Legal Center

Privacy Policy

Version 1.0Updated April 25, 2026Rudraleela Private Limited

Privacy Policy

RUDRALEELA PRIVATE LIMITED Operating the ROMANCHA Technology Platform
Effective Date: April 25, 2026 Version: 1.0

INTRODUCTION

Rudraleela Private Limited ("ROMANCHA", "Company", "we", "us", "our"), operating the ROMANCHA technology platform, is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our platform, website (romancha.in), mobile applications, and related services (collectively, the "Platform" or "Services").

This Privacy Policy is incorporated into and subject to our Terms of Service. By accessing or using the Platform, you consent to the collection, use, and disclosure of your information as described herein.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Platform.

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

We collect information that you voluntarily provide when using the Platform, including:

1.1.1 Account Registration Information

  • Full name
  • Email address
  • Phone number
  • Password (stored in encrypted form)
  • Date of birth
  • Gender (optional)
  • Profile photograph

1.1.2 Identity Verification (KYC) Information

  • Government-issued identification documents:
- Aadhaar Card (number and supporting documents)

- PAN Card

- Passport

- Voter ID

- Driving License

  • Photograph for verification purposes
  • Address proof documents
  • Selfie/video for biometric verification

1.1.2A Video Verification and Biometric Data (Detailed)

We collect the following during video verification processes:

For Guest Video Verification:
  • Live video recording of your face during verification
  • Photograph capture from government ID document
  • Facial biometric data for comparison purposes
  • Device information during verification
  • IP address and timestamp of verification
For Guest Check-in Verification:
  • Video recording of check-in verification process
  • GPS coordinates at time of check-in (with accuracy indication)
  • Timestamp and duration of check-in verification
  • Device identification data
For Host Identity Verification:
  • Live video recording during ID verification
  • Government ID document images
  • Facial comparison data
  • Verification interview recording (if applicable)
For Host Property Verification:
  • Video walkthrough of the property
  • GPS coordinates establishing property geofence
  • Property exterior photographs with location data
  • Timestamp of verification submission and approval
Important Biometric Data Notice:
  • Facial biometric data is used solely for identity verification
  • We do not use biometric data for any other purpose
  • Biometric comparison is performed using automated systems
  • Raw biometric templates are not stored; only verification results are retained
  • All biometric processing complies with applicable data protection laws

1.1.3 Host Information

  • Property details and photographs
  • Bank account details for payouts
  • GSTIN (if applicable)
  • Property ownership or authorization documents
  • Emergency contact information

1.1.4 Booking Information

  • Booking dates and preferences
  • Number of guests
  • Purpose of travel (optional)
  • Special requests
  • Communication with Hosts

1.1.5 Payment Information

  • We do not store complete credit/debit card numbers
  • Payment processing is handled by our payment service provider (Razorpay)
  • We may store partial card information (last 4 digits, card type) for reference
  • Bank account details for Host payouts
  • UPI IDs (if applicable)

1.1.6 Communications

  • Messages between Guests and Hosts
  • Customer support inquiries
  • Feedback and reviews
  • Survey responses

1.2 Information Collected Automatically

When you use the Platform, we automatically collect certain information:

1.2.1 Device and Technical Information

  • Device type, model, and operating system
  • Unique device identifiers
  • Browser type and version
  • IP address
  • Mobile network information

1.2.2 Usage Information

  • Pages visited and features used
  • Search queries
  • Listings viewed
  • Booking history
  • Time spent on Platform
  • Clickstream data

1.2.3 Location Information

  • Approximate location based on IP address
  • Precise location (with your consent) for:
- Finding nearby Accommodations

- Navigation to properties

- Location-based recommendations

1.2.3A Geofencing and Check-in Verification Data

We collect specific location data for verification purposes:

Guest Check-in Geofencing:
  • Precise GPS coordinates at time of check-in verification
  • Location accuracy indicator (GPS accuracy typically varies ±50-200 meters depending on device, network conditions, environment, and property size)
  • Timestamp of location capture
  • Distance from property geofence boundary
  • Verification result (inside/outside geofence)
Property Geofencing Data:
  • Precise GPS coordinates of property location (captured during Host verification)
  • Geofence radius established for the property
  • Location data is permanently locked after property verification approval
  • Any location modifications post-verification are logged for audit
Technical Disclosure:

GPS technology has inherent limitations. Location accuracy typically ranges from ±50-200 meters and may be affected by:

  • Device hardware and software
  • Network connectivity (WiFi, cellular, GPS satellites)
  • Environmental factors (buildings, weather, indoor/outdoor)
  • Device settings and permissions
  • Property size and boundary configuration

We use this data to verify that Guests are physically present at the property during check-in, enhancing security for both Hosts and Guests.

