What we collect

• Account data: your name, mobile number, email address, and authentication state (when you last signed in).
• Property + tenancy records: properties, units, tenants, lease terms, rent amounts, utility accounts, bills, and payments you enter into the app.
• Identity verification: the last 4 digits of Aadhaar and PAN with a verification flag, never the full numbers. Full Aadhaar / PAN are not stored at rest.
• Messaging metadata: the phone numbers and message IDs we send WhatsApp / SMS reminders through, plus delivery status from our gateway provider.

What we do NOT collect

• Full Aadhaar numbers (we store only verification status + last 4 digits)
• Full PAN numbers (same — verification status + last 4 digits only)
• Card numbers, CVV, or any payment card data — handled entirely by Razorpay
• Location data, device contacts, browsing history outside GharLedger
• Biometric data of any kind

Who we share data with

• Razorpay — processes UPI / card payments. They see transaction amount + your registered phone/email + a payment reference. They do not receive tenant Aadhaar or PAN.
• MSG91 — sends WhatsApp / SMS reminders on your behalf. They see the recipient phone number and the rendered message body.
• Hetzner Cloud (Falkenstein, EU) — hosts the Postgres database where your account, property, tenancy, and payment records live. They have no application-level access to its contents.
• Cloudflare R2 — hosts encrypted nightly database backups + (in future) hero photos and receipt PDFs. Globally replicated edge storage; location-hinted to Asia-Pacific. They have no access to encrypted contents.
• No other third party. We do not sell, rent, or share data with advertisers or data brokers.

How long we retain data

• Active accounts: for as long as you keep using GharLedger.
• Deleted accounts: a 14-day grace window during which you can restore from Settings. After 14 days, personally identifiable fields (name, email, phone, KYC flags) are anonymized. Invoice and payment records are retained in anonymized form for 7 years to satisfy Indian Income Tax Act record-keeping requirements (Section 44AA).
• Server logs: request logs are retained for 30 days for security and debugging, then auto-deleted.

Your rights under DPDPA 2023

• Right to access: see what data we hold about you. Email support@gharledger.com — we respond within 30 days.
• Right to correction: edit your name, contact info, and account settings directly in Settings, or email support@gharledger.com if a field isn't editable.
• Right to erasure: delete your account from Settings → Account → Delete my account. 14-day grace window; anonymized after that.
• Right to grievance redressal: contact the Data Principal Grievance Officer below.

Data Principal Grievance Officer

Security

• HTTPS-only transport with HSTS
• JWT bearer authentication with short-lived tokens
• Aadhaar / PAN never stored at rest (only verification flags + last 4)
• Nightly encrypted Postgres backups to Cloudflare R2 (location-hinted Asia-Pacific); primary database in EU jurisdiction (Hetzner Falkenstein)
• Breach notification: in the event of a personal data breach, we will notify affected users by email + WhatsApp within 72 hours of discovery, per DPDPA §10(6).

Changes to this policy

We'll update the "Effective" date at the top of this page whenever this policy changes. Material changes (e.g. new data collected, new third-party share) will be notified by email + an in-app banner at next sign-in.