Settlr is a peer-to-peer notice board for verified corporate employees relocating to Hyderabad. It is currently operated as a community project, free of charge. You can reach us at privacy@settlrapp.com for any data-related queries.

We collect only the data necessary to provide our service:

• Identity data: Full name, company name (auto-derived from your corporate email domain), and corporate email address.
• Contact data: WhatsApp mobile number (stored securely, shared only upon mutual acceptance of a transaction).
• Location data: Neighbourhood or area (e.g. Hitech City, Gachibowli) — no GPS coordinates are collected.
• Listing data: Descriptions, prices, photographs, and other content you voluntarily publish for items, rooms, or event tickets.
• Usage data: Interests expressed, listings posted, and connection requests made.
• Device data: Browser type and basic device metadata collected automatically by our infrastructure provider (Vercel).
• Consent records: Date and time of your consent to this Privacy Policy and our Terms of Service.
• Verification data: Email verification status and the timestamp of your last verification email (used to enforce our 24-hour resend limit).

Under the DPDP Act 2023, we process your data for the following legitimate uses:

• Account creation and authentication — to verify you are a corporate employee and provide secure, email-verified access.
• Company identification — your company name is auto-derived from your corporate email domain and displayed on your listings as a trust signal.
• Marketplace operations — to display your listings for items, rooms, and event tickets, and to facilitate introductions between buyers, sellers, and flatmate seekers.
• Contact sharing — your WhatsApp number is shared with the other party only after both sides have mutually agreed to connect.
• Safety and trust — to investigate user reports, prevent fraud, and enforce our community guidelines.
• Legal compliance — to meet our obligations under applicable Indian laws, including the DPDP Act 2023.

We do not use your data for advertising, profiling, or any purpose beyond what is stated here.

We engage the following trusted third-party processors, each bound by their own privacy commitments:

• Google Firebase (Firestore + Authentication) — stores user accounts, listing data (items, rooms, tickets), interests, and reports. Authentication is handled entirely by Firebase; we do not store your password. Data may be processed on servers outside India.
• Cloudinary — stores images uploaded to listings. Images are retained until the listing is deleted or expires.
• Vercel — hosts our web application. Vercel collects standard server access logs (IP address, browser, timestamp) for security and performance purposes.

We do not sell, rent, or share your personal data with any other third party.

• Account data is retained until you delete your account.
• Listings auto-expire after 15 days; deleted or expired listings are removed from our database.
• Images uploaded to Cloudinary are deleted when the associated listing is deleted.
• Interests and connection requests are retained for 90 days, then deleted.
• Reports are retained for 12 months for safety investigation purposes.
• Upon account deletion, your name, WhatsApp number, and email are deleted immediately. Anonymised listing metadata may be retained for aggregate analytics.

You have the following rights under the DPDP Act:

• Right to access — request a copy of the personal data we hold about you.
• Right to correction — update your profile details at any time via the Me tab.
• Right to erasure — delete your account and all associated personal data from the Me tab → Danger Zone → Delete account.
• Right to grievance redressal — raise a complaint with our Grievance Officer (see below).
• Right to nominate — you may nominate another person to exercise your rights in the event of incapacity or death, by contacting us.

To exercise any right, email privacy@settlrapp.com. We will respond within 30 days.

We implement industry-standard security measures including encrypted communication (HTTPS/TLS), Firebase Authentication for secure login with email verification, Firebase security rules that restrict data access to verified users, and rate limiting. Your WhatsApp number is only revealed after a transaction is mutually accepted. We do not store passwords.

Only corporate email addresses from our verified domain whitelist can create accounts — this is a foundational security measure. If you discover a vulnerability, please disclose it responsibly to security@settlrapp.com.

Settlr is intended exclusively for employed adults. We do not knowingly collect data from anyone under 18 years of age. If we become aware that a minor has registered, we will delete their account immediately.

By using Settlr, you acknowledge that your data may be transferred to and processed in countries other than India (including the United States, where Google Firebase, Cloudinary, and Vercel servers may be located). These transfers are necessary to deliver our service. We ensure adequate protections are in place through our processor agreements.

You may withdraw your consent to data processing at any time by deleting your account (Me tab → Danger Zone). Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

We may update this policy from time to time. Where material changes occur, we will notify you via the app. Continued use of Settlr after notification constitutes acceptance of the updated policy.

In accordance with the DPDP Act 2023, our designated Grievance Officer can be contacted at:
Email: privacy@settlrapp.com
Response time: Within 30 days of receipt of complaint.

If your grievance is not resolved to your satisfaction, you may escalate it to the Data Protection Board of India once constituted under the DPDP Act.