Privacy Policy

By creating an account, registering as an Owner, booking a PG accommodation, or continuing to browse our Platform, you explicitly consent to the collection, storage, processing, and disclosure of your personal data as described in this Policy.

Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000, your consent is obtained through affirmative action (such as completing phone OTP verification, checking a consent box, clicking 'Agree', or continuing to browse). If you do not agree to any provision of this Policy, you must not access or use the Platform.

This Policy is framed in strict compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), Section 43A of the Information Technology Act, 2000, and Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

We process your personal data primarily on the legal basis of your explicit consent, which may be withdrawn at any time. In limited cases, we may process data for 'legitimate uses' under Section 7 of the DPDP Act, such as responding to medical emergencies, complying with a court order, or preventing systematic payment fraud.

During registration or profile creation, we collect your full legal name, active mobile number (verified via Firebase Phone OTP), email address, gender, date of birth, and profile picture.

For Owners, we additionally collect business registration details, GST registration number (where applicable), bank account details, and proof of property ownership (sale deed, khata, or registered lease deed) to authorize listings.

To maintain a verified community and ensure safety in PGs, all Tenants must complete identity verification. We collect Aadhaar number via secure DigiLocker integration, or masked government ID copies (Driving Licence, Passport, or PAN card).

Working professionals must upload an employer letter, corporate email verification, or company ID. Students must provide a current college admission letter or active student ID card.

We also collect a live selfie during the KYC flow to perform facial matching against your government ID using licensed third-party verification partners.

With your explicit device-level permission, we collect precise or approximate geolocation coordinates to help you discover nearby PG accommodations and verify your physical check-in.

We collect technical information from your device, including your IP address, browser type, operating system, unique device identifiers, Firebase Cloud Messaging (FCM) tokens for push notifications, and detailed usage/crash logs.

All payments are securely processed through our Payment Gateway partner (Razorpay). We collect billing address, transaction amount, booking date, and payment status.

To comply with security standards, Perch never stores raw credit/debit card numbers or CVVs on its servers. All card details are tokenized by Razorpay in accordance with RBI guidelines.

To create and maintain your account, display nearby PG listings, and enable messaging between Tenants and Owners.

To process and confirm bookings, generate digital lease agreements, and handle monthly rental invoices and payouts through our Razorpay escrow setup.

To process KYC documents and verify Aadhaar credentials via DigiLocker. This ensures all residents and owners on the Platform are genuine and verified.

To compute your platform Trust Score based on completed verifications, rental payment history, and community review ratings. A high Trust Score lowers security deposits and enhances profile visibility.

To send booking updates, payment confirmations, monthly rent reminders, and safety alerts via SMS, email, and Firebase Cloud Messaging (FCM) push notifications.

FCM tokens are used to route notifications to the specific device linked to your active session. You can manage notification preferences at any time in the app settings.

To detect and prevent fraudulent listings, unauthorized check-ins, or systematic lease breaches.

To analyze platform usage trends, identify page performance issues, and optimize search algorithms to deliver a highly polished user experience.

In compliance with local rules and guidelines, all user data, database records, and KYC assets are hosted on secure Firebase servers physically located within cloud regions in India.

All data is encrypted in transit using industry-standard TLS 1.3 encryption and at rest using AES-256 block-level encryption.

Aadhaar numbers or raw DigiLocker payloads are never stored on our servers. All identity verifications are processed live via licensed UIDAI ASP (Authentication Service Provider) partners who return a secure verification token and a masked result.

We retain your personal data only for as long as your account remains active or as required to fulfill the purposes outlined in this Policy.

Upon account closure or a formal erasure request, we securely wipe or anonymize all personal data from our active databases within thirty (30) business days.

However, we may retain certain transactional records (such as rental invoices, payment logs, and signed lease deeds) for a legally mandated period under Indian tax, banking, and anti-money laundering laws.

To facilitate move-in and local police verification, we share minimal contact details (full name, phone number, verified badge) with the Owner only after a booking is confirmed.

Raw government ID documents, bank statements, or employer letters are never visible to the Owner; the Owner only receives confirmation that Perch has verified these details.

We share data with trusted service providers who help us run the Platform: Razorpay (payment gateway), licensed UIDAI/DigiLocker API vendors (KYC checking), and cloud infrastructure providers.

These partners are bound by strict non-disclosure agreements and are legally mandated to maintain reasonable security practices equivalent to our own.

We may disclose your personal data if required to do so by applicable Indian laws, or in response to a valid court order, warrant, or request from a government regulatory or law enforcement agency.

You have the right to request a summary of the personal data we process about you, including the identities of any third parties with whom your data has been shared.

You have the right to request the correction of inaccurate personal data, completion of incomplete fields, or updates to outdated contact credentials via the profile settings or by writing to support.

You can withdraw your consent to data processing at any time. Please note that withdrawing consent will require the closure of your Perch account and the termination of any active PG bookings, as we cannot facilitate bookings without processing identity and contact details.

You may request the complete deletion of your personal data. We will erase your personal data within thirty (30) business days, except where retention is legally required to resolve disputes, prevent fraud, or satisfy tax and regulatory compliance.

To exercise any of the rights listed above, please send a written request to privacy@perch.in. We will verify your identity using phone OTP or government credential checks before processing the request.

Officer Name: Mr. Ayush Mishra

Designation: Grievance Redressal Officer & Data Protection Officer

Company Address: Perch Technologies Private Limited, Sector 2, HSR Layout, Bengaluru, Karnataka 560102, India.

Direct Email: grievance@perch.in

All complaints, reports of data breach, or grievance requests received at grievance@perch.in will be acknowledged within twenty-four (24) business hours.

We commit to thoroughly investigating and resolving all grievance issues within thirty (30) calendar days from the date of receipt.

Perch may update this Privacy Policy from time to time to align with evolving platform features, security practices, or changes in Indian data protection laws.

For any material changes, we will notify you at least fifteen (15) calendar days in advance via email, SMS, or a highly visible in-app dashboard banner.

Continuing to use the Perch website or mobile app after the revised Policy goes into effect constitutes your voluntary agreement and consent to the updated terms.