FlatX

Privacy Policy

Last updated: 10/06/2025

This Privacy Policy explains how FlatX ("FlatX", "we", "us", "our") collects, uses, discloses, process and protects personal data when you use our website, apps, and services (the "Platform"). By using the Platform, you agree to this Policy. If you do not agree, please do not use the Platform.

1) Scope & Roles

This Policy applies to visitors, listers, seekers, and any person interacting with the Platform ("Users", "you", "your").

FlatX acts as an independent data fiduciary/controller for personal data processed to operate and improve the Platform.

2) What We Collect

We collect the following categories of data, depending on how you use the Platform:

Account & Identity

Name, phone number, email (optional), profile info, verification status. We do not use passwords. Authentication is performed via one-time passwords (OTP).

Auth & Verification (OTP)

Phone number used for OTP, OTP delivery/verification status, limited fraud-prevention signals (e.g., device/IP, attempt counters). We do not store OTPs in plain text and OTPs expire shortly after issuance.

We may also collect feedback, complaints, call recordings and WhatsApp communications where you contact our customer support, solely for quality‑assurance and dispute‑resolution.

Messaging Identifiers (SMS & WhatsApp)

Your phone/WhatsApp contact and message metadata when you contact us or opt to receive messages via WhatsApp Business. Message content is processed only as needed to provide support or deliver the requested service.

Listings & Interactions

Listing details (title, description, location area, rent, availability, photos, and any other detail required for enabling listing), contact preference, claim/remove/opt-out signals, messages or interest signals (where enabled).

Usage & Device

IP address, device type, browser, OS, language, time zone, referral source, pages viewed, actions (e.g., phone reveal), session analytics, cookies or similar identifiers.

Payments (for paid plans)

Plan details, transaction IDs, masked card info, payment status (processed via third-party payment providers) to the extent permitted under applicable laws.

Publicly Available or Authorised Information

Rental-related information available publicly or from authorised sources, organised for discovery on the Platform (e.g., property details, lister display name, contact information provided in such sources).

We generally do not collect contact details from private channels (e.g., private messages) and rely on information provided directly by Users or that is publicly available or authorised.

3) How We Use Personal Data (Purposes)

  • Provide the Platform: create/manage accounts, power search & discovery, display listings, enable contact flows.
  • Communication: Communications (SMS, Email & WhatsApp Business), Send OTPs and transactional/service messages (e.g., claim/remove links, alerts, updates). With your consent where required, send promotional updates. You can manage preferences as described in Messaging Preferences (SMS & WhatsApp).
  • Safety & Trust: prevent spam/fraud/abuse, rate-limit "reveal phone," investigate complaints, power report/takedown flows.
  • Improvement & Analytics: diagnose issues, measure performance, understand feature usage, A/B test.
  • Payments: manage subscriptions, billing, tax invoices.
  • Legal & Compliance: respond to lawful requests, enforce Terms, protect our rights and Users.
  • Do-Not-List Registry: honour "do not list" or "do not contact" preferences to avoid future display or re-ingestion of identifiers.

4) Lawful Bases

Depending on context, we process data on one or more of the following bases:

  • To perform a contract with you (account, subscription, listings).
  • Legitimate interests (operate, secure, and improve the Platform; organise publicly available/authorised information for rental discovery; prevent abuse; analytics).
  • Consent where required (e.g., certain marketing communications, phone/SMS/WhatsApp where applicable).
  • Legal obligations (tax, audit, law-enforcement requests).

For WhatsApp Business messages, we rely on consent where required and on legitimate interests to deliver transactional messages you request (e.g., OTPs, claim/remove confirmations), consistent with WhatsApp's Business Terms and applicable law. For SMS, we comply with applicable telecom rules for transactional vs. promotional messaging.

Where applicable law permits, we may process publicly available personal data for the purposes described above.

5) Cookies & Similar Technologies

We use cookies, local storage, and similar tools for core functionality (session, security) and analytics (e.g., event tracking, funnel analysis). You can control cookies via your browser settings; disabling them may impact features.

6) Disclosures & Service Providers

We share personal data only as needed to provide the Platform or as required by law:

  • Vendors/Processors: hosting, storage, analytics, communications (email/SMS/WhatsApp Business providers), payment processing, customer support.
  • Other Users: limited listing information and contact fields as configured by you or as presented from public/authorised sources for genuine rental inquiries.
  • Legal/Compliance: courts, regulators, law enforcement where legally required or to protect rights, safety, and property.
  • Business Transfers: in connection with mergers, acquisitions, or financing, subject to appropriate safeguards.

