Privacy & Data Protection

Privacy Policy

Effective Date: June 5, 2025  |  Last Updated: June 5, 2025

Table of Contents

  1. Who We Are
  2. Information We Collect
  3. How We Use Your Information
  4. Sharing of Information
  5. Data Storage & Security
  6. Data Retention
  7. Your Rights
  8. Account Deletion
  9. Children's Privacy
  10. Third-Party Services
  11. Changes to This Policy
  12. Contact Us

Welcome to Apna Flat ("we", "our", or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (Apna Flat on Android) and our website flathaito.com (collectively, the "Services").

By downloading or using the Apna Flat app, or by accessing our website, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use our Services.

Apna Flat is a property rental platform operating in Indore, Madhya Pradesh, India. We connect tenants directly with verified property owners — no brokers, no hidden fees.

1. Who We Are

Apna Flat is a property rental platform operated as a proprietary service based in Indore, Madhya Pradesh, India.

2. Information We Collect

a) Information you provide directly

  • Phone number — used for OTP-based authentication. We do not store passwords.
  • Profile information — your name and any details you provide during registration (e.g., ProfileSetupScreen).
  • Property details — if you are a property owner, information about your listed properties including address, photos, rent amount, and amenities.
  • Visit bookings — preferred date and time when you schedule a property visit.

b) Information collected automatically

  • Device information — device model, operating system version, and unique device identifiers.
  • Usage data — screens viewed, features used, search queries, and in-app interactions.
  • Session data — authentication session tokens stored securely via AsyncStorage on your device.
  • IP address — collected by our server during API calls, used for security and approximate location.

c) Location information

  • Approximate location — derived from your IP address for showing relevant listings.
  • Precise location (optional) — the app may request access to your GPS location to show properties near you on the map. This is optional and can be denied. Our website may also request GPS location for analytics purposes; you may decline this browser prompt.

d) Photos & media

  • If you are a property owner adding listings, you may upload photos from your device. These are stored on our servers and displayed within the app.

3. How We Use Your Information

We use the information we collect to:

  • Authenticate your identity via OTP and maintain your login session.
  • Display property listings relevant to your location and preferences.
  • Enable property owners to list, manage, and update their properties.
  • Allow tenants to book property visits and add properties to their wishlist.
  • Send OTP messages via SMS for login and registration.
  • Improve, personalize, and expand our Services.
  • Monitor and analyse usage to identify bugs and improve the user experience.
  • Detect, prevent, and address technical issues or fraudulent activity.
  • Track website visits and APK downloads for internal analytics (via our Frappe backend).
  • Respond to your support requests and communications.
We do not sell your personal data to third parties. We do not use your data for targeted advertising.

4. Sharing of Information

We do not sell, trade, or rent your personal information to third parties. We may share data only in the following circumstances:

  • Between tenants and owners: When a tenant schedules a visit or expresses interest, relevant contact information may be shared with the property owner to facilitate the connection.
  • Service providers: We use third-party services to operate our platform (e.g., SMS providers for OTP delivery). These providers have access to personal data only to perform their specific functions and are obligated not to use it for other purposes.
  • Legal requirements: We may disclose information if required to do so by law, court order, or governmental authority in India.
  • Business transfer: If Apna Flat is involved in a merger, acquisition, or asset sale, your information may be transferred. We will provide notice before your personal data is transferred.

5. Data Storage & Security

Your data is stored on servers running the Frappe framework at app.flathaito.com, hosted in a secure environment. We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction.

  • Authentication uses OTP via SMS — no passwords are stored.
  • Sessions are managed using server-side cookies (sid) with secure attributes.
  • On-device data (session tokens, onboarding state) is stored using Android's secure AsyncStorage.
  • All communication between the app and our servers is conducted over HTTPS.

Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services. Specifically:

  • Account data (phone number, profile) — retained until you request deletion.
  • Property listings — retained as long as the listing is active or until the owner removes it.
  • Visit bookings — retained for operational and dispute-resolution purposes for up to 1 year after the visit date.
  • Analytics data (website visits, download events) — retained in aggregated, anonymised form for up to 2 years.

You may request deletion of your account and personal data at any time by contacting us at support@flathaito.com.

7. Your Rights

As a user of our Services, you have the following rights regarding your personal data:

  • Access: You may request a copy of the personal data we hold about you.
  • Correction: You may request correction of inaccurate or incomplete data.
  • Deletion: You may request that we delete your account and personal data. We will process your request within 30 days.
  • Withdrawal of consent: You may withdraw consent for optional data collection (e.g., GPS location) at any time through your device settings or by contacting us.
  • Data portability: You may request a copy of your data in a structured, machine-readable format.
  • Opt-out of communications: If we send any promotional communications, you may opt out at any time.

To exercise any of these rights, please contact us at support@flathaito.com. We will respond within 30 days.

Account Deletion: To permanently delete your Flat Haito account and all associated data, visit our dedicated Account Deletion page or see Section 8 below for full details and the submission form.

8. Account Deletion

You have the right to request permanent deletion of your Flat Haito account and all associated personal data at any time. This right applies to both Property Owners and Tenants.

How to request deletion:

  • Online form (recommended): Visit our dedicated Account Deletion page and fill out the request form. No login is required — you only need the mobile number registered with your account.
  • Email: Send an email to support@flathaito.com with the subject line "Delete My Account – [Your 10-digit Phone Number]".
  • In-app: Navigate to Profile → Settings → Delete Account (if you still have access to the app).
  • Phone: Call us at +91 95758 32633 (Mon–Sat, 10 AM – 6 PM IST).

What gets deleted:

  • Your account profile — name, email address, mobile number
  • Your Property Owner or Tenant record and all listed properties
  • All visit bookings, wishlist entries, and uploaded photos
  • Your login session data and OTP history

What may be retained for legal reasons:

  • Anonymised aggregate analytics (no personal identifiers) — up to 2 years
  • Financial/transaction records if applicable — up to 7 years (GST Act compliance)
  • Server access logs (IP address only) — auto-purged after 90 days
Timeline: We acknowledge all deletion requests within 24 hours (via SMS) and complete the deletion within 30 working days. You will receive an SMS confirmation once your data has been removed.

Since Flat Haito uses OTP-based (passwordless) authentication, deletion requests are verified using the registered mobile number. You do not need to remember a password to request deletion.

Go to Account Deletion page →

9. Children's Privacy

The Apna Flat app and website are not directed at children under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@flathaito.com and we will delete such information.

10. Third-Party Services

Our Services may integrate with or link to third-party services. The following third-party components are used in the Apna Flat app and website:

  • SMS / OTP Provider — for sending one-time passwords for login. Phone numbers are shared with the SMS provider solely for delivery.
  • Google Maps / react-native-maps — used to display property locations on a map. Subject to Google's Privacy Policy.
  • Stripe (react-native-stripe) — payment processing library integrated into the app. If payment features are enabled, your payment data is handled directly by Stripe and subject to Stripe's Privacy Policy. We do not store card numbers on our servers.
  • Nominatim / OpenStreetMap — used on our website for reverse geocoding GPS coordinates for analytics. No personal data is stored by this service beyond the anonymous API call.
  • Google Fonts & Font Awesome — used on our website for styling. These may log your IP address.

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. If the changes are significant, we will notify you through the app or via the contact information you have provided.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data. Your continued use of the Services after any changes constitutes your acceptance of the new Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all requests within 30 days.