Privacy Policy

1Owner Privacy — Our Core Commitment

Estavik is built on a single foundational promise: owner contacts are never shared publicly.

• Owner name, phone number, address, and bottom price are stored in an encrypted private vault
• Vault data is accessible only to the authenticated account holder who created the listing
• Share links generated for customers or other mediators never contain vault data
• Portfolio pages never display vault data
• Staff members added to an account cannot access vault data without explicit owner approval
• Estavik staff cannot access your vault data in normal operations

2Information We Collect

Account information

• Phone number (used for OTP login — no password required)
• Full name and business name (optional, for your profile)
• City and language preference
• Profile photo (optional, stored on Cloudflare R2)

Property data

• Public listing fields: property type, area, price, size, photos, status
• Private vault fields: owner name, owner phone, owner address, bottom price, key holder, internal notes — stored encrypted, never shared publicly

Usage data

• App usage patterns (to improve features) — anonymised and aggregated
• AI feature usage counts for quota management
• Error logs (to fix bugs) — no personal property data included
• Share link open counts (to provide analytics to you)

Payment data

• Subscription payments are processed by Razorpay. We do not store credit card numbers or UPI PINs
• We store your Razorpay subscription ID and payment status for plan management

3How We Use Your Information

• To authenticate you via OTP on login
• To display your listings, customers, and data in the app
• To generate share links for properties you choose to share
• To process subscription payments via Razorpay
• To send push notifications for task reminders (only if you grant permission)
• To generate AI property parses when you use the AI feature (processed by Google Gemini API)
• To provide your portfolio page at estavik.com/your-handle
• To send SMS OTPs via Fast2SMS for login verification

4Data Storage and Security

• Your data is stored on Supabase (PostgreSQL) servers with row-level security
• Property photos are stored on Cloudflare R2 with access-controlled URLs
• All data is transmitted over HTTPS/TLS encryption
• Offline data on your device is managed by PowerSync with local encryption
• We follow industry-standard security practices and conduct regular security reviews

5AI Features and Third-Party Processing

Estavik uses Google Gemini AI to extract property details from text and voice input. When you use these features:

• Your text or audio is sent to Google’s Gemini API for processing
• Google’s Privacy Policy applies to this processing
• We do not share personal customer data (names, phone numbers) with Google — only listing descriptions and voice recordings are sent for AI extraction
• Voice recordings are processed in real-time and are not stored by us after processing

6Data Sharing

We do not sell your personal data. We share data only with:

• Razorpay — for processing subscription payments
• Fast2SMS — for sending OTP verification SMS
• Google (Firebase) — for push notification delivery
• Google Gemini API — for AI-powered listing extraction from text and voice input
• Supabase — database hosting
• Cloudflare R2 — media storage
• PowerSync — offline data synchronisation

All third-party services are used only for their stated purpose and are bound by their own privacy policies.

7Team and Company Data Sharing

If you use Estavik’s team/company features:

• As a team owner, you can see listings, customers, and activity added by your team members
• As a team member, you can see the owner’s listings and customers while you are an active member
• When a team member leaves or is removed, their data is transferred to the company owner permanently
• Team members can request access to private owner vault information. The owner must explicitly approve each request. Access auto-expires after 2 hours

8Your Rights

• Access: You can view all your data in the app at any time
• Export: Platinum plan users can export all data as a CSV file
• Correction: You can edit your profile and listings at any time
• Deletion: You can request account deletion from Settings. We will delete your account and all associated data within 30 days
• Portability: Contact us to request a full data export in any format

9Data Retention

• Active account data is retained as long as your account is active
• After account deletion, data is permanently deleted within 30 days
• Anonymised aggregate usage statistics may be retained longer for improving the service
• Payment records required by law (GST) are retained for 7 years

10Children’s Privacy

Estavik is a professional business application. It is not intended for users under 18 years of age. We do not knowingly collect data from minors.

11Compliance

We are committed to compliance with the Digital Personal Data Protection (DPDP) Act, 2023 (India). If you have questions about your rights under this Act, please contact us at hello@estavik.com.

12Changes to This Policy

We will notify you of significant changes to this policy via in-app notification and email. Continued use of Estavik after notification constitutes acceptance of the updated policy.

13Contact for Privacy Concerns

For any privacy questions or to exercise your data rights:

• Email: hello@estavik.com
• GSTIN: 33BMVPA2143N2ZV