Legal Hub — MakaanOne

Privacy Policy

Effective: 1 January 2025 · Version 2.1

Summary: MakaanOne collects personal and property data to operate our platform. We do not sell your data. We use industry-standard encryption and are compliant with India's Digital Personal Data Protection Act, 2023 (DPDPA).

1. Who We Are

MakaanOne Technologies Pvt. Ltd. ("MakaanOne", "we", "our", or "us") is a property management company incorporated in India. Our registered office is located in Hyderabad, Telangana. We operate the platform accessible at makaanone.com and its associated mobile applications.

2. Information We Collect

We collect the following categories of personal data when you register, use, or interact with our platform:

Identity Data: Full name, PAN number, Aadhaar number (for KYC verification), date of birth, photograph.
Contact Data: Email address, mobile number, residential address, emergency contact details.
Property Data: Property address, type, size, rental value, ownership documents, photographs, and utility information.
Financial Data: Bank account details, UPI IDs, rent payment history, security deposit amounts, GST numbers.
Tenant Data: Employment details, credit score, background check results, lease agreements, and communication logs.
Technical Data: IP address, browser type, device identifiers, cookies, and usage analytics.

3. How We Use Your Information

We process your personal data on the following legal bases and for the following purposes:

To provide, maintain, and improve the MakaanOne platform and services.
To process rent payments, generate receipts, and maintain financial records.
To perform KYC verification of landlords and tenants as required by law.
To send transactional communications (rent reminders, maintenance updates, lease renewals).
To comply with applicable Indian laws including FEMA, Income Tax Act, and RERA regulations.
To detect fraud, prevent unauthorised access, and ensure platform security.
To send marketing communications where you have given explicit consent.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share data with trusted third parties only as necessary:

Payment Processors: Razorpay, NPCI (for UPI), and banking partners to process rent transactions.
KYC Partners: Authorised KYC agencies for identity verification as mandated by RBI guidelines.
Cloud Infrastructure: Amazon Web Services (Mumbai region) for secure data storage and processing.
Communication Services: Twilio and Gupshup for SMS and WhatsApp notifications.
Legal Authorities: When required by court order, law enforcement, or regulatory bodies.

5. Data Retention

We retain personal data for the following periods: account data for the duration of your subscription plus 3 years; financial records for 7 years as required by Indian tax law; KYC documents for 5 years as required by PMLA regulations; communication logs for 2 years. You may request deletion of non-mandatory data by contacting privacy@makaanone.com.

6. Your Rights Under DPDPA 2023

As a data principal under India's Digital Personal Data Protection Act, 2023, you have the right to:

Access a summary of personal data processed about you.
Correct inaccurate or outdated personal data.
Erasure of personal data where processing is no longer necessary.
Nominate another individual to exercise these rights on your behalf.
Withdraw consent at any time (without affecting lawfulness of prior processing).
File a complaint with the Data Protection Board of India.

To exercise these rights, email us at privacy@makaanone.com.

7. Contact Our Data Protection Officer

For any privacy-related queries, contact our DPO at dpo@makaanone.com or write to: MakaanOne Technologies Pvt. Ltd., Attn: Data Protection Officer, Mumbai, Maharashtra, India.

Terms of Service

Effective: 1 January 2025 · Version 3.0

Important: By accessing or using MakaanOne, you agree to be bound by these Terms. Please read them carefully. If you do not agree, do not use our services.

1. Acceptance of Terms

These Terms of Service ("Terms") constitute a legally binding agreement between you and MakaanOne Technologies Pvt. Ltd. governing your access to and use of the MakaanOne platform, website, mobile application, and related services (collectively, the "Service"). By creating an account or using the Service, you confirm that you are at least 18 years of age and have the legal authority to enter this agreement.

2. Description of Service

MakaanOne provides a software-as-a-service (SaaS) platform for property owners, landlords, and their tenants to manage rental properties in India. Features include, but are not limited to: digital lease agreements, online rent collection, maintenance request tracking, tenant communication, and financial reporting. MakaanOne acts as a technology intermediary and does not directly own, lease, manage, or broker any property.

3. Account Registration and Responsibilities

You must provide accurate, complete, and current information during registration. You are responsible for maintaining the confidentiality of your login credentials and for all activity that occurs under your account. You agree to immediately notify MakaanOne of any unauthorised use of your account. MakaanOne reserves the right to terminate accounts that contain inaccurate or misleading information.

4. Subscription Plans and Billing

MakaanOne offers a free tier and paid subscription plans (Pro and Business). All paid plans are billed monthly or annually in Indian Rupees (INR) including applicable GST. Subscriptions auto-renew at the end of each billing cycle. You may cancel at any time; cancellation takes effect at the end of the current billing period with no refund for the remaining period, except where required by applicable consumer law. Pricing is subject to change with 30 days' notice to your registered email.

5. Prohibited Conduct

You agree not to:

Use the Service to list fictitious, fraudulent, or illegally obtained properties.
Collect rent for properties you do not own or have no legal authority to manage.
Upload false tenant verification documents or misrepresent your identity.
Attempt to reverse-engineer, scrape, or copy any part of the platform.
Use the Service in violation of RERA, Rent Control Acts, or any applicable Indian law.
Harass, threaten, or discriminate against any tenant on the platform.

6. Intellectual Property

The MakaanOne platform, including all software, algorithms, designs, logos, and content, is the exclusive property of MakaanOne Technologies Pvt. Ltd. and is protected under the Copyright Act, 1957 and applicable intellectual property laws. You are granted a limited, non-exclusive, non-transferable licence to use the Service for your personal and commercial property management purposes only.

