Legal
Privacy Policy
1. Introduction & Scope
Brickplot (“we,” “us,” “our”) operates the website brickplot.com and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian and international privacy laws.
This is not legal advice. Consult a qualified data protection attorney before relying on this policy.
2. Information We Collect
2.1 Information You Provide
- Contact forms: name, email, phone, message content, inquiry category
- Account registration (if applicable): email, password (hashed with bcrypt/Argon2), saved projects, review ratings
- User-generated content: project reviews, ratings, comments, photos, locality feedback
- Newsletter signup: email, first name (optional), subscription preferences
2.2 Collected Automatically
- Google Analytics 4: device type, OS, browser, pages viewed, time on page, referrer, region-level location, traffic source
- Cookies & tracking: essential (session, CSRF), analytics (_ga, _gid, _gat), preference (language, dark mode)
- Log files: IP address, timestamp, request method, HTTP status, user agent, load time
2.3 Third-Party Sources
- Public RERA databases — project registration data, compliance status
- Municipal property records — linked to project analysis only, not user data
- Public builder announcements — press releases, project launches
We do not purchase or subscribe to third-party consumer data brokers.
3. Legal Basis for Processing (DPDP Compliance)
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Contact form data | Respond to inquiries | Consent + legitimate business purpose |
| Newsletter email | Marketing communications | Explicit opt-in consent |
| GA4 analytics | Website improvement | Legitimate interest |
| Essential cookies | Site security & functionality | Necessary for service |
| Review submissions | Content publication | Consent + editorial purpose |
| IP logs | Security, fraud prevention | Legitimate security interest |
4. How We Use Your Information
4.1 Primary uses
- Customer support — respond to inquiries, process feedback
- Service delivery — maintain accounts, deliver reviews, provide search
- Website improvement — analyze behavior, identify bugs, improve UX
- Content & editorial — publish user reviews, compile locality data
- Legal compliance — fulfill obligations, prevent fraud
- Marketing (future) — newsletters with explicit opt-in only
4.2 Uses we do NOT engage in
- Selling data to third parties
- Sharing data with brokers or builders (except as disclosed in §6)
- Profiling for credit or lending decisions
- Automated decision-making that affects your rights
- Cross-device tracking or behavioral targeting
5. Data Retention
| Data Type | Retention | Reason |
|---|---|---|
| Contact form submissions | 2 years | Customer service, dispute resolution |
| User accounts (inactive) | 1 year after last login | Reduce storage, honor erasure |
| GA4 analytics | 14 months | GA4 default; auto-deleted |
| Newsletter | Until unsubscribe | Marketing consent |
| Essential cookies | Session / browser close | Technical functionality |
| Analytics cookies | 2 years | Performance baseline |
| Error logs | 30 days | Security audit |
| IP logs | 90 days | DDoS / fraud prevention |
Right to Erasure: request deletion at any time; non-essential data removed within 30 days unless legal holds apply.
6. Data Sharing & Disclosure
6.1 Processors we share data with
- Google Analytics — website analytics (GA4)
- Email service provider:Resend
- Form backend:Fluent Forms
- Web host / CDN: MilesWeb (shared) + MilesWeb LiteSpeed edge (no third-party CDN active)
- SSL certificate provider:Let’s Encrypt (via MilesWeb)
- LiteSpeed Cache — performance caching; no personal data stored
All processors are contractually bound to DPDP compliance and cannot use data for their own purposes.
6.2 We do NOT share data with
- Real estate brokers or agents
- Project builders or developers
- Advertisers or marketing networks
- Data brokers or lead-generation companies
- Competing review platforms
6.3 Legal disclosure
We may disclose your data if required by court order, government request, regulatory investigation (RERA, SEBI, RBI, consumer protection), or to prevent fraud — with user notice when legally permissible.
7. International Data Transfers
Personal data is stored on servers within India. For international processors (Google Analytics, CDNs), we rely on Standard Contractual Clauses or similar adequacy mechanisms.
Server location / international processor safeguards:Primary: India (MilesWeb, Pune). Sub-processors: Resend (US/EU, DPA signed), Google (Search Console, US, DPF-compliant), Meta (Pixel, US, SCCs in place when used). Data transfers governed by standard contractual clauses.
8. Your Rights Under the DPDP Act
8.1 Access
Request a copy of data we hold. Email privacy@brickplot.com with “Data Access Request”; response within 30 days.
8.2 Correction
Request correction of inaccurate data at privacy@brickplot.com.
8.3 Erasure
Request deletion, except where legal retention obligations apply (court orders, RERA compliance, fraud prevention).
8.4 Portability
Request your data in a portable format. Default: JSON (machine-readable export available on request)
8.5 Withdraw consent
Click “Unsubscribe” in any newsletter or email privacy@brickplot.com.
8.6 Lodge a complaint
You may complain to the Data Protection Board of India once it is established.
9. Cookies & Tracking
See our full Cookie Policy. Summary: essential cookies (session, CSRF) load without consent; analytics and preference cookies require opt-in via the consent banner.
10. Data Security
- HTTPS/TLS — all data in transit encrypted with TLS 1.3
- Password hashing — bcrypt or Argon2; never plain text
- Database encryption at rest:Confirmed: MySQL/MariaDB data directories encrypted at MilesWeb OS level; backups encrypted with AES-256.
- Firewall / WAF:MilesWeb ModSecurity + Really Simple Security plugin rules
- Backups:Daily automated backups, 30-day retention via MilesWeb. Manual monthly restore test.
- Admin access: 2FA + least privilege
- Pen testing:Third-party pen test scheduled annually starting FY2026-27 (vendor TBD — first engagement Q2 FY2026-27)
10.1 Breach notification
If we discover a breach, we will notify affected users within 72 hours, report to the Data Protection Board, and publish a public notice with scope, data affected, mitigation, and contact info.
11. Third-Party Integrations
- Google Fonts — typography; see Google Privacy
- Google Analytics 4 — aggregate usage; no PII sent
- Elementor — page builder; see Elementor Privacy
- LiteSpeed Cache — caching; no personal data stored
Brickplot contains links to RERA portals and builder websites. We are not responsible for their privacy practices.
12. Children’s Privacy
Brickplot is not directed at children under 13. We do not knowingly collect data from children. If we become aware that a child has submitted data, we will delete it immediately.
13. Policy Updates
Changes are effective 30 days after posting. For material changes affecting data handling, we notify registered users by email.
14. Contact & Grievance Redressal
Email: privacy@brickplot.com · Response time: 30 days
Grievance Officer
Name:Rohtash Tiwari
Email:grievance@brickplot.com
Phone:PENDING VERIFICATION: Grievance Officer phone number
Postal Address:PENDING VERIFICATION: Full postal address of Brickplot c/o Webfluence Marketing Solutions
Under the Digital Personal Data Protection Act, 2023, you may contact the Grievance Officer for any complaints regarding the processing of your personal data.