Privacy Policy

This Privacy Policy ("Policy") is published by HAFFY PROPERTIES PRIVATE LIMITED, a company incorporated under the Companies Act, 2013, having its registered office at Bengaluru, Karnataka, India, operating under the brand name "Owne" ("Company", "we", "us", or "our").

This Policy applies to all Personal Data collected through our website located at https://www.owne.in, our mobile applications, APIs, calculators, signup and onboarding flows, communication channels (email, SMS, WhatsApp, phone), and any other online or offline services that link to this Policy (collectively, the "Platform" or "Services").

This Policy governs our processing of Personal Data collected from all categories of users, including but not limited to prospective and registered home buyers, property sellers, real estate investors, agents, vendors, advisors, visitors to our website, and any other individuals who interact with Owne ("Users", "you", or "Data Principals").

By accessing, browsing, or using the Platform in any manner — including but not limited to creating an account, submitting an OTP for verification, using our calculators, submitting a contact form, or engaging with our sales team — you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any part of this Policy, you must immediately cease using the Platform.

This Policy is published in compliance with: (a) The Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Digital Personal Data Protection Rules, 2025 ("DPDP Rules"); (b) The Information Technology Act, 2000 ("IT Act") and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), to the extent still in force; (c) The Indian Contract Act, 1872, insofar as it governs electronic consent; and (d) All other applicable laws, regulations, and guidelines issued by Indian regulatory authorities from time to time.

For the purposes of this Policy, the following terms shall have the meanings ascribed below, unless the context requires otherwise:

"Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under Section 2(t) of the DPDP Act. This includes but is not limited to name, phone number, email address, physical address, financial information, and any identifier that can be used to identify a natural person.

"Sensitive Personal Data or Information" ("SPDI") includes data relating to financial information (bank account details, payment card information, UPI IDs), government-issued identity numbers and documents (Aadhaar, PAN, Passport, Voter ID, Driver's License), biometric data, income and employment details, health information, and any other categories treated as sensitive under applicable law.

"Data Fiduciary" means HAFFY PROPERTIES PRIVATE LIMITED, which alone or in conjunction with other persons determines the purpose and means of processing Personal Data, as defined under Section 2(i) of the DPDP Act.

"Data Principal" means the individual to whom the Personal Data relates, i.e., the User, as defined under Section 2(j) of the DPDP Act.

"Data Processor" means any person who processes Personal Data on behalf of the Data Fiduciary, as defined under Section 2(k) of the DPDP Act.

"Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

"Consent" means free, specific, informed, unconditional, and unambiguous indication of a Data Principal's wishes by which, through a clear affirmative action, the Data Principal signifies agreement to the processing of their Personal Data for specified purposes.

"OTP" means One-Time Password, a time-bound numeric or alphanumeric code sent to a User's registered mobile number or email address for the purpose of authentication and verification.

"Escrow" means the regulated escrow mechanism facilitated through registered escrow agents, as part of our rent-to-own, investment, and property sale transaction processes.

"Rent-to-Own" or "RTO" means the proprietary property ownership model facilitated by Owne, whereby a buyer progressively builds equity in a property through structured monthly payments without traditional bank financing.

We collect the following categories of Personal Data, as necessary for the purposes set out in this Policy. We process data strictly on the principle of data minimisation and collect only what is necessary for the stated purposes.

A. Identity & Profile Information — Full name, date of birth, gender, photograph, user profile information, and any other identity-related data you provide during registration or KYC.

B. Contact Information — Mobile number, email address, postal/residential address, emergency contact details, and communication preferences. Your mobile number is collected during signup for OTP-based verification.

C. Authentication & Verification Data — OTP data, session tokens, device fingerprints, authentication timestamps, multi-factor authentication records, and security question responses. When you sign up on the Platform, we send an OTP to your registered mobile number to verify your identity. OTPs are time-bound, encrypted in transit, and are not stored in plain text after verification.

