Privacy Policy
Last updated: 20 February 2026
1. Introduction
AgentKart ("we", "our", or "us") operates the AgentKart platform, which includes the website at agentkart.com, the AgentKart mobile application (for property seekers and property sellers), and the AgentKart Agent mobile application (for real estate agents). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our services.
By using the AgentKart platform, you agree to the collection and use of your information in accordance with this policy. If you do not agree with this policy, please do not use our services.
This policy complies with the Digital Personal Data Protection Act, 2023 (DPDPA) of India, and applicable provisions of the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
2. Data We Collect
2.1 Information You Provide Directly
| Data Category | Specific Fields | Purpose |
|---|---|---|
| Identity Data | First name, last name, middle name, date of birth, gender | Account creation and personalization |
| Contact Data | Email address, phone number, physical address (city, state, pin code) | Communication, authentication (OTP), service delivery |
| Profile Data | Profile picture, bio, buyer/seller preferences, property requirements | Profile display and agent matching |
| Financial Data | Wallet balance, transaction history, payment records | Wallet management, payment processing, receipts |
| Property Data | Property listings (address, area, price, features, photos, videos) | Property listing, discovery, and matching with agents |
| Communication Data | Chat messages, video call records, appointment notes | Facilitating consultations between users and agents |
2.2 Agent-Specific Data (AgentKart Agent App)
If you register as a real estate agent, we additionally collect:
- Professional credentials: Specialization, years of experience, service areas, languages spoken, RERA registration number
- Business documents: GST certificate, MSME certificate
- Identity verification documents: PAN card, Aadhaar card (for KYC verification only — we do not store unmasked Aadhaar numbers in compliance with the Aadhaar Act)
- Video KYC recordings: For identity verification purposes
- Availability data: Time blocks, appointment schedules
2.3 Automatically Collected Data
- Device information: Device type, operating system, app version, unique device identifiers (for push notifications)
- Location data: Approximate location (city level) for finding nearby agents and properties; precise location only when you explicitly use location-based search features
- Usage data: Pages visited, features used, search queries, interaction patterns (collected via PostHog analytics)
- Error and performance data: Crash reports and performance metrics (collected via Sentry)
3. How We Use Your Data
We use your personal data for the following purposes:
- Account management: Creating and maintaining your account, authenticating your identity via OTP verification
- Service delivery: Connecting you with real estate agents, facilitating property discovery, enabling appointment booking and consultations
- Payment processing: Processing wallet top-ups via Razorpay, managing wallet balances, recording transactions, processing refunds
- Communication: Sending appointment confirmations, reminders, status updates, and service notifications via push notifications and in-app messages
- Agent verification: Verifying agent identities and professional credentials to ensure platform trustworthiness
- Platform improvement: Analyzing usage patterns, fixing bugs, improving features and user experience
- Safety and security: Detecting fraud, preventing abuse, enforcing our Terms of Service
- Legal compliance: Meeting obligations under applicable Indian laws including DPDPA, IT Act, and RBI regulations
4. Third-Party Services
We share your data with the following third-party service providers strictly for the purposes described:
| Service | Provider | Data Shared | Purpose |
|---|---|---|---|
| Payment Processing | Razorpay Software Pvt. Ltd. | Payment amount, order details, contact info | Processing wallet top-ups and refunds |
| Video Calls & Chat | Agora.io | Audio/video streams, channel identifiers | Real-time video consultations and messaging |
| Push Notifications | Google Firebase (FCM) | Device tokens, notification content | Sending appointment reminders and platform notifications |
| OTP & Email | MSG91 | Email address, phone number, name | Sending OTPs for authentication and email notifications |
| Media Storage | Amazon Web Services (S3) | Uploaded photos, videos, documents | Storing profile pictures, property media, and verification documents |
| Location Services | Google Places API | Search queries, location context | Address autocomplete and location-based search |
| Analytics | PostHog | Anonymized usage events, session data | Understanding usage patterns and improving the platform |
| Error Monitoring | Sentry | Error traces, performance data, device info | Monitoring and fixing application errors |
We do not sell your personal data to any third party. Data is shared only as necessary to provide the services described above.
5. Data Storage & Security
- Your data is stored on secure servers located in India (AWS ap-south-1 region, Mumbai) and is protected with industry-standard security measures.
- All data in transit is encrypted using TLS/HTTPS. We use HSTS (HTTP Strict Transport Security) headers to ensure secure connections.
- Authentication tokens are secured using JWT with short-lived access tokens (15 minutes) and refresh tokens (7 days).
- API access is protected with rate limiting, CORS policies, and security headers (via Helmet.js).
- Uploaded identity documents (for agent verification) are stored with server-side encryption in AWS S3 and are accessible only to authorized admin personnel.
- We never store unmasked Aadhaar numbers in compliance with the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016.
6. Data Retention
- Active account data: Retained as long as your account is active.
- Account deletion: When you request account deletion, a 30-day grace period applies during which you can reactivate your account. After 30 days, your personal data is anonymized and associated data (appointments, favorites, chat history, FCM tokens) is permanently deleted.
- Financial records: Transaction records are retained for 8 years after account deletion to comply with Indian financial regulations and tax requirements.
- Communication logs: Chat and call records associated with deleted accounts are purged 180 days after account deletion.
- Tombstone records: A hashed record of your email and account type is retained to prevent abuse through repeated account creation and deletion. No personal data is included in these records.
- OTP records: Automatically deleted after expiry (30 minutes) via MongoDB TTL indexes.
7. Your Rights
Under the Digital Personal Data Protection Act (DPDPA) and applicable law, you have the following rights:
- Right to access: You can view all personal data stored in your account through the Settings section of the app.
- Right to correction: You can update your profile information at any time through the app.
- Right to erasure: You can request deletion of your account and associated data. See our Account Deletion page for details.
- Right to withdraw consent: You can withdraw consent for optional data processing (e.g., push notifications, analytics) through your device settings or in-app notification preferences.
- Right to grievance redressal: You may contact our Grievance Officer for any concerns about your data (see Contact section below).
- Right to nominate: Under DPDPA, you have the right to nominate another individual to exercise your data rights in case of your death or incapacity.
8. Children's Privacy
AgentKart is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. Our platform involves financial transactions (wallet payments) and real estate consultations, which require users to be of legal age.
If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please reach out to us through our Support & Contact page.
9. DPDPA Compliance (India)
In compliance with the Digital Personal Data Protection Act, 2023:
- We process your data based on explicit, informed consent provided at the time of registration.
- We collect only the data necessary for the purposes described in this policy (data minimization).
- We provide clear notices about data collection at each point where data is gathered.
- We have implemented automated data deletion workflows to honor deletion requests within the prescribed timeframe.
- We will report any data breach to the Data Protection Board of India and affected users within 72 hours of becoming aware of the breach.
- Our Data Protection Officer (DPO) can be reached through our Support & Contact page.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the app or via email. The "Last updated" date at the top of this page indicates when the policy was last revised.
Continued use of the AgentKart platform after changes are posted constitutes your acceptance of the revised policy.
11. Contact Us
For any privacy-related inquiries, data protection concerns, or grievances, please reach out to us through our Support & Contact page.
Go to Support & ContactWe will acknowledge your complaint within 48 hours and resolve it within 30 days.