Privacy Policy

EstatePartners (product name Bestate / BuildingEstate) is operated by the business entity that provides the Platform to you—typically identified in your order form, invoice, or signup experience as the contracting party (“we”, “us”).

Under the DPDP Act, such an entity may act as a Data Fiduciary when it determines the purpose and means of processing digital personal data in connection with the Service. Where you use the Platform as part of a Company tenant, your employer or organisation may also determine certain processing (for example, internal HR or commission policy). In those cases, the Company may act as a Data Fiduciary or co-fiduciary for specific datasets, and we process data as described in your agreements with us and them.

We process personal data for the following purposes, as applicable:

• Service delivery: creating accounts, authentication, multi-tenant routing, and providing features you request—including property and lead data inside your Company workspace (the marketing homepage does not list live inventory for anonymous visitors);
• KYC and fraud prevention: verifying identity, gating high-risk actions (such as locks and bookings for Agents), and detecting abuse;
• Commission and network integrity: applying your Company's active commission plan rules, calculating earnings, maintaining referral trees, and producing statements;
• Billing and collections: issuing and tracking invoices, subscription and platform fees, and—where amounts due are not paid within the timeframe stated in our Terms and Company Agreement (currently four (4) working days from the applicable invoice due date or, if none is stated, from invoice generation)—taking account actions such as suspension or withdrawal of access to the Company workspace, consistent with those documents and product configuration;
• Communications: service notices, security alerts, and (where permitted) product updates;
• Legal and compliance: complying with law, court orders, and regulatory requests; enforcing our Terms; resolving disputes;
• Improvement and analytics: understanding usage in aggregated form, improving reliability and user experience.

For processing that requires consent under the DPDP Act, we seek clear, affirmative consent—for example, when you tick a box to accept these policies at signup or when we introduce a new optional processing purpose that is not covered by contract or legitimate uses permitted by law.

You may withdraw consent for processing that is solely consent-based by contacting us (see Section 8 and Section 12). Withdrawal may limit or disable features that depend on that processing. Processing that we must retain for legal claims, regulatory obligations, or contract performance may continue where permitted by law.

If you are acting on behalf of a Company, your organisation’s agreement with us may authorise certain processing of workforce data; we still honour applicable individual rights as described below.

We do not sell personal data. We share data only as needed to operate the Platform. Routine sharing is internal to your tenant and our vetted service providers:

• Within your tenant: Company Admins and Agents (and Super Admin tools where applicable) can access data according to role-based permissions. This is essential to how the product works.
• Processors / service providers: hosting, database, authentication, storage (for example document and image storage), email delivery, analytics, and customer support tools—under contracts requiring confidentiality and appropriate security.
• Legal and safety: regulators, law enforcement, or others when required by applicable law or to protect rights, safety, and integrity.
• Business transfers: in a merger, acquisition, or asset sale, with notice as required by law.

We use recognised cloud infrastructure and apply administrative, technical, and organisational measures appropriate to the risk—including encryption in transit (HTTPS), access controls, least-privilege engineering practices, and monitoring. No method of transmission or storage is completely secure; we work to reduce risk and respond to incidents as described in Section 11.

Data may be processed in India and, where applicable, in other jurisdictions where our subprocessors operate, subject to contractual safeguards and applicable law.

KYC data is treated as high-risk information. Access is limited to authorised roles, logged where feasible, and used only for verification, compliance, dispute handling, and service improvement tied to those purposes.

You should upload clear, legible documents only through designated flows. Do not share KYC material in unsecured channels (for example public chats or personal email) in connection with the Service.

Because EstatePartners is a multi-tenant B2B platform, much of the data you see belongs to your Company, its clients, or other users. We implement role-based access controls so that users only access data appropriate to their role (for example Super Admin, Admin, Agent, or Client).

If you are a Data Principal under the DPDP Act, you may exercise the following rights subject to verification and legal exceptions:

• Right to access: request a summary of your personal data we process and the processing activities we carry out in relation to it, as prescribed;
• Right to correction: request correction of inaccurate or incomplete personal data;
• Right to erasure: request erasure where retention is no longer necessary for the purpose, consent is withdrawn (where processing is consent-based), or as otherwise provided by law;
• Right to grievance redressal: escalate to our Grievance Officer (Section 12);
• Right to nominate: nominate another individual to exercise your rights in the event of death or incapacity, as per the DPDP framework when in effect.

To exercise rights, email privacy@estatepartners.com with your registered email, role, and request details. We may ask for reasonable identity verification. If your data is controlled primarily by your Company (for example employee records), we may route part of your request to that Company where appropriate.

We retain personal data only as long as needed for the purposes in Section 3, including statutory, tax, accounting, and dispute-resolution periods. Typical considerations:

• Account data for the life of the account and a reasonable period afterwards for backups and legal holds;
• KYC and financial records for periods required by AML, tax, or company policy, unless a shorter period is mandated;
• Logs and security records on a rolling basis as needed for incident response;
• Anonymised or aggregated datasets that do not identify you may be kept longer.

We use cookies and similar technologies to keep you signed in, remember preferences, measure performance, and protect against abuse. You can control cookies through browser settings; disabling essential cookies may break login or security features.

Where we use non-essential analytics or marketing cookies, we will obtain consent as required by applicable law and product configuration.

If we become aware of a personal data breach that affects your rights, we will assess the incident, take containment steps, and notify the Data Protection Board of India and affected Data Principals when and how the DPDP Act and its rules require us to do so.

We maintain procedures for logging, escalation, and cooperation with competent authorities.

Under the DPDP framework, you may contact our Grievance Officer for complaints related to processing of your personal data:

• Email: grievance@estatepartners.com
• Response timeframe: we aim to acknowledge grievances within 7 days and resolve or update you within timelines prescribed under law once rules are fully operational.

You may also have the right to approach the Data Protection Board of India after exhausting prescribed grievance steps, when the framework so allows.

The Service is not directed to children under 18. We do not knowingly collect personal data from children. If you believe a minor has provided data, contact us and we will take appropriate steps to delete it, subject to law.

We may update this Policy from time to time. We will post the new version here and revise the “Last updated” date. Where required, we will notify you through the Platform or email and, if mandated, seek fresh consent.

Privacy enquiries: privacy@estatepartners.com