Last updated: May 6, 2026

Privacy Policy

This policy explains what information Grihpa collects from customers and dealers, how we use it, and the choices you have.

1. Information we collect

From customers: name, phone number, project address (city / locality), product categories of interest, budget range, and any photos or notes you attach to a quote request.

From dealers: business name, contact person, phone, email, business address, GSTIN (if applicable), product catalogue, and bids/quotes you submit.

Automatic: standard server logs (IP address, user agent, timestamps) and basic analytics events to understand how people use the service.

2. How we use it

  • match customers with relevant dealers for the requested categories;
  • share dealer contact details with a customer after they pay the reveal fee, and share customer contact details with a dealer after the same;
  • process payments through Razorpay and/or Cashfree Payments;
  • send transactional messages over WhatsApp, SMS, or email (e.g. quote received, reveal unlocked, payment captured);
  • improve the service, prevent fraud, and comply with the law.

3. Sharing

We share information only in these cases:

  • Between customers and dealers — names and contact details are revealed only after the relevant reveal fee is paid.
  • Service providers — Razorpay and Cashfree Payments (payments), our messaging providers (WhatsApp, Twilio), Supabase (database), and Railway (hosting). They process data on our behalf under their own security obligations.
  • Legal — if required by law, a court order, or to protect our rights or safety.

We do not sell your personal information to third parties for advertising.

4. How long we keep it

We retain quote requests, bids, and payment records for as long as your account is active and for up to 7 years after that to meet accounting and tax obligations under Indian law. Server logs are rotated within 30 days.

5. Your choices

  • Access & correction: email grihpa@gmail.com from your registered address and we will provide or correct the information we have.
  • Deletion: you can request deletion of your account and associated data, subject to retention obligations above.
  • Marketing messages: use the unsubscribe link in any non-transactional email or reply STOP to opt out of WhatsApp / SMS marketing. Transactional messages (payment receipts, reveal unlocks) cannot be opted out of while the account is active.

6. Cookies

We use minimal first-party cookies for session management and basic analytics. We do not use third-party advertising or cross-site tracking cookies.

7. Security

We use industry-standard practices: TLS for data in transit, encrypted storage at rest, role-based access on the database, and short-lived tokens for authentication. No system is perfectly secure — please use a unique password and report any suspected compromise to grihpa@gmail.com.

8. Children

The service is not directed at children under 18. If you believe a child has used the service, contact us and we will delete the data.

9. Changes

We may update this policy. The “Last updated” date at the top reflects the current version. Material changes will be announced on the home page or via email where we have one on file.

10. Contact

Privacy questions? Email grihpa@gmail.com or visit our Contact page.