Privacy Policy
Last Updated: 21/01/2026
Theia Real Estate Private Limited (hereinafter referred to as "Theia Estate," "Company," "we," "us," or "our") is committed to maintaining the confidentiality, integrity, and security of the personal information entrusted to us by our investors, channel partners, and digital visitors.
This Privacy Policy ("Policy") constitutes a legal agreement between you and Theia Estate. It outlines our comprehensive practices regarding the collection, use, processing, storage, and disclosure of your personal data. Given the fiduciary nature of real estate investment and the high value of transactions facilitated through our platform, we adhere to stringent data privacy standards comparable to those in the financial services sector.
By accessing our website, using our partner portals, or engaging with our investment services, you expressly consent to the terms of this Policy.
1. Scope and Definitions
This Policy applies to all services offered by Theia Estate, including but not limited to our website, mobile applications, offline consultation services, and partner interfaces.
- "Personal Information" refers to any information that relates to a natural person which, either directly or indirectly, in combination with other information available, is capable of identifying such person.
- "Investor" refers to any individual or entity inquiring about, purchasing, or managing real estate assets through Theia Estate.
- "Channel Partner" refers to brokers, agencies, or consultants registered with Theia Estate to facilitate transactions.
- "Processing" refers to any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, or destruction.
2. Comprehensive Information Collection
We collect data to ensure compliance, facilitate complex transactions, and provide bespoke investment advice. The categories of data collected include:
A. Information Provided by Investors & Clients
To facilitate asset acquisition and financial due diligence:
- Identity & KYC Data: Full name, date of birth, gender, marital status, PAN Card number, Aadhaar number (masked/redacted as per regulation), Passport details (for NRIs), and photographs.
- Contact Data: Permanent and correspondence addresses, email addresses, and verified mobile numbers.
- Financial & Investment Profile: Annual income range, source of funds, investment budget, risk appetite, preferred asset classes (e.g., commercial, residential, land), and existing portfolio details provided during consultations.
- Transaction Data: Details of payments to/from Theia Estate or developers, bank account numbers, IFSC codes, and cheque details for booking amounts.
B. Information Provided by Channel Partners
To manage commercial relationships and regulatory compliance:
- Entity Verification: RERA Registration certificates, GSTIN, Incorporation Certificates, and Partnership Deeds (if applicable).
- Professional Details: Office location, areas of operation, and authorized signatory details.
- Payout Information: Bank account details, cancelled cheques, and tax deduction (TDS) status.
- Lead Data: Information regarding prospective clients introduced to Theia Estate. Note: We acknowledge your proprietary interest in this data and use it strictly for attribution and transaction processing.
C. Information Collected Automatically (Technical Data)
When you navigate our digital platforms:
- Device Information: IP address, operating system, device type (mobile/desktop), unique device identifiers, and browser type.
- Usage Logs: Clickstream data, page response times, download errors, length of visits to certain pages, and page interaction information (scrolling, clicks).
- Location Data: General geographic location based on IP address to serve relevant property listings.
3. Purpose and Legal Basis for Processing
We process your data strictly under the following legal bases:
- Contractual Necessity: To perform the services you have requested, such as processing a booking form, executing a Channel Partner Agreement, or facilitating a sale deed.
- Legal Obligation: To comply with the Real Estate (Regulation and Development) Act (RERA), Income Tax Act, Prevention of Money Laundering Act (PMLA), and other applicable Indian laws.
- Legitimate Business Interests:
- Investment Thesis Distribution: To send you curated investment analyses, market reports, and opportunity notes that match your financial profile.
- Fraud Prevention: To verify identities and prevent financial fraud or unauthorized access to our portals.
- Network Security: To protect our digital infrastructure from cyber-attacks and unauthorized data scraping.
- Service Improvement: To analyze user behavior and optimize our asset recommendations and digital interface.