D. Government-Issued Identification Data (SPDI) — Aadhaar number/card, PAN number/card, passport, driving licence, voter ID, proof of address documents, and other KYC documents. These are collected to comply with regulatory requirements including RERA, anti-money laundering (AML), and Know Your Customer (KYC) norms.

E. Financial & Payment Data (SPDI) — Bank account details, UPI IDs, payment card information (as stored and tokenised by our PCI-DSS compliant payment processors), transaction records, escrow account details, tax identification numbers, income proofs, bank statements, salary slips, ITR copies, Form 16/16A, and cancelled cheques.

F. Property & Transaction Data — Property addresses, RERA registration numbers, ownership documents, title deeds, sale/lease/rent-to-own agreements, Agreement to Sell (ATS) documents, escrow instructions, property valuations, inspection reports, rental amounts, principal payments, equity tracking data, investment return calculations, and all related contractual documentation.

G. Investor-Specific Data — Investment amount, investment tenure preferences, risk appetite disclosures, projected return expectations, SPV (Special Purpose Vehicle) documentation, investor declarations, and monthly payout/rental income records.

H. Seller-Specific Data — Property valuation reports, chosen selling path (30-Day Exit, 6-Month Hold, 3-Year Hold), rental income expectations, encumbrance certificates, property tax receipts, society NOCs, and completion/occupancy certificates.

I. Buyer-Specific Data — Home-buying preferences, property budget range, down payment amount, preferred locations, Move-In vs. Move-Later path selection, monthly payment capacity, existing loan details (if any), CIBIL/credit score (where voluntarily provided), and employer details.

J. Technical & Usage Data — IP address, device identifiers (IMEI, advertising ID), browser type and version, operating system, screen resolution, referral URLs, pages visited, clickstream data, session duration, interaction with our calculators (property value inputs, down payment sliders, investment calculator inputs), geolocation data (approximate via IP or precise if you grant permission), cookies, and similar tracking technologies.

K. Communications Data — Correspondence between you and Owne via email, SMS, WhatsApp, phone calls (which may be recorded with notice), chat transcripts, support tickets, feedback, reviews, dispute records, and grievance submissions.

L. Marketing & Preference Data — Communication preferences, newsletter subscriptions, marketing opt-in/opt-out records, event registrations, referral data, and demographic preferences.

M. Third-Party Sourced Data — Data obtained from credit bureaus (with your consent), employment verification agencies, property registries, RERA databases, Sub-Registrar offices, publicly available government records, social media profiles (where you use social login), and partner/affiliate data.

We process your Personal Data for the following purposes. As required under the DPDP Act, we process data only on the basis of your Consent or for Certain Legitimate Uses as specified in Section 7 of the DPDP Act.

1. Account Creation & Authentication — To register your account, verify your identity via OTP (SMS/email), maintain session security, and manage your profile. [Basis: Consent at signup; Section 7 — necessary for provision of services requested by you]

2. Provision of Platform Services — To enable you to use our rent-to-own services, property listing and matching, investor deal flow, seller path selection, escrow management, payment processing, equity tracking, and all other transactional features. [Basis: Consent; Section 7 — performance of contractual obligations]

3. KYC, Identity Verification & Regulatory Compliance — To verify your identity using government-issued documents, conduct background and employment verification, perform AML/CFT checks, comply with RERA requirements, tax reporting obligations under the Income Tax Act, GST compliance, and any other regulatory mandates. [Basis: Section 7 — compliance with Indian law; Section 7(g) — compliance with any judgment or order of Court/Tribunal]

4. Financial Processing — To process payments, EMI-equivalent installments, rental payments, principal contributions, escrow disbursements, investor payouts, refunds, and tax deductions (TDS). To share necessary information with banks, payment gateways, escrow agents, and financial institutions. [Basis: Consent; Section 7 — performance of contract; compliance with law]

5. Property Transactions & Documentation — To facilitate Agreement to Sell (ATS) execution, registered deed creation, property registration with Sub-Registrar offices, title verification, and all related legal documentation for buyers, sellers, and investors. [Basis: Consent; Section 7 — performance of contract]