7. Limitation of Liability

To the maximum extent permitted by applicable law, MakaanOne shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to loss of rent, loss of data, or loss of business, arising out of or related to your use of the Service. MakaanOne's total aggregate liability shall not exceed the amount you paid us in the 3 months preceding the claim.

8. Governing Law and Dispute Resolution

These Terms are governed by the laws of India. Any dispute arising under these Terms shall first be attempted to be resolved through good-faith negotiation. If unresolved within 30 days, disputes shall be submitted to binding arbitration under the Arbitration and Conciliation Act, 1996, with proceedings conducted in English in Mumbai, Maharashtra.

9. Contact

For questions about these Terms, contact us at legal@makaanone.com.

Cookie Policy

Effective: 1 January 2025 · Version 1.2

In short: We use cookies to make MakaanOne work, to understand how you use it, and to show you relevant content. You can manage your preferences at any time.

1. What Are Cookies?

Cookies are small text files placed on your device by websites you visit. They are widely used to make websites function correctly, improve efficiency, and provide information to site owners. MakaanOne uses both first-party cookies (set by us) and third-party cookies (set by our service partners).

2. Types of Cookies We Use

Strictly Necessary Cookies — These are essential for the platform to function and cannot be disabled. They include session authentication tokens, CSRF protection, and load-balancing cookies. No personal data is shared with third parties via these cookies.

Performance & Analytics Cookies — We use Google Analytics 4 to understand how users interact with our platform (page views, session duration, feature usage). This data is anonymised and aggregated. You may opt out via Google's opt-out browser add-on.

Functional Cookies — These cookies remember your preferences (language, dashboard layout, notification settings) to provide a personalised experience. Disabling them may affect platform usability.

Marketing Cookies — With your consent, we use pixels from Google Ads and Meta (Facebook) to measure the effectiveness of our advertising campaigns. These cookies do not store payment or property data.

3. Cookie Retention Periods

Session cookies: Expire when you close your browser.
Authentication cookies: 30 days (or until sign-out).
Preference cookies: 12 months.
Analytics cookies: Up to 24 months.
Marketing cookies: Up to 90 days.

4. Managing Your Cookie Preferences

You can control cookies through:

Our Cookie Banner: Update preferences at any time by clicking "Cookie Settings" in the website footer.
Browser Settings: Most browsers allow you to block or delete cookies. Refer to your browser's help documentation for instructions.
Third-Party Opt-Outs: Visit aboutads.info or youronlinechoices.com to opt out of interest-based advertising.

Please note that disabling certain cookies may impair the functionality of the MakaanOne platform, including the ability to log in or process payments.

5. Changes to This Policy

We may update this Cookie Policy to reflect changes in our practices or applicable laws. We will notify you of material changes via email or a prominent notice on our platform.

6. Contact

Questions about our cookie practices? Contact us at privacy@makaanone.com.

Security

Last reviewed: March 2025

Our commitment: We treat the security of your property data, tenant records, and financial information as a top priority. MakaanOne is built on enterprise-grade infrastructure with multiple layers of protection.

1. Infrastructure Security

MakaanOne's platform is hosted exclusively on Amazon Web Services (AWS) in the ap-south-1 (Mumbai) region, ensuring your data remains within India's borders and subject to Indian data sovereignty regulations. Our infrastructure is protected by:

AWS Virtual Private Cloud (VPC) with strict network access control lists.
Web Application Firewall (WAF) protecting against OWASP Top 10 vulnerabilities.
DDoS protection via AWS Shield Standard and Advanced.
Automated vulnerability scanning and patch management.
99.9% uptime SLA with multi-availability-zone redundancy.

2. Data Encryption

All data is protected using industry-standard encryption protocols:

In Transit: All communications between your browser/app and our servers use TLS 1.3. HTTP connections are automatically redirected to HTTPS.
At Rest: All stored data, including database records, backups, and document storage, is encrypted using AES-256.
Payment Data: We are PCI DSS compliant. Card data is tokenised by Razorpay and never stored on MakaanOne servers.
Aadhaar/PAN Data: KYC documents are encrypted with separate, rotating keys and access is strictly audited.

3. Access Controls

We enforce strict access control policies internally and within the platform:

Role-based access control (RBAC) with principle of least privilege.
Multi-factor authentication (MFA) mandatory for all MakaanOne employees with system access.
All internal access to production systems is logged, monitored, and reviewed quarterly.
Customers can enable MFA on their own accounts via Settings > Security.
Session tokens expire after 30 minutes of inactivity.

4. Certifications and Compliance

ISO/IEC 27001:2022 — Information Security Management System
PCI DSS Level 1 (via Razorpay integration)
Compliance with India's Digital Personal Data Protection Act, 2023
RERA-compliant data handling for property transaction records
Annual third-party penetration testing by CERT-In empanelled auditors

5. Incident Response

In the event of a security incident, MakaanOne follows a documented Incident Response Plan. Affected users will be notified within 72 hours of discovery of any breach that poses a risk to their personal data, in compliance with DPDPA 2023 requirements. We maintain a dedicated security incident log reviewed by our CISO.

6. Responsible Disclosure

We welcome reports of security vulnerabilities from the security research community. If you discover a potential security issue, please disclose it responsibly by emailing security@makaanone.com with a detailed description. We aim to acknowledge reports within 24 hours and resolve critical issues within 72 hours. We do not take legal action against researchers who follow responsible disclosure guidelines.