Home

🔒 Your data, your control

How Kaagazaat handles your personal information under India’s Digital Personal Data Protection Act, 2023.

In one paragraph

We only collect what is essential to draft your documents (your name, phone, ID numbers, property details). We encrypt sensitive fields at rest. We never sell or share your data with third parties for marketing. You can ask us to show, correct, or delete your data at any time.

📥 What we collect

• Phone number (for OTP login) • Name, email, date of birth (optional) • Aadhaar and PAN numbers (only the fields you type into the document forms) • Property addresses, sale considerations, witness details — only as part of the document you generate • Basic device info (browser, IP) for security logs

🗄️ Where we store it

On secure servers in India (Mumbai / Singapore region) operated by Neon and Vercel. Aadhaar and PAN are encrypted at rest using AES-256-GCM with a key rotated quarterly. Generated DOCX files are stored on Vercel Blob with non-guessable URLs.

⚖️ Legal basis for processing

Under the DPDP Act, we process your data on the basis of your explicit consent given when you sign in and submit a form. You can withdraw that consent at any time by deleting your account — see "Your rights" below.

🗑️ How long we keep it

• Form drafts (in-progress documents): 90 days after last activity • Generated documents and their underlying data: 7 years (legal records retention) • Audit logs (sign-ins, document generations): 1 year • Phone OTPs: auto-deleted after 10 minutes

🤝 Who else sees it

Nobody, by default. We do not sell your data. We do not share it with advertisers. We only share it with: (a) you, in your dashboard; (b) law enforcement, when required by a written legal notice; (c) our payment processor, when you upgrade to a paid plan.

🛡️ Your rights under DPDP

You have the right to: • See all your personal data — request a copy by emailing privacy@kaagazaat.com • Correct anything that is wrong • Delete your account and all associated data • Take your data to another service in a structured format • Withdraw consent at any time We respond to all requests within 7 working days.

🔐 How we keep it safe

• AES-256-GCM encryption for Aadhaar / PAN at rest • HTTPS / TLS 1.3 for every page load and form submission • httpOnly session cookies — JavaScript cannot read your token • Rate-limited OTP and login endpoints to block brute-force • Audit log of every administrative action on your account

📞 Grievance officer

If you believe we have mishandled your data, please contact our Data Protection Officer: Email: privacy@kaagazaat.com Response within: 72 hours If unresolved, you may escalate to the Data Protection Board of India under the DPDP Act 2023.

🛠 dpdp.actions.heading

dpdp.actions.body

Last updated: 2026-06-17. We will email you any time this notice materially changes.

Home