6. Communication — To send transactional communications (payment confirmations, equity updates, contract milestones, regulatory notices), respond to inquiries, provide customer support, and send service-related alerts. [Basis: Section 7 — necessary for services; Consent for marketing]

7. Marketing & Promotional Activities — To send marketing communications including newsletters, new listing alerts, investment opportunities, and promotional offers, only where you have provided explicit opt-in consent. You may withdraw marketing consent at any time without affecting the lawfulness of prior processing. [Basis: Consent]

8. Platform Safety, Security & Fraud Prevention — To monitor, detect, investigate, and prevent unauthorised access, security breaches, fraudulent activity, identity theft, money laundering, and abuse of the Platform. [Basis: Section 7 — reasonable purposes as may be specified]

9. Analytics, Research & Product Improvement — To analyse usage patterns, improve user experience, develop new features, conduct A/B testing, aggregate and anonymise data for business intelligence, and enhance our calculators and matching algorithms. [Basis: Consent; Section 7 — reasonable purposes]

10. Dispute Resolution & Legal Proceedings — To establish, exercise, or defend legal claims, resolve disputes, enforce our Terms of Service, and respond to regulatory inquiries, government requests, or court orders. [Basis: Section 7 — compliance with law; Section 7(g)]

11. Corporate Transactions — In connection with mergers, acquisitions, corporate restructuring, asset sales, or financing. Personal Data may be transferred to successor entities subject to equivalent confidentiality and data protection obligations. [Basis: Section 7 — reasonable purposes]

12. Credit Assessment & Risk Evaluation — To assess financial eligibility for our rent-to-own or investment programs, evaluate creditworthiness where voluntarily disclosed, and determine appropriate transaction structures. [Basis: Consent]

In compliance with Section 6 of the DPDP Act and Rule 3 of the DPDP Rules, 2025:

A. Collection of Consent — Before or at the time of collecting your Personal Data, we provide you with a clear and conspicuous notice ("Consent Notice") in English and Hindi, containing: (i) an itemised description of the Personal Data to be collected; (ii) the specific purpose(s) for which each category of data will be processed; (iii) the manner in which you may exercise your rights as a Data Principal; and (iv) the manner in which you may make a complaint to the Data Protection Board of India.

B. Manner of Consent — Consent is obtained through clear affirmative action, including but not limited to: (i) clicking "I Agree" or "Get Started" on our signup page; (ii) submitting your mobile number for OTP verification; (iii) uploading KYC documents; (iv) accepting specific consent prompts for marketing communications; and (v) any other explicit opt-in mechanism provided on the Platform.

C. Granularity of Consent — Where we process data for multiple purposes, we provide the ability to consent separately for each purpose. You are not required to consent to processing that is not necessary for the provision of our core Services.

D. Withdrawal of Consent — You have the right to withdraw your consent at any time by: (i) emailing privacy@owne.in with the subject line "Consent Withdrawal"; (ii) using the consent management settings in your account dashboard; or (iii) contacting our Grievance Officer. Withdrawal of consent shall not affect the lawfulness of processing carried out before such withdrawal. Please note that withdrawal of consent for certain core processing activities may result in the inability to continue using certain or all Services.

E. Consent for Children — Owne does not knowingly process the Personal Data of children under the age of 18 years. Our Services are designed for adults (18+) who are legally competent to enter into binding contracts under the Indian Contract Act, 1872. If we become aware that we have inadvertently collected data from a minor, we will delete such data promptly. If processing data of a minor becomes necessary, we will obtain verifiable consent of the parent or lawful guardian as required under Section 9 of the DPDP Act.

F. Deemed Consent under Section 7 — Certain processing activities may be carried out without explicit consent where they fall under the "Certain Legitimate Uses" specified in Section 7 of the DPDP Act, including: (i) where you have voluntarily provided data for a specified purpose; (ii) processing by the State or its instrumentalities; (iii) medical emergencies; (iv) processing for employment purposes; (v) compliance with court/tribunal orders; (vi) purposes related to prevention, detection, investigation, and prosecution of offences; and (vii) such reasonable purposes as may be prescribed.