4. Disclosure and Sharing of Information
We maintain a strict policy of confidentiality. We do not sell, trade, or rent your personal information to third parties for marketing purposes. Data is shared only in the following restricted circumstances:
- Property Developers/Sellers: For Investors purchasing a property, relevant KYC and contact details must be shared with the developer or landowner to generate the Agreement for Sale and Allotment Letter.
- Financial & Legal Intermediaries: We may share data with escrow banks, mortgage providers (upon your request), legal counsels for title verification, and chartered accountants for tax compliance.
- Trusted Service Providers: We utilize enterprise-grade third-party processors for CRM management, cloud hosting (e.g., AWS/Azure), and secure email delivery. These providers are bound by strict Data Processing Agreements (DPAs) prohibiting them from using your data for any other purpose.
- Regulatory Authorities: We may disclose your information to RERA authorities, tax tribunals, law enforcement agencies, or courts if required by a valid legal order or to protect the rights and safety of Theia Estate and its stakeholders.
5. Data Security Measures
Theia Estate employs industry-leading technical and organizational measures to safeguard your data:
- Encryption: All sensitive data is transmitted via Secure Socket Layer (SSL) technology and encrypted at rest where applicable.
- Access Controls: Internal access to Investor and Partner data is governed by a strict "Least Privilege" principle. Only authorized employees with a direct business need can access sensitive records.
- Regular Audits: We conduct periodic reviews of our data collection, storage, and processing practices to guard against unauthorized access.
- Incident Response: We have protocols in place to identify, assess, and contain any suspected data breaches.
6. Data Retention Policy
We retain personal data only as long as necessary to fulfill the purposes outlined in this Policy, or as required by law:
- Transaction Records: Retained for a minimum of eight (8) years to comply with the Income Tax Act and potential RERA audits.
- Lead & Inquiry Data: Retained for business intelligence and relationship continuity until such time as the user requests deletion or the data is deemed obsolete.
- Anonymization: Upon the expiry of the retention period, we may securely delete your personal data or anonymize it (removing all personal identifiers) for statistical analysis, in which case we may use this information indefinitely without further notice.
7. Your Rights and Choices
Subject to applicable laws, you possess the following rights:
- Right to Confirmation and Access: You may request confirmation of whether we are processing your data and request a copy of the same.
- Right to Correction: You may request the rectification of inaccurate or incomplete personal data.
- Right to Withdraw Consent: You may withdraw your consent for receiving investment theses or marketing communications at any time via the "Unsubscribe" link in our emails or by contacting us.
- Right to Erasure: You may request the deletion of your data, provided there is no overriding legal requirement for us to retain it (e.g., pending transactions or tax records).
8. Cookies and Tracking Technologies
- Essential Cookies: Required for the operation of our secure Partner and Customer portals.
- Analytical Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our website.
- Functionality Cookies: Used to recognize you when you return to our website (e.g., remembering your language or region).
- Control: You can block cookies by activating the setting on your browser; however, if you block all cookies, you may not be able to access all or parts of our site.
9. Third-Party Links
Our Platform may contain links to third-party websites (e.g., developer sites, news articles, payment gateways). This Policy applies solely to information collected by Theia Estate. We are not responsible for the privacy practices or content of third-party sites. We encourage you to read the privacy policies of any external sites you visit.
10. Limitation of Liability
While Theia Estate takes every reasonable precaution to secure your data, no method of transmission over the Internet or method of electronic storage is 100% secure. By using our Platform, you acknowledge and accept that Theia Estate cannot guarantee absolute security and shall not be liable for any indirect, incidental, consequential, or punitive damages arising from unauthorized access to your data despite our best efforts and compliance with industry standards.
11. Updates to This Policy
We reserve the right to modify this Privacy Policy at any time to reflect changes in our practices or legal obligations.
- Notification: Significant changes will be communicated via email to registered users or through a prominent notice on our website.
- Acceptance: Your continued use of our services after the effective date of the revised Policy constitutes your acceptance of the terms.