1.2.4 Cookies and Similar Technologies

  • Session cookies (for authentication)
  • Preference cookies
  • Analytics cookies
  • Marketing cookies (with consent)

1.3 Information from Third Parties

We may receive information from third parties:

  • Social Login Providers: If you register using Google or other social accounts, we receive your profile information from those services
  • Payment Processors: Transaction confirmation and fraud prevention data from Razorpay
  • Identity Verification Services: We may receive KYC validation results from government-approved identity verification services as required for regulatory compliance
  • Verification Partners: Where legally permissible, verification data for Host and property validation
  • Public Databases: For identity verification and fraud prevention purposes

2. HOW WE USE YOUR INFORMATION

2.1 Essential Platform Operations

We use your information to:

  • Create and manage your account
  • Process bookings and payments
  • Facilitate communication between Guests and Hosts
  • Provide customer support
  • Send booking confirmations and updates
  • Process refunds and cancellations
  • Enable identity verification

2.2 Platform Improvement

  • Analyze usage patterns to improve features
  • Develop new services and functionality
  • Conduct research and analytics
  • Test and troubleshoot issues
  • Personalize user experience

2.3 Safety and Security

  • Verify user identities
  • Detect and prevent fraud
  • Investigate suspicious activities
  • Enforce Terms of Service
  • Comply with legal obligations
  • Protect rights and safety of users

2.4 Communications

  • Send service-related notifications
  • Respond to inquiries and support requests
  • Send promotional communications (with consent)
  • Deliver important policy updates
  • Conduct surveys and gather feedback

2.5 Legal and Regulatory Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests and court orders
  • Meet tax and financial reporting obligations
  • Maintain records as required by law
  • Report to regulatory authorities when required

3. LEGAL BASIS FOR PROCESSING

We process your personal information based on the following legal grounds:

Processing ActivityLegal Basis
Account creation and managementContract performance
Booking processingContract performance
Payment processingContract performance
Identity verificationLegal obligation
Fraud preventionLegitimate interest
Platform improvementLegitimate interest
Marketing communicationsConsent
Customer supportLegitimate interest
Legal complianceLegal obligation

4. INFORMATION SHARING AND DISCLOSURE

4.1 With Other Users

  • Guest information shared with Hosts: Name, profile photo, booking details, contact information (after booking confirmation), purpose of visit
  • Host information shared with Guests: Property details, location, photos, reviews, host profile

4.2 With Service Providers

We share information with trusted third parties who assist in operating the Platform:

Service ProviderPurposeData Shared
RazorpayPayment processingTransaction details, account info
AWS/Cloud ProvidersHosting and storageAll platform data (encrypted)
DigiLocker/UIDAIIdentity verificationAadhaar number, name
SMS/Email ProvidersCommunicationsPhone number, email, message content
Analytics ProvidersUsage analyticsAnonymized/pseudonymized usage data

All service providers are contractually bound to:

  • Process data only as instructed
  • Maintain confidentiality
  • Implement appropriate security measures
  • Delete data upon request

4.3 With Government and Law Enforcement

We may disclose information when required by law or in response to:

  • Court orders and legal processes
  • Requests from law enforcement agencies
  • Regulatory compliance requirements
  • Protection of our legal rights
  • Prevention of illegal activities
  • National security requests
Note: We may not be able to notify you of such disclosures due to legal restrictions.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such transfer and any choices you may have.

4.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

5. DATA RETENTION

5.1 Retention Periods

Data TypeRetention PeriodReason
Account informationDuration of account + 5 yearsLegal and tax requirements
KYC documents5 years after last activityPMLA compliance
Video Verification recordings5 years after last activityPMLA compliance
Guest check-in videos1 year after stay completionSecurity and dispute resolution
Property verification videosUntil property delisted + 2 yearsCompliance and audit
Geofencing/location dataBooking duration + 90 daysSecurity and dispute resolution
Booking records7 yearsTax and accounting requirements
Payment records7 yearsFinancial regulations
Communications2 yearsDispute resolution
Marketing dataUntil consent withdrawnConsent-based processing
Usage logs2 yearsSecurity and analytics

5.1A Data Localization

All verification data is stored in India. In compliance with Indian data protection requirements:
  • Primary data storage servers are located within Indian territory
  • Video Verification recordings are stored in India
  • Property verification data is stored in India
  • Check-in geofencing data is stored in India
  • Biometric comparison data is processed and stored in India

Cross-border data transfer, if any, is conducted in compliance with applicable laws and with appropriate safeguards.

5.2 Deletion

Upon account termination or deletion request:

  • We will delete or anonymize your personal information within 30 days
  • Certain information may be retained as required by law
  • Aggregated, anonymized data may be retained indefinitely

6. DATA SECURITY

6.1 Security Measures

We implement industry-standard security measures:

Technical Measures:
  • Encryption of data in transit (TLS/SSL)
  • Encryption of sensitive data at rest (AES-256)
  • Secure password hashing (bcrypt)
  • Firewall protection
  • Intrusion detection systems
  • Regular security assessments
Organizational Measures:
  • Employee training on data protection
  • Access controls and authorization
  • Background checks for employees
  • Confidentiality agreements
  • Incident response procedures

6.2 Security Incident Response

In the event of a data breach:

  • We will investigate immediately
  • Affected users will be notified within 72 hours where required by law
  • Regulatory authorities will be notified as required
  • Remediation measures will be implemented

6.3 Your Responsibilities

You are responsible for:

  • Maintaining confidentiality of your credentials
  • Using strong, unique passwords
  • Reporting suspected unauthorized access
  • Keeping your contact information updated

7. YOUR RIGHTS AND CHOICES

7.1 Access and Portability

You have the right to:

  • Request access to your personal information
  • Receive a copy of your data in a portable format
  • Know what information we have collected
How to exercise: Contact us at privacy@romancha.in or use the "Download My Data" feature in account settings.