We may disclose your Personal Data to the following categories of recipients, strictly limited to what is necessary for the stated purposes. We require all third-party recipients to implement appropriate technical and organisational security measures and to process data only in accordance with our instructions and applicable law.

A. Service Providers & Data Processors — Cloud hosting providers, payment gateways (Razorpay, Cashfree, or equivalent PCI-DSS compliant processors), SMS/OTP delivery services, email delivery platforms, identity verification and eKYC providers, document storage services, analytics platforms, customer support tools, and CRM systems. All Data Processors are bound by contractual obligations under Section 8 of the DPDP Act.

B. Financial Institutions & Escrow Agents — Banks, NBFCs, payment processors, escrow agents, and registered financial intermediaries for the purpose of executing payments, rent collection, principal deposits, investor payouts, refunds, and escrow operations.

C. Property Transaction Counterparties — Real estate developers, property owners/sellers, investors, registered valuers, RERA-registered agents, legal counsel, chartered accountants, and other counterparties necessary to effect rent-to-own transactions, property sales, and investment deals. Information shared is limited to what is necessary for the specific transaction.

D. Government & Regulatory Authorities — Sub-Registrar offices (for property registration), RERA authorities, Income Tax Department, GST authorities, Financial Intelligence Unit (FIU-IND), Registrar of Companies, Ministry of Corporate Affairs, and any other regulatory body as required by law. [Basis: Section 7 — compliance with Indian law]

E. Law Enforcement & Legal Proceedings — To comply with valid legal process, respond to lawful requests by public authorities (including national security or law enforcement requirements), protect the rights, property, or safety of Owne, its Users, or the public, and to enforce our Terms of Service and contractual agreements. [Basis: Section 7(f) and 7(g) of DPDP Act]

F. Professional Advisors — Lawyers, auditors, chartered accountants, tax consultants, compliance advisors, and other professional advisors engaged by Owne, subject to professional confidentiality obligations.

G. Credit Bureaus & Verification Agencies — CIBIL (TransUnion), Experian, Equifax, CRIF High Mark, employment verification agencies, and background check providers, with your prior consent where required.

H. Corporate Transaction Parties — In the event of a merger, acquisition, corporate reorganisation, asset sale, due diligence process, or financing arrangement, your Personal Data may be disclosed to prospective buyers, investors, lenders, or their professional advisors, subject to strict confidentiality obligations. You will be notified of any change in Data Fiduciary.

WE DO NOT SELL YOUR PERSONAL DATA. Owne does not sell, rent, or trade your Personal Data to third parties for their independent marketing or commercial purposes without your explicit consent.

In compliance with Section 8(7) of the DPDP Act, we retain your Personal Data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law.

A. Account & Profile Data — Retained for the duration of your active account plus 7 (seven) years from the date of account closure or last transaction, whichever is later, in compliance with tax and regulatory record-keeping requirements.

B. Transaction & Financial Data — Retained for a minimum of 8 (eight) years from the date of the relevant transaction, as required under the Income Tax Act, 1961, the Prevention of Money Laundering Act, 2002 (PMLA), GST law, and other applicable financial regulations.

C. KYC & Identity Documents — Retained for a minimum of 5 (five) years from the date of cessation of the business relationship, as mandated by PMLA and RBI KYC guidelines.

D. Property & Legal Documents — Retained for 12 (twelve) years from the completion of the property transaction, in accordance with the Limitation Act, 1963, which provides a 12-year limitation period for suits relating to immovable property.

E. Communication Records — Retained for 3 (three) years from the date of communication, unless required longer for dispute resolution or legal proceedings.

F. OTP & Authentication Logs — OTPs are deleted immediately upon successful verification or expiry. Authentication logs are retained for 1 (one) year for security audit purposes.

G. Marketing Consent Records — Retained for the duration of consent plus 3 (three) years from the date of consent withdrawal, as evidence of compliance.

