with the builder, and notification history;
- consent records — the time of first sign-in, which constitutes acceptance of the Terms and this Policy.
Visitors to microsites and embedded maps: page views and interaction events (viewed sections, plot popups, map usage), collected with coarse technical metadata to produce aggregate analytics for the builder.
Payments: subscription billing is processed by Razorpay. PlotPro stores plan, subscription, and customer identifiers returned by Razorpay but never stores card numbers or other payment instruments.
3. How We Use Information and Legal Bases
PlotPro uses personal data to:
- provide and secure the Service, including authentication, multi-tenancy isolation, and fraud prevention;
- operate subscriptions, billing, and receipts;
- deliver transactional email such as verification codes, invites, and notifications;
- produce aggregate analytics for builders about their projects;
- comply with legal obligations and enforce the Terms of Service.
Where the GDPR applies, PlotPro relies on performance of a contract (providing the Service), legitimate interests (security, service improvement), consent (where specifically sought), and legal obligation. Under the DPDP Act, PlotPro processes personal data on the basis of the consent recorded at signup or first sign-in, and for certain legitimate uses recognised by that Act.
4. Cookies and Local Storage
PlotPro keeps its use of browser storage minimal:
- session state for signed-in users — access tokens are held in application memory or local storage;
- a refresh-token cookie (pp_cust_rt) for the customer portal — httpOnly, secure, and scoped to authentication endpoints;
- anonymous identifiers used to de-duplicate microsite analytics events.
PlotPro does not use third-party advertising cookies or cross-site tracking.
5. Who We Share Data With
PlotPro shares personal data only with processors needed to run the Service, under contracts that restrict their use of the data:
- Amazon Web Services — cloud hosting, storage, and content delivery;
- Razorpay — payment processing for subscriptions and enterprise deals;
- Brevo — transactional email delivery;
- Google — sign-in with Google, and Maps and Street View imagery where a project uses them.
PlotPro may disclose data where required by law, to protect rights and safety, or as part of a corporate transaction with notice. PlotPro does not sell personal data.
6. Where Data Is Stored and International Transfers
PlotPro's primary infrastructure runs in the Amazon Web Services Asia Pacific (Mumbai) region (ap-south-1), so personal data is stored in India by default. Content delivered through a global content-delivery network may be cached at edge locations outside India.
Where personal data of persons in other jurisdictions is processed, PlotPro relies on the safeguards available under applicable law, including contractual protections with its processors.
7. Retention and Deletion
Personal data is retained while an account or subscription is active and for as long as needed for the purposes above, then deleted or anonymised.
Uploaded media that is replaced or removed enters a deletion queue and is purged from storage on a scheduled sweep. Enquiry and allocation records are retained under the builder's instructions, since the builder controls that data.
PlotPro may retain limited records where required for legal, tax, or dispute-resolution purposes.
8. Your Rights
Subject to applicable law, users may request access to their personal data, correction, completion, or updating, erasure, and withdrawal of consent (which does not affect prior processing). Data principals in India may also nominate another person to exercise their rights in case of death or incapacity, and may approach the Data Protection Board of India if a grievance is not resolved.
Where the GDPR applies, users additionally have rights to data portability, restriction of processing, objection, and to lodge a complaint with a supervisory authority.
Requests can be made to the contacts in the Grievance Redressal section. Where PlotPro processes data on a builder's behalf, PlotPro forwards the request to the builder and assists them in honouring it — end-customers may also contact the builder directly.
9. End-Customers on Builder Microsites
Builder microsites and the customer portal are branded and operated for the builder. Enquiries submitted there go to the builder, and the builder decides how to use them. This Policy governs PlotPro's handling of that data as a processor; the builder's own privacy practices govern everything else, and end-customers should consult the builder's privacy notice for those details.
10. Security
PlotPro applies reasonable security safeguards appropriate to the data it handles, including encryption in transit, salted password hashing, hashed one-time codes and invite tokens, short-lived access tokens with rotating refresh tokens, strict separation between builder and end-customer authentication, per-tenant data scoping, and access controls on production systems.
No system is perfectly secure; PlotPro notifies affected users and authorities of personal data breaches as required by applicable law.
11. Children
The Service is intended for adults and is not directed at children under 18. PlotPro does not knowingly collect personal data from children; suspected child data will be deleted on discovery.
12. Grievance Redressal
Concerns about this Policy or a data request may be raised with the Grievance Officer: [PLACEHOLDER: grievance officer name and email], or by writing to hello@plotpro.co. PlotPro acknowledges grievances promptly and resolves them within the timelines prescribed under the DPDP Act, 2023 and other applicable Indian law.
13. Changes to This Policy
PlotPro may update this Policy from time to time. Material changes are notified through the Service or by email, and the "Last Updated" date above is revised. Continued use after the effective date constitutes acceptance.