🔒 Legal & Compliance

Privacy Policy

We're serious about your privacy. Here's exactly what we collect, why we collect it, and what we do (and don't do) with it.

📅Last updated: April 11, 2026
🇮🇳Governed by Indian law
🔒DPDP Act 2023 compliant
✉️shreeja@roomrr.com
01

🏠 Overview

Welcome to Roomrr ("we," "our," or "us"). Roomrr is a personality-based roommate-matching platform designed to help people find compatible co-tenants across India. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website, mobile application, and related services (collectively, the "Platform").

By creating an account or using our Platform, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, please discontinue use of the Platform immediately.

Plain-English summary: We collect only what we need to make great matches for you. We never sell your personal data to third parties. You're always in control of your information and can delete your account at any time.

This Policy applies to all users of Roomrr, including individuals seeking roommates, homeowners listing properties, and visitors to our website.

02

📋 Information We Collect

We collect information in three ways: information you provide to us directly, information collected automatically, and information from third parties.

A. Information You Provide Directly
  • Account Information: Name, email address, phone number, date of birth, and gender when you create an account.
  • Profile Information: Profile photo, biography, lifestyle preferences, occupation, and social habits (sleep schedule, cleanliness level, noise tolerance, guest policy, etc.).
  • Identity Verification: Government-issued ID (Aadhaar, PAN, passport, or driver's licence) for profile verification purposes.
  • Property Listings: Address, rent amount, photos, amenity details, and lease terms if you list a property.
  • Communications: Messages sent through our in-app chat, support requests, and feedback forms.
  • Payment Information: Billing address and payment method details processed by our third-party payment partners (we do not store raw card numbers).
  • Survey & Quiz Responses: Lifestyle and compatibility quiz answers used to power our matching algorithm.
  • Waitlist Submissions: Name, email, and optional message submitted through our pre-launch waitlist form.
B. Information Collected Automatically
  • Usage Data: Pages visited, features used, time spent, clicks, search queries, and navigation paths within the Platform.
  • Device Information: Device type, operating system, browser type and version, device identifiers, and screen resolution.
  • Log Data: IP address, access timestamps, referring URLs, and error logs.
  • Location Data: City-level location (if you grant permission) to surface relevant listings and matches in your area.
  • Cookies & Tracking Technologies: As described in Section 5 below.
C. Information from Third Parties
  • Social Login: If you sign up via Google or other OAuth providers, we receive your name, email, and profile picture from that provider.
  • Analytics Partners: Aggregated and anonymised behavioural data from services like Google Analytics.
  • Background & ID Verification Partners: Verification status (pass/fail) from identity verification service providers — we do not store raw ID document scans.
03

⚙️ How We Use Your Data

We use your personal information only for legitimate, clearly defined purposes:

Purpose Data Used Lawful Basis
Creating and managing your account Name, email, password Contract performance
Running the compatibility matching algorithm Quiz responses, lifestyle preferences Contract performance / Consent
Identity verification Government ID, selfie Legal obligation / Consent
Facilitating in-app messaging Messages, user IDs Contract performance
Processing payments Billing information Contract performance
Sending service & transactional emails Email address Contract performance
Marketing communications (opt-in only) Email, preferences Consent
Platform analytics & improvement Usage data, device info Legitimate interest
Fraud prevention & safety IP address, behaviour patterns Legitimate interest / Legal obligation
Responding to support requests Name, email, message content Contract performance
Compliance with legal obligations As required by law Legal obligation
🚫 What we never do: We never use your data to train external AI models, sell it to advertisers, share it with data brokers, or use it for purposes unrelated to providing you a better roommate-matching experience.
04

🤝 Data Sharing

We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:

  • With Other Users (Your Choice): Your profile information (name, photo, lifestyle tags, and compatibility score) is shown to potential matches you are paired with. You control what appears on your public profile.
  • Service Providers: We use vetted third-party vendors to help us operate the Platform — including cloud hosting (AWS/GCP), payment processing (Razorpay/Stripe), identity verification, email delivery (SendGrid), and analytics (Google Analytics). These vendors are contractually bound to use your data only to provide services on our behalf.
  • Identity Verification Partners: Your ID documents are processed by licensed verification partners solely to confirm your identity. Verification partners are prohibited from retaining or misusing your ID data.
  • Legal Compliance: We may disclose your information if required by law, court order, government authority, or to protect the safety of users and the public — for example, in response to a valid subpoena or to prevent fraud.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
  • With Your Explicit Consent: For any other purpose not listed here, we will ask for your explicit consent before sharing.
Cross-border transfers: Our servers are primarily located in India. If any data processing occurs outside India (e.g., via international cloud providers), we ensure adequate safeguards are in place consistent with the Digital Personal Data Protection Act 2023.
05

🍪 Cookies & Tracking

We use cookies and similar tracking technologies to keep you logged in, remember your preferences, and understand how users interact with the Platform.

Cookie Type Purpose Duration
Essential Authentication, session management, security tokens Session / 30 days
Functional Theme preference (dark/light mode), language, onboarding state 1 year
Analytics Measuring page views, feature usage, and conversion funnels (Google Analytics 4) Up to 2 years
Marketing Retargeting ads on social platforms (only with consent) 90 days

You can manage or disable cookies through your browser settings. Note that disabling essential cookies may affect Platform functionality. We also use the Google Analytics service with IP anonymisation enabled — individual users are never identified in analytics reports.