H. Analytics & Aggregated Data — Anonymised and aggregated data (which does not identify any individual) may be retained indefinitely for business intelligence and research purposes.

Upon expiry of the applicable retention period, or upon receipt of a valid erasure request (where no overriding legal obligation exists), Personal Data shall be irreversibly erased or anonymised using industry-standard methods within 90 (ninety) days. Where erasure is not possible due to legal obligations or ongoing disputes, the data will be restricted from further processing and securely archived until the retention obligation expires.

We implement comprehensive technical and organisational security measures to protect your Personal Data against unauthorised access, alteration, disclosure, or destruction, in compliance with Section 8(4) of the DPDP Act and applicable security standards.

A. Encryption — All Personal Data in transit is encrypted using TLS 1.2/1.3. Sensitive data at rest is encrypted using AES-256 encryption. OTPs are transmitted over encrypted channels and hashed before storage.

B. Access Controls — Role-based access control (RBAC) ensures that only authorised personnel with a legitimate business need can access Personal Data. Multi-factor authentication is enforced for all internal systems.

C. Infrastructure Security — Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 Type II and ISO 27001 certified data centres located in India. Network security includes firewalls, intrusion detection/prevention systems, and DDoS protection.

D. Payment Security — All payment processing is handled by PCI-DSS Level 1 compliant payment processors. We do not store full credit/debit card numbers on our servers. Payment tokenisation is used where applicable.

E. Application Security — Regular vulnerability assessments and penetration testing, secure software development lifecycle (SDLC), code reviews, input validation, and protection against OWASP Top 10 vulnerabilities.

F. Employee Training — All employees with access to Personal Data undergo mandatory data protection training, are bound by confidentiality agreements, and are subject to disciplinary action for policy violations.

G. Incident Response — We maintain a documented incident response plan for Personal Data breaches. In the event of a breach, we will notify the Data Protection Board of India and affected Data Principals within 72 hours as required under the DPDP Act, providing details of the nature of the breach, data affected, consequences, and mitigation measures taken.

H. Third-Party Security — All Data Processors and service providers are subject to security assessments, are contractually required to maintain equivalent security measures, and are bound by data processing agreements.

NOTWITHSTANDING THE ABOVE, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. Users acknowledge and accept the inherent security risks of data transmission over the internet and electronic storage.

We use cookies and similar tracking technologies to enhance your experience, analyse Platform usage, and deliver relevant content.

A. Essential Cookies — Strictly necessary for the Platform to function. These include session cookies for authentication, security cookies for fraud prevention, and load-balancing cookies. These cannot be disabled without affecting Platform functionality.

B. Analytics Cookies — Used to understand how Users interact with the Platform, including page views, session duration, calculator usage, and navigation patterns. We use services such as Google Analytics, Mixpanel, or equivalent analytics platforms.

C. Functional Cookies — Remember your preferences, language settings, and form inputs to provide a personalised experience.

D. Marketing Cookies — Used only with your consent to deliver targeted advertisements, measure campaign effectiveness, and enable remarketing. These may be set by third-party advertising networks such as Google Ads and Meta (Facebook) Pixel.

E. Managing Cookies — You can manage your cookie preferences through: (i) our cookie consent banner displayed on your first visit; (ii) your browser settings; or (iii) opt-out mechanisms provided by third-party services. Note that disabling essential cookies may impair Platform functionality.

F. Do Not Track — We currently do not respond to "Do Not Track" browser signals, as there is no uniform industry standard for compliance.

G. Third-Party Pixels & SDKs — Our Platform may integrate third-party scripts, pixels, or SDKs (including Google Tag Manager, Facebook Pixel, LinkedIn Insight Tag) that may independently collect data. These third parties have their own privacy policies, and we encourage you to review them.

Under Chapter III of the DPDP Act (Sections 11–14) and the DPDP Rules, 2025, you have the following rights:

A. Right to Access Information (Section 11) — You have the right to obtain from us: (i) a summary of the Personal Data being processed and the processing activities undertaken; (ii) the identities of all Data Fiduciaries and Data Processors with whom your Personal Data has been shared; (iii) any other information as may be prescribed under the DPDP Rules.

