Skip to content
Sorted

DPDP Act 2023

Privacy Policy

Last updated · 2026-06-06

This Privacy Policy describes how Sorted collects, uses, and protects your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act).

1. Data we collect

  • Account information: name, email address, phone number (optional), profile photo from OAuth provider.
  • Content you share: reviews, ratings, photos, deposit records, rental experiences.
  • Usage data: pages visited, search queries, device type, IP address.
  • Tenancy verification documents(optional): one document per society you wish to be recognized as a Verified Resident of: registered lease, unregistered lease (up to 5 years old), utility bill in your name, utility bill in someone else's name paired with a payment screenshot in yours, a 3-month bundle of rent receipts, or a society-issued maintenance receipt / resident ID. Stored encrypted in an India-region object store (ap-south-1 / Mumbai), never sent overseas. Only used to verify you lived at the society you reviewed; never published, never sold, never shared with the landlord.
  • Landlord verification documents (landlord dashboard only): ownership proofs from landlords claiming a property. Same India-region storage. Retained 90 days post-decision then purged.

2. How we use your data

  • To provide, maintain, and improve the Platform.
  • To enable you to submit reviews and interact with other users.
  • To prevent fake reviews, fraud, and abuse.
  • To comply with legal obligations.
  • To communicate with you about the service (transactional emails).

3. Your rights (DPDP Act)

As a Data Principal under the DPDP Act, you have the right to:

  • Access a copy of your personal data.
  • Correct inaccurate or outdated data.
  • Erase your data (subject to legal retention requirements).
  • Withdraw consent at any time.
  • Nominate someone to exercise these rights in case of death or incapacity.
  • Grievance redressal via our Grievance Officer.

You can delete your account yourself, anytime, from Settings; it takes effect immediately. To exercise any other right, use our Grievance Portal and select the appropriate category.

4. Data retention

We retain personal data only as long as necessary for the purposes described. Specifically:

  • Account data:until you delete your account. Reviews are anonymized (not deleted) so the platform's public record stays intact while no longer identifying you.
  • Tenancy verification documents:retained for as long as your account is active and the verification is approved. The document is the audit artifact that backs the “Verified Resident” badge on every review you write at that society. You can withdraw a verification at any time from Settings → Tenancy verifications (also reachable from your Account page); on withdrawal the document is deleted from our storage within 24 hours and the badge is retroactively removed from your reviews at that society. A 7-year audit tombstone of the withdrawal event is retained (only document hashes + decision metadata; the document itself is purged). Deleting your account triggers the same cascade for every active verification you hold.
  • Landlord verification documents: 90 days after the decision, then purged. Decision metadata (status, reviewer, decision reason) is retained for compliance audit.
  • Moderation records: 180 days (IT Rules requirement).
  • Grievance records: 24 months for compliance audit.

5. Data sharing

We do not sell your personal data. We share data only in these circumstances:

  • With service providers (hosting, email, SMS) under strict data-protection agreements.
  • When required by law, court order, or lawful government request.
  • To protect the rights, property, or safety of Sorted, our users, or others.

6. Security

We use industry-standard security measures including encryption at rest for verification documents, HTTPS/TLS for data in transit, and least-privilege access controls. Tenancy and landlord verification documents live in an India-region object store and are accessible only via short-lived signed URLs issued to authenticated reviewers from our admin team; every preview generates an immutable audit-log entry.

6a. Breach response

If we detect a security incident affecting your personal data, we will (a) notify the Data Protection Board of India and affected Data Principals within 72 hours of confirming the breach, (b) describe the nature of the incident, the categories of data involved, and the steps we've taken or will take to contain and remediate it, and (c) provide a point of contact for follow-up questions. Notification channels: email to your registered address; a notice on this page when the affected population is wide. See the breach response runbook in our internal procedures (referenced for compliance audit).

7. Cookies

We use essential cookies for authentication and session management. Analytics cookies (PostHog) and marketing cookies are off by default and only set after you explicitly opt in via the cookie banner shown on your first visit. You can review and change these choices any time from Cookie preferences in the footer of any page. Per the DPDP Act 2023, declining non-essential cookies does not affect your ability to use the platform.

8. Children's privacy

The Platform is not intended for anyone under 18. We do not knowingly collect data from minors.

9. Changes to this policy

We may update this Privacy Policy. Material changes will be notified via email to registered users.

10. Data-protection contact

For data-protection queries: support@rentsorted.in.
Grievance Officer: see Grievance Portal.

New here? Sign in to add your review.

Sign in