We do not sell personal data.

7) Data Retention

We retain data for as long as necessary to fulfill the purposes described or as required by law. Illustratively:

  • Accounts & Listings: active use + a reasonable period for support/disputes/backup.
  • Logs/Analytics: for security, fraud-prevention, and product improvement for a reasonable period.
  • Do-Not-List: retained as necessary to honour the opt-out.

Upon valid removal/takedown, we delete or de-identify affected content from the Platform (backups may persist for a limited time).

8) Your Choices & Rights

Subject to verification and applicable law, you may:

  • Access your personal data and request a copy.
  • Correct inaccurate or incomplete data.
  • Delete/Remove your listing or profile, or request erasure where applicable.
  • Opt out of promotional messages (transactional/service messages may continue).
  • Do-Not-List: ask us to avoid displaying content associated with your phone/profile link in the future.
  • Consent withdrawal where consent is the basis. In addition, you have the right to data portability, the right to restrict or object to certain processing, and the right to nominate another person to exercise your rights in the event of incapacity, as recognised under the DPDP Act.

Messaging Preferences (SMS & WhatsApp)

  • Opt-in/Out: You may opt in to receive messages via SMS or WhatsApp Business and can opt out at any time (e.g., in-product toggle, account settings, or by replying STOP on WhatsApp where supported).
  • Transactional vs Promotional: You may still receive transactional or service-related messages (e.g., OTPs, claim/remove confirmations) where necessary to provide the Platform, even if you opt out of promotional communications.

Use in-product controls (e.g., Claim/Remove), the Report link on listings, or contact admin@flatx.co.

9) Owner Controls: Claim / Remove / Opt-Out

If content displayed on FlatX relates to your property or identifier:

  • Claim: verify via OTP to manage/edit/pause/mark-as-filled/delete the listing.
  • Remove: request deletion; we act promptly (typically within 24 hours) after verification.
  • Do-Not-List: request we avoid displaying content associated with your phone/profile in the future.

We may ask for limited proof (e.g., OTP to the listed phone) to prevent misuse.

10) Security

We implement reasonable technical and organisational safeguards. No system is 100% secure; report suspected issues promptly. We use rate-limited OTP verification with short expiry windows and do not store OTPs in plain text.

11) International Transfers

Our service providers and infrastructure may be located outside your state or country. Where data is transferred across borders, we apply reasonable safeguards consistent with applicable law.

12) Children

The Platform is intended for adults (18+). We do not knowingly collect personal data from children. If you believe a child has provided data, contact us and we will take appropriate steps.

13) Grievances & Contact

For requests, questions, or complaints, contact our Grievance Officer / Data Protection Contact:

Admin FlatX
Email: admin@flatx.co

We aim to acknowledge and resolve grievances within reasonable timelines required by applicable law.

14) Changes to this Policy

We may update this Policy from time to time. We will revise the "Last Updated" date and, where required, provide additional notice. Your continued use of the Platform after changes take effect constitutes acceptance.

15) Indemnity, Liability & Third‑Party Content

Users are solely responsible for the accuracy of listings and communications. FlatX is an online intermediary that provides a matching platform and does not guarantee listing quality, availability or legality. To the maximum extent permitted by law, FlatX's aggregate liability for any claim shall not exceed the total subscription fees paid by you in the preceding three months.

Governing Law & Jurisdiction

This Policy is governed by Indian law. Any dispute shall be subject to exclusive jurisdiction of the competent courts in Bengaluru, Karnataka.

Force Majeure

FlatX shall not be liable for any delay or failure to perform its obligations under this Policy or the Platform Terms if such delay or failure results from events or circumstances beyond FlatX's reasonable control, including but not limited to acts of God, fire, flood, earthquake, explosion, war, terrorism, civil disorder, pandemics, strikes, lock‑outs, government orders, power outages, or failures of telecommunications or internet services. Upon occurrence of a force‑majeure event, FlatX will make reasonable efforts to resume the affected services as soon as practicable.

Limitation Period

Any claim, action, or proceeding arising out of or relating to this Privacy Policy must be commenced within one (1) year after the cause of action accrues; otherwise, such cause of action is permanently barred.