B. Right to Correction and Erasure (Section 12) — You have the right to: (i) correct inaccurate or misleading Personal Data; (ii) complete incomplete Personal Data; (iii) update outdated Personal Data; and (iv) erase Personal Data that is no longer necessary for the purpose for which it was collected. Erasure requests are subject to applicable legal retention requirements as specified in this Policy.

C. Right of Grievance Redressal (Section 13) — You have the right to have readily available means of grievance redressal provided by Owne in respect of any act or omission regarding your Personal Data.

D. Right to Nominate (Section 14) — You have the right to nominate any other individual who shall, in the event of your death or incapacity, exercise your rights under the DPDP Act.

E. Right to Withdraw Consent — As detailed in the Consent section of this Policy, you may withdraw your consent at any time, subject to applicable consequences.

To exercise any of the above rights, contact us at privacy@owne.in or write to our Grievance Officer. We shall respond to your request within such time as may be prescribed under the DPDP Rules. We may request proof of identity before processing your request.

F. Duties of Data Principal (Section 15) — Under Section 15 of the DPDP Act, Data Principals also have certain duties, including: (i) complying with applicable laws while exercising rights; (ii) not filing false or frivolous complaints; (iii) not furnishing false or suppressed information; and (iv) not impersonating another person. Violation of these duties may result in a penalty of up to ₹10,000 as prescribed under the DPDP Act.

Under Section 16 of the DPDP Act, we may transfer your Personal Data outside India except to countries that the Central Government may, by notification, restrict.

A. Current Position — As of the date of this Policy, the Central Government has not notified any restricted countries. Accordingly, your data may be transferred to and processed in jurisdictions where our cloud infrastructure providers, payment processors, and service partners operate.

B. Safeguards — Where Personal Data is transferred outside India, we ensure that: (i) the recipient is bound by contractual data protection obligations no less protective than those under the DPDP Act; (ii) appropriate technical and organisational security measures are in place; and (iii) transfer is carried out in compliance with applicable laws.

C. Data Localisation — Certain categories of data, particularly financial and KYC data, may be subject to data localisation requirements under RBI, SEBI, or other regulatory directives. We comply with all such requirements and store relevant data within India as mandated.

D. Future Restrictions — If the Central Government notifies any country as a restricted territory, we will immediately cease transfers to such territory and take appropriate remedial measures, including data repatriation where feasible.

In compliance with Section 13 of the DPDP Act and Rule 6 of the DPDP Rules, 2025, we have appointed a Grievance Officer to address your concerns.

Grievance Officer: The Grievance Officer, HAFFY PROPERTIES PRIVATE LIMITED | Email: privacy@owne.in | Address: Bengaluru, Karnataka, India

A. Filing a Grievance — You may submit a grievance by emailing privacy@owne.in with: (i) your full name and registered contact details; (ii) a clear description of the grievance; (iii) relevant supporting documentation; and (iv) the relief sought.

B. Response Timeline — We will acknowledge your grievance within 48 hours of receipt and endeavour to resolve it within 30 (thirty) days.

C. Escalation to Data Protection Board — If you are not satisfied with our response or if your grievance remains unresolved, you have the right to file a complaint with the Data Protection Board of India as constituted under Section 18 of the DPDP Act, in such form and manner as may be prescribed.

D. Judicial Remedies — Nothing in this Policy limits your right to approach any court of competent jurisdiction or any regulatory authority for the enforcement of your rights under applicable law.

The Platform may contain links to third-party websites, applications, or services that are not owned or controlled by Owne. These include but are not limited to property listing portals, payment gateways, government portals (RERA, Sub-Registrar), credit bureau websites, and social media platforms.

This Policy does not apply to the privacy practices of any third-party websites, applications, or services. We strongly encourage you to review the privacy policies of any third-party services before providing your Personal Data.

Owne is not responsible or liable for the content, privacy policies, security practices, or any data collection, processing, or other practices of any third-party websites or services, even if linked from our Platform. Any interaction with third-party services is at your own risk.

