Privacy Policy
Last updated: July 3, 2026
1. Our commitment
yesft is committed to protecting your personal data in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and applicable Indian law. This policy explains what we collect, why, and what rights you have.
2. What we collect
- Account data: name, email, phone number, password (hashed, never stored in plain text).
- Usage data: searches, listings viewed, shortlists, inquiries submitted, credit transactions.
- Listing data: if you post a property, the details you submit (address, price, photos, floor plan).
- Contact-us submissions: name, email, phone (optional), and message content.
- Technical data: IP address, browser type, device info, session identifiers — used for security, rate-limiting, and fraud prevention.
- Payment data: handled entirely by Razorpay. We never see or store your card, UPI, or bank details.
3. Why we collect it (purpose specification)
- To create and secure your account, and verify your email/phone.
- To connect buyers and sellers — routing your inquiry to the right recipient.
- To grant and track signup/purchased credits.
- To send transactional emails (verification, password reset, inquiry notifications, weekly activity digest).
- To prevent fraud, spam, and abuse of the credit system.
- To improve search relevance and platform functionality.
We do not sell your personal data to third parties.
4. Legal basis and consent
By creating an account or submitting a form on yesft, you consent to the collection and processing described here. Where required, we obtain explicit consent before processing sensitive categories of data.
5. Data sharing
- Sellers/builders: when you submit an inquiry, your name, contact details, and message are shared with the listing owner (or, for passive/RERA-sourced listings, with our ops team, who may relay your interest to the builder).
- Service providers: Brevo (email delivery), Razorpay (payments), Cloudflare (CDN/security), and our cloud hosting providers — each bound by their own data-processing terms.
- Legal requirements: we may disclose data if required by law, court order, or to protect the rights, property, or safety of yesft, our users, or the public.
6. Data retention
We retain account data for as long as your account is active. If you delete your account, we remove personally identifiable data within a reasonable period, except where retention is required for legal, tax, or fraud-prevention purposes.
7. Your rights
Under the DPDP Act, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Withdraw consent and request erasure of your data.
- Nominate another individual to exercise your rights in case of death or incapacity.
- Register a grievance regarding how your data is handled.
To exercise any of these rights, contact us — we aim to respond within 30 days.
8. Data security
Passwords are hashed (never stored in plain text). Sensitive tokens (email-verification, password-reset) are stored as one-way hashes and expire automatically. We use HTTPS everywhere and restrict internal access to personal data on a need-to-know basis.
9. Breach notification
In the event of a personal data breach that is likely to affect you, we will notify the Data Protection Board of India and affected users as required under the DPDP Act, without undue delay.
10. Children's data
yesft is not directed at individuals under 18. We do not knowingly collect data from minors.
11. Grievance officer
For privacy-related complaints or to exercise your data rights, reach our grievance contact via our contact form, selecting "Support" as the category. We aim to acknowledge grievances within 48 hours and resolve them within 30 days.
12. Changes to this policy
We may update this Privacy Policy periodically. Material changes will be highlighted on this page with an updated "Last updated" date.