06

🔐 Data Storage & Security

Protecting your data is a core engineering and operational priority at Roomrr. We employ industry-standard security measures including:

  • Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS only).
  • Encryption at Rest: Sensitive data fields (including ID verification data and payment information) are encrypted at rest using AES-256.
  • Access Controls: Strict role-based access controls ensure that only authorised Roomrr employees can access personal data, on a need-to-know basis. Access is logged and audited.
  • Secure Password Storage: Passwords are hashed using bcrypt with a unique salt — we never store plain-text passwords.
  • Regular Security Audits: We conduct periodic vulnerability assessments and penetration tests.
  • Incident Response: In the event of a data breach, we will notify affected users and relevant authorities within the timeframes required by applicable law.
⚠️ Important: No method of transmission or storage over the internet is 100% secure. While we take every reasonable precaution, we cannot guarantee absolute security. You should also take steps to protect your account — use a strong password and never share your login credentials.
07

⏱️ Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, or as required by law.

  • Active Accounts: Data is retained for the duration of your account plus 90 days after account closure (to allow for account recovery requests).
  • Deleted Accounts: When you delete your account, we begin deletion of your personal data within 30 days. Some anonymised or aggregated data may be retained for analytics indefinitely.
  • Messages: In-app messages are retained for 12 months after the conversation ends, then automatically purged.
  • Identity Verification Records: Verification status (pass/fail) is retained for the life of your account. Document images are deleted within 72 hours of verification completion.
  • Financial Records: Transaction records are retained for 7 years as required by Indian tax and accounting laws.
  • Legal Holds: If we are required to preserve data due to a legal proceeding, we will retain it until the hold is lifted.
  • Waitlist Data: Waitlist submissions are retained until Roomrr launches, after which they are converted to user accounts or deleted.
08

⚖️ Your Rights

Under the Digital Personal Data Protection Act 2023 (DPDP Act) and other applicable regulations, you have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Correction: Request that inaccurate or incomplete personal data be corrected.
  • Right to Erasure: Request deletion of your personal data. We will comply unless we have a legal obligation to retain it.
  • Right to Withdraw Consent: Withdraw consent at any time for data processing based on consent. Withdrawal does not affect prior processing.
  • Right to Data Portability: Receive your data in a structured, machine-readable format (where technically feasible).
  • Right to Nominate: Nominate another individual to exercise your rights in the event of your death or incapacity (as provided under the DPDP Act).
  • Right to Grievance Redressal: Lodge a complaint with our Data Protection Officer or the Data Protection Board of India.
  • Right to Opt Out of Marketing: Unsubscribe from marketing communications at any time via the unsubscribe link in our emails or through your account settings.
✅ How to exercise your rights: Email us at shreeja@roomrr.com with the subject line "Data Rights Request." We will acknowledge your request within 48 hours and fulfil it within 30 days. We may need to verify your identity before processing requests.
09

🛡️ Children's Privacy

Roomrr is intended solely for users who are 18 years of age or older. We do not knowingly collect personal data from individuals under the age of 18.

If we become aware that we have inadvertently collected personal data from a minor, we will take immediate steps to delete that data. If you believe a minor has provided us with personal data, please contact us at shreeja@roomrr.com immediately.

Roomrr requires users to confirm their age at registration. Our identity verification process further helps ensure that our platform remains age-appropriate.

10

🔗 Third-Party Links & Services

Our Platform may contain links to third-party websites, social media pages, or services (such as our Facebook, Instagram, LinkedIn, and X/Twitter profiles). This Privacy Policy applies solely to Roomrr's Platform.

We are not responsible for the privacy practices of any third-party services. We encourage you to read the privacy policies of any external sites you visit. Links to third-party sites do not constitute an endorsement of those sites or their content.

We integrate the following third-party services which have their own privacy policies:

  • Google Analytics 4 — Usage analytics (data is anonymised and aggregated)
  • Google Tag Manager — Tag management for marketing and analytics scripts
  • Formspree — Waitlist form submission processing
  • Razorpay / Stripe — Payment processing (PCI DSS compliant)
11

📣 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page.
  • Send an email notification to registered users at least 14 days before the changes take effect.
  • Display a prominent in-app notice for active users.

We encourage you to review this Policy periodically. Continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Policy.

For non-material changes (e.g., clarifications, typo corrections), we may update the Policy without specific notice beyond updating the "Last Updated" date.

12

📬 Contact Us & Grievance Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us. Under the DPDP Act 2023, we have designated a Grievance Officer to handle privacy-related complaints:

  • Company: Roomrr Technologies Private Limited
  • Grievance Officer: To be appointed upon incorporation
  • Email: shreeja@roomrr.com
  • Response SLA: We acknowledge all requests within 48 hours and resolve them within 30 days.
  • Jurisdiction: Courts of Bengaluru, Karnataka, India

If you are unsatisfied with our response, you may escalate your complaint to the Data Protection Board of India once it is formally constituted under the DPDP Act 2023.

Got a privacy question? 🔒

We're humans, not legal robots. Reach out and we'll actually reply.

📧 shreeja@roomrr.com