Given the diverse nature of our Services, the following disclosures apply to specific user categories:

FOR HOME BUYERS (Rent-to-Own / Move-In / Move-Later): We collect and process your financial information, employment details, and creditworthiness data to assess eligibility for our rent-to-own program. Your monthly payment data (rent + principal) is tracked and shared with escrow agents and relevant counterparties (investors/sellers). Property preference data and calculator inputs are processed to match you with suitable properties. Your equity accumulation data is maintained for the duration of the RTO contract and beyond for tax and legal purposes. Agreement to Sell (ATS) and registered deed data is shared with Sub-Registrar offices and retained as per legal requirements.

FOR PROPERTY INVESTORS: We collect investment amount, tenure, risk appetite, and return expectations to match you with suitable deals. Property ownership data (whether in your name or via SPV) is processed for property registration and tax compliance. Monthly rental income and investor payout records are maintained for tax reporting (TDS obligations under Section 194-IA/194-IB of the Income Tax Act). Your investment performance data is tracked and shared with you via the Platform dashboard.

FOR PROPERTY SELLERS: We collect property details, valuation data, ownership documents, and encumbrance certificates to facilitate sale transactions. Your chosen selling path (30-Day, 6-Month, or 3-Year) determines the processing of your data, including rental income tracking and appreciation calculations. We may share your property data with potential buyers/investors on the Platform, subject to your approval. Sale proceeds, TDS deductions, and payment disbursement data are processed through escrow and shared with tax authorities as required.

FOR ALL SIGNUP USERS: At signup, we collect your mobile number and role preference (Buyer/Investor/Seller). We send an OTP to your mobile number for verification. This OTP is transmitted via encrypted SMS through our authorised telecom service provider. Minimal data is collected at signup; additional data is requested progressively as you engage with specific services ("progressive profiling"). Your signup consent encompasses this Privacy Policy and our Terms of Service.

A. No Warranty — The Platform and Services are provided "AS IS" and "AS AVAILABLE" without any warranties of any kind, whether express, implied, or statutory, including but not limited to warranties of merchantability, fitness for a particular purpose, non-infringement, accuracy, or reliability.

B. Limitation of Liability — TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE INDIAN LAW, HAFFY PROPERTIES PRIVATE LIMITED, its directors, officers, employees, agents, affiliates, successors, and assigns shall not be liable for: (i) any indirect, incidental, special, consequential, punitive, or exemplary damages; (ii) any loss of profits, revenue, data, goodwill, or business opportunity; (iii) any unauthorised access to or use of our servers or any Personal Data stored therein; (iv) any interruption or cessation of transmission to or from the Platform; (v) any bugs, viruses, or other harmful components transmitted through the Platform by any third party; (vi) any errors or omissions in any content; or (vii) any loss or damage of any kind incurred as a result of the use of any content posted, emailed, transmitted, or otherwise made available via the Platform, WHETHER BASED ON WARRANTY, CONTRACT, TORT, NEGLIGENCE, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT THE COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

C. Third-Party Actions — Owne shall not be liable for any acts, omissions, errors, representations, warranties, breaches, or negligence of any third party, including but not limited to payment processors, escrow agents, property valuers, legal advisors, government authorities, or any other service provider or counterparty.

D. Force Majeure — Owne shall not be liable for any failure or delay in performing any obligation under this Policy due to events beyond our reasonable control, including but not limited to natural disasters, pandemics, government orders, regulatory changes, cyberattacks, telecommunications failures, or any other force majeure event.

E. User Responsibility — You are solely responsible for: (i) maintaining the confidentiality of your account credentials; (ii) all activities that occur under your account; (iii) the accuracy and completeness of information you provide; (iv) ensuring that your use of the Platform complies with all applicable laws; and (v) any consequences arising from your failure to comply with this Policy or our Terms of Service.

