Privacy Policy

Effective Date: March 18, 2026

Last Updated: March 20, 2026

1. Overview

RentDraft is committed to protecting your privacy in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and applicable Indian laws. This policy explains what data we collect, how we use it, and your rights as a Data Principal.

2. Consent

By using RentDraft, you provide free, specific, informed, and unambiguous consent to the collection and processing of your personal data as described in this policy. You provide this consent via the mandatory checkbox on the agreement generation form before any data is processed.

You may withdraw consent at any time by contacting our Grievance Officer. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.

3. Data We Collect

Agreement Inputs: Names, addresses, phone numbers, rent amounts, and property details you enter into the form. These are sent to our AI provider for agreement generation and are not stored on our servers after generation.

Transaction Data: Order ID, payment amount, plan type, state, and city. No personally identifiable information (PII) is stored in our database.

Email (hashed): If you request email delivery, your email address is hashed (SHA-256) before storage. We never store email addresses in plaintext.

Analytics: Anonymous usage data (state, city, plan selected) for improving the service.

4. Data We NEVER Collect or Store

• Aadhaar numbers — processed entirely on your device (client-side browser) and are never transmitted to, received by, or stored on RentDraft's servers
• PAN numbers — processed entirely on your device (client-side browser) and are never transmitted to, received by, or stored on RentDraft's servers
• Bank or payment card details — handled entirely by Razorpay (PCI DSS compliant)
• Passwords — RentDraft does not have user accounts
• Biometric data, caste, religion, health information, or political affiliation

5. How We Use Data

• Generate your rent agreement using AI-powered document automation
• Process payments via Razorpay
• Send your agreement via email (if you request it)
• Improve the service through anonymous, aggregated analytics
• Comply with legal obligations (tax records, dispute resolution)

6. Third-Party Data Processors

Your data may be processed by the following third-party services. By using RentDraft, you consent to cross-border transfer of data to these providers, some of which operate outside India:

• Google Gemini via OpenRouter (USA) — Receives agreement inputs (names, addresses, property details, rent terms) for AI document generation. Subject to OpenRouter's and Google's data retention policies. Aadhaar, PAN, and bank details are never sent.
• Razorpay (India) — Receives payment information (UPI/card details). RentDraft never sees or stores your payment credentials. PCI DSS Level 1 compliant.
• Supabase (USA) — Stores transaction metadata only (order ID, amount, plan, state, city). No PII is stored.
• Resend (USA) — Receives your email address and generated PDF for email delivery. Email is stored in plaintext only by Resend for delivery; RentDraft stores only the SHA-256 hash.
• Vercel (USA) — Hosts the application. Collects anonymous, cookieless analytics (page views, performance metrics). No PII is collected by Vercel Analytics.

7. Data of Non-Users (Counterparty Information)

When generating an agreement, you may provide personal information of another party (e.g., the landlord or tenant). By doing so, you confirm that you have the right to provide this information and that it will be used solely for the purpose of generating the agreement. We do not use counterparty data for marketing, analytics, or any purpose other than document generation.

8. Data Retention

• Transaction records (order ID, amount, plan, state, city): Retained for 7 years as required by Indian tax and GST law.
• Hashed email records: Retained for 1 year for support queries.
• Agreement content: Not stored. Generated on-demand and delivered immediately. Not retained on our servers.
• Analytics events: Retained indefinitely in anonymized, aggregated form.

9. Your Rights (under DPDPA 2023)

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the right to:

• Access: Request a summary of your personal data being processed and the processing activities.
• Correction: Request correction of inaccurate or incomplete personal data.
• Erasure: Request deletion of personal data that is no longer necessary for the purpose it was collected.
• Withdraw consent: Withdraw your consent at any time by contacting our Grievance Officer.
• Grievance redressal: File a complaint with our Grievance Officer or, if unresolved, with the Data Protection Board of India.

To exercise any of these rights, email support@rentdraft.in with your Order ID. We will respond within 30 days.

10. Security

We implement reasonable security safeguards as required under the DPDPA 2023 and IT Act, 2000:

• All data in transit is encrypted via TLS
• Database uses row-level security (RLS) — no public access
• Sensitive PII (Aadhaar/PAN) is handled exclusively in your browser and never transmitted
• Email addresses are one-way hashed (SHA-256) before storage
• API keys and secrets are stored in environment variables, never in source code

11. Children's Data

RentDraft is intended for users aged 18 years and above. We do not knowingly collect personal data from anyone under 18. If you believe a minor has used our service, please contact us and we will delete the associated data.

12. Grievance Officer

In accordance with the Information Technology Act, 2000 and DPDPA 2023, our Grievance Officer is:

Name: Ayush Nagvanshi
Email: support@rentdraft.in
Response time: Within 30 days of receiving your complaint

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the website. Continued use after changes constitutes acceptance.