7.2 Correction

You have the right to:

  • Correct inaccurate personal information
  • Update outdated information
  • Complete incomplete information
How to exercise: Edit your profile in account settings or contact support.

7.3 Deletion (Right to Erasure)

You have the right to:

  • Request deletion of your personal information
  • Request removal of your account
Limitations: We may retain certain information as required by law or for legitimate business purposes. How to exercise: Use the "Delete Account" feature or contact privacy@romancha.in.

7.4 Withdrawal of Consent

You may withdraw consent for:

  • Marketing communications
  • Location tracking
  • Non-essential cookies
  • Optional data sharing
Note: Withdrawal does not affect processing conducted before withdrawal.

7.5 Objection to Processing

You may object to processing based on legitimate interests. We will cease processing unless we have compelling legitimate grounds.

7.6 Communications Preferences

You can manage communication preferences:

  • Email unsubscribe links
  • SMS opt-out by replying "STOP"
  • Push notification settings in app
  • Account notification preferences

8. COOKIES AND TRACKING TECHNOLOGIES

8.1 Types of Cookies We Use

Cookie TypePurposeDuration
EssentialAuthentication, security, basic functionalitySession
FunctionalPreferences, language settings1 year
AnalyticsUsage statistics, platform improvement2 years
MarketingTargeted advertising (with consent)1 year

8.2 Cookie Management

You can manage cookies through:

  • Browser settings
  • Our cookie consent banner
  • Account privacy settings
Note: Disabling essential cookies may affect Platform functionality.

8.3 Do Not Track

We currently do not respond to "Do Not Track" browser signals due to lack of industry standard.

9. CHILDREN'S PRIVACY

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

If we discover that we have collected information from a child, we will:

  • Delete such information promptly
  • Notify the parent/guardian if required

If you believe we have collected information from a child, please contact us immediately.

10. INTERNATIONAL DATA TRANSFERS

10.1 Data Localization

In compliance with Indian data protection requirements:

  • Primary data storage is in India
  • Critical personal data is stored within Indian territory
  • KYC documents are stored within India

10.2 Cross-Border Transfers

Certain data may be processed by service providers outside India. When this occurs, we ensure:

  • Adequate data protection measures
  • Standard contractual clauses (where applicable)
  • Compliance with applicable laws

11. SPECIFIC PROVISIONS FOR INDIA

11.1 Information Technology Act, 2000

We comply with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, including:

  • Designation of a Grievance Officer
  • Implementation of reasonable security practices
  • Prior consent for collection of sensitive personal data

11.2 Digital Personal Data Protection Act (When Enacted)

We are committed to compliance with India's evolving data protection framework and will update this policy accordingly.

11.3 Aadhaar-Specific Provisions

  • Aadhaar numbers are collected only for identity verification
  • Virtual IDs accepted where possible
  • Aadhaar data processed in compliance with UIDAI guidelines
  • Biometric data is not stored

12. UPDATES TO THIS POLICY

We may update this Privacy Policy from time to time. When we make material changes:

  • We will notify you via email and/or Platform notification
  • The "Effective Date" will be updated
  • Your continued use after notification constitutes acceptance

We encourage you to review this policy periodically.

13. CONTACT US

13.1 Privacy Questions

For questions about this Privacy Policy or our privacy practices:

Email: privacy@romancha.in

13.2 Grievance Officer

In accordance with the Information Technology Act, 2000, we have designated a Grievance Officer:

Name: Ram Email: grievance@romancha.in Address: H NO-107 KUMHIYA PATTI, PRATAPGARH, UTTAR PRADESH - 230135 Response Time: Within 30 days of receiving a complaint

13.3 Data Protection Officer

Email: dpo@romancha.in

14. SUMMARY OF KEY POINTS

TopicSummary
Data CollectionAccount info, KYC, booking details, usage data, device info
Data UsePlatform operations, safety, communications, improvement
Data SharingOther users, service providers, legal requirements
Data SecurityEncryption, access controls, security assessments
Your RightsAccess, correction, deletion, portability, consent withdrawal
Data StoragePrimarily in India; 5-7 year retention for legal compliance
CookiesEssential, functional, analytics, marketing (with consent)
ChildrenNot for users under 18
Contactprivacy@romancha.in
BY USING THE PLATFORM, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR INFORMATION AS DESCRIBED HEREIN.
Last Updated: April 25, 2026 Document Version: 1.0

Related Policies

Terms of ServiceCancellation PolicyPayments TermsTaxes Policy