Privacy Policy — Estavik

Last updated: 7 May 2025

This Privacy Policy is issued by TANISHKHA, the company that operates the Estavik application and platform. References to "Estavik", "we", "us", or "our" in this document refer to TANISHKHA. For all legal purposes, TANISHKHA is the data controller for information collected through the Estavik app and website.

Contents

Who We Are
What Data We Collect
How We Use Your Data
Owner Information — Special Protection
How We Share Your Data
Data Storage and Security
Photos and Media
Cookies and Analytics
Your Rights
Children's Privacy
Third-Party Services
Changes to This Policy
Contact Us

1. Who We Are

Estavik is a property management application built for real estate mediators in India, operated by TANISHKHA. Our registered business address and contact details are available at estavik.com/contact.

By downloading or using the Estavik app or visiting estavik.com, you agree to the collection and use of information as described in this Privacy Policy.

2. What Data We Collect

2.1 Account Information

Mobile phone number (used for OTP login and account identification)
Full name and business name (entered during profile setup)
Profile photo (optional, uploaded by you)
City and preferred language

2.2 Property Data

Property type, deal type, location area, price, size, photos, and highlights — all entered by you
Private vault data: owner name, owner phone number, GPS location, bottom price, internal notes — entered by you and accessible only to you
Property status, dates created and modified

2.3 Customer Data

Customer names, phone numbers, budget ranges, and requirements entered by you
Follow-up notes and reminders you create

2.4 Financial Data

Commission records and expense logs entered by you (Pro and Platinum plans)
Subscription plan and billing status (processed via Razorpay — we do not store card details)

2.5 Technical Data

Device type and operating system version
App version in use
IP address and approximate location (city level) for security monitoring
Error logs and crash reports for app improvement
Share link open counts (anonymous — we do not identify individual link viewers)

We do not collect your contacts list, call logs, messages, or any data outside the Estavik app itself. We request only the device permissions necessary for app functionality.

3. How We Use Your Data

To provide the Estavik service — property management, sharing, reminders, and all features you use
To send OTP messages for login and account security via SMS
To send push notifications for follow-up reminders you have set
To process subscription payments through Razorpay
To monitor and fix technical errors in the app
To detect and prevent fraud, abuse, and security threats
To send important service announcements (not marketing — you can opt out of promotional messages)
To improve the app based on anonymous usage patterns

We do not use your data for advertising. We do not profile you for marketing. We do not sell your data to any third party under any circumstance.

4. Owner Information — Special Protection

This section describes our strongest privacy commitment and the technical mechanism behind it.

Owner information — including owner name, phone number, address, GPS location, bottom price, and internal notes — is stored in a separate, access-controlled database table called the Private Vault.

This table is governed by Row Level Security (RLS) at the database level. This means:

The database server itself refuses to return owner data to any user other than the one who created that listing
Staff members, partner mediators, and customers cannot access this data even if they have access to other parts of the platform
Share links, portfolio pages, and catalog links are technically incapable of fetching data from the Private Vault — they only query the public listings table
Our own support staff cannot view your owner data without a formal legal request and audit log entry

Owner information is never included in exports, backups shared with third parties, or analytics reports. It remains exclusively yours.

5. How We Share Your Data

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

5.1 Service providers

Supabase — database and file storage (servers located in Singapore region)
Razorpay — payment processing (governed by Razorpay's own privacy policy)
Fast2SMS — OTP delivery via SMS
Cloudflare — content delivery network for fast image loading

These providers are bound by data processing agreements and are permitted to use your data only to provide their services to us.

5.2 Legal requirements

We may disclose data if required by Indian law, a valid court order, or a government authority request. We will notify you of any such request where legally permitted to do so.

5.3 Business transfer

If TANISHKHA is acquired or merged with another entity, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

6. Data Storage and Security

All data is stored on secure servers managed by Supabase, with encryption at rest and in transit using TLS 1.2 or higher
Access to our database is restricted to authorised personnel only, protected by multi-factor authentication
We conduct regular security reviews and monitor for unauthorised access attempts
Failed login attempts are automatically blocked after 5 incorrect OTPs
All admin actions on our platform are logged with timestamps

While we implement industry-standard security measures, no system is 100% immune to security breaches. In the unlikely event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of it.

Data Retention

Active account data is retained as long as your account is active
Deleted properties are kept in Trash for 30 days, then permanently deleted
If you delete your account, all your data is permanently deleted within 30 days
After account cancellation (not deletion), data is accessible for 6 months before automatic deletion

7. Photos and Media

Photos you upload are stored on Supabase Storage and served via Cloudflare CDN
All photos are automatically compressed and converted to WebP format to reduce storage size
A watermark with your name and phone number is applied to photos before storage — this is a feature you control and can disable per property
Original un-watermarked photos are also stored privately and accessible only to you
Photos included in public share links are the watermarked versions only
We do not use your property photos for any purpose other than displaying them within your Estavik account and on share pages you generate

By uploading photos to Estavik, you confirm that you have the right to use those photos. You retain full ownership of all photos you upload. You grant Estavik a limited licence to store, compress, watermark, and display them solely for the purpose of operating the service.

8. Cookies and Analytics

The Estavik website (estavik.com) uses minimal cookies for session management and security. We do not use advertising cookies or third-party tracking pixels.

We collect anonymous usage statistics — such as which pages are visited and how long users spend on them — to improve the website. This data cannot be used to identify individual users.

The Estavik mobile app does not use cookies. App analytics are limited to anonymous crash reports and feature usage counts.

9. Your Rights

You have the following rights regarding your personal data:

Access: Request a copy of all personal data we hold about you
Correction: Update or correct any inaccurate personal data
Deletion: Request deletion of your account and all associated data
Export: Download your listings and customer data (Platinum plan)
Objection: Object to any processing of your data you believe is unlawful
Withdrawal: Withdraw consent for optional data processing at any time

To exercise any of these rights, contact us at support@estavik.com. We will respond within 7 business days.

10. Children's Privacy

Estavik is intended for use by adults aged 18 and above. We do not knowingly collect personal information from anyone under the age of 18. If we become aware that a minor has provided us with personal data, we will delete it immediately. If you believe a minor has registered on our platform, please contact us at support@estavik.com.

11. Third-Party Services

Estavik integrates with the following third-party services. Each is governed by its own privacy policy:

Supabase — supabase.com/privacy
Razorpay — razorpay.com/privacy
Fast2SMS — fast2sms.com/privacy-policy
Cloudflare — cloudflare.com/privacypolicy
Google Fonts — policies.google.com/privacy

We are not responsible for the privacy practices of these third-party services. We recommend reviewing their policies directly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the app and update the "Last updated" date at the top of this page. Continued use of Estavik after a policy change constitutes your acceptance of the updated policy.

We will never reduce your privacy rights without explicit notice and the opportunity to opt out or delete your account before the change takes effect.

13. Contact Us

For any privacy-related questions, data requests, or concerns, contact us at:

Email: support@estavik.com
Website: estavik.com/contact
Operated by: TANISHKHA

We aim to respond to all privacy-related enquiries within 7 business days.