F. Indemnification — You agree to indemnify, defend, and hold harmless HAFFY PROPERTIES PRIVATE LIMITED, its directors, officers, employees, agents, and affiliates from and against any and all claims, damages, obligations, losses, liabilities, costs, and expenses (including reasonable legal fees) arising from: (i) your use of the Platform; (ii) your violation of this Policy or any applicable law; (iii) your violation of any third-party right, including intellectual property or privacy rights; (iv) any inaccurate or false information provided by you; or (v) any claim that your use of the Platform caused damage to a third party.

G. Cap on Liability — In any event, the total aggregate liability of HAFFY PROPERTIES PRIVATE LIMITED for any and all claims arising out of or in connection with this Policy or the Platform shall not exceed the greater of: (i) the total amounts paid by you to Owne in the 12 (twelve) months preceding the event giving rise to the claim; or (ii) ₹10,000 (Indian Rupees Ten Thousand).

A. Governing Law — This Policy and any disputes arising out of or in connection with it shall be governed by and construed in accordance with the laws of India, including but not limited to the DPDP Act, 2023, the IT Act, 2000, the Indian Contract Act, 1872, and the Consumer Protection Act, 2019.

B. Jurisdiction — Subject to the arbitration clause below, the courts of Bengaluru, Karnataka, India shall have exclusive jurisdiction over any disputes arising under this Policy.

C. Arbitration — Any dispute, claim, or controversy arising out of or relating to this Policy, including the determination of the scope or applicability of this agreement to arbitrate, shall be determined by arbitration in Bengaluru, India, in accordance with the Arbitration and Conciliation Act, 1996 (as amended). The arbitration shall be conducted by a sole arbitrator mutually appointed by the parties. The language of the arbitration shall be English. The arbitral award shall be final and binding on both parties.

D. Waiver of Class Action — To the maximum extent permitted by applicable law, you agree that any dispute resolution proceedings will be conducted only on an individual basis and not in a class, consolidated, or representative action.

E. Statutory Rights — Nothing in this Policy shall limit your rights under the DPDP Act, the Consumer Protection Act, 2019, or any other non-waivable statutory rights under Indian law. Your right to file a complaint with the Data Protection Board of India is not affected by this clause.

A. Right to Amend — Owne reserves the right to amend, modify, or update this Policy at any time. Changes may be necessitated by updates to applicable law (including the DPDP Act and Rules), changes to our Services, or changes to our data processing practices.

B. Notification — Material changes to this Policy will be communicated to you by: (i) posting the revised Policy on the Platform with a new "Last Updated" date; (ii) sending a notification to your registered email address; (iii) displaying a prominent notice on the Platform; or (iv) any other method as may be required under the DPDP Act.

C. Continued Use — Your continued use of the Platform after the effective date of any revised Policy constitutes your acceptance of the changes. If you do not agree with the revised Policy, you must discontinue use of the Platform and may request deletion of your account and Personal Data (subject to applicable legal retention requirements).

D. Archive — Previous versions of this Policy may be obtained upon written request to privacy@owne.in.

A. Severability — If any provision of this Policy is held to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such invalidity shall not affect the remaining provisions, which shall continue in full force and effect.

B. Entire Agreement — This Policy, together with our Terms of Service, constitutes the entire agreement between you and Owne regarding the processing of your Personal Data, and supersedes all prior or contemporaneous understandings, agreements, representations, and warranties.

C. No Waiver — The failure of Owne to enforce any right or provision of this Policy shall not constitute a waiver of such right or provision.

D. Assignment — Owne may assign or transfer this Policy and its rights and obligations hereunder, in whole or in part, without your prior consent. You may not assign or transfer this Policy or any of your rights or obligations hereunder.

E. Language — In the event of any conflict between the English version and any translated version of this Policy, the English version shall prevail.

F. Contact Us — For any questions, concerns, or requests regarding this Policy or our data processing practices, please contact: HAFFY PROPERTIES PRIVATE LIMITED (trading as "Owne") | Registered Office: Bengaluru, Karnataka, India | Privacy: privacy@owne.in | DPO: dpo@owne.in | Support: support@owne.in | Website: https://www.owne.in