Last updated: 28 June 2026
Template notice: This is a template provided for convenience. Review with qualified legal counsel and complete the bracketed details before publishing.
This Privacy Policy is designed to comply with the Digital Personal Data Protection Act, 2023 (India) and the rules made under it, the EU General Data Protection Regulation (Regulation (EU) 2016/679) and the UK GDPR, and the California Consumer Privacy Act as amended by the California Privacy Rights Act (“CCPA/CPRA”). Where a specific law gives you additional rights, the relevant region-specific section below applies to you.
Doordap Realty Pvt. Ltd. (“Doordap”, “we”, “us”, or “our”) is a real-estate marketing and sales company incorporated in India with its registered office at Oxford Towers, 139, HAL Old Airport Rd, Kodihalli, Bengaluru, Karnataka 560008. We operate the website www.doordap.com(the “Site”) and provide marketing, demand-generation, and sales services for real-estate developers (“Developer Clients”).
This Policy explains how we handle personal data in two distinct roles:
This Policy applies to the Site, to our enquiry and lead-capture forms, to advertising we run on platforms such as Meta and Google, and to communications we have with you by email, telephone, and messaging (including WhatsApp).
When you submit an enquiry, request a call-back, or otherwise contact us, we collect:
We run paid advertising campaigns on platforms including Meta (Facebook and Instagram) and Google. When you respond to an ad or submit an instant lead form on those platforms, or land on a campaign page, we receive the contact and enquiry details you provide, together with campaign attribution data (such as the ad, audience segment, and referring platform).
When you speak with our sales team, we may record or take notes of telephone calls and retain WhatsApp and messaging conversations for quality, training, follow-up, and record-keeping purposes. Where a call is recorded, we will tell you at the start of the call, and you may ask us not to record.
When you browse the Site, we may collect technical and usage information automatically:
Analytics (Google Analytics 4) and advertising measurement (Meta Pixel) are activated only after you give consent through our cookie-consent banner, and you can change or withdraw that consent at any time via the Cookie settings link in our footer.
In our processor role (Section 1 and Section 11), we collect and handle home-buyer and prospect data (typically name, contact details, enquiry details, and site-visit and booking information) on behalf of a Developer Client for a specific project. We process that data only on the Developer Client’s documented instructions.
Where we act as a controller / data fiduciary, we rely on the following purposes and legal bases. “Consent” refers to consent under the DPDP Act 2023 and Article 6(1)(a) GDPR; “legitimate interests” refers to Article 6(1)(f) GDPR (and an equivalent reasonable-purpose basis where recognised).
| Purpose | Data used | Legal basis |
|---|---|---|
| Respond to your enquiry, qualify it, and communicate with you | Contact & enquiry data, call/chat records | Consent; performance of pre-contract steps; legitimate interests |
| Connect qualified buyers and partners with relevant Developer Client projects | Enquiry data, preferences | Consent; legitimate interests |
| Deliver, target, and measure advertising on Meta, Google, and other platforms | Campaign/lead data, Meta Pixel & analytics data (with consent) | Consent |
| Send marketing, newsletters, and project updates you have asked for | Contact data, preferences | Consent (withdrawable at any time) |
| Understand Site usage and improve performance and content | Device/usage data, GA4 cookies (with consent) | Consent |
| Maintain records, quality, training, and security; prevent fraud and misuse | Call/chat records, log files, IP addresses | Legitimate interests; legal obligation |
| Comply with legal, tax, regulatory, and RERA obligations | Relevant records as required | Legal obligation |
Where we rely on consent, you may withdraw it at any time (see Section 8). Withdrawal does not affect the lawfulness of processing carried out before withdrawal. Where we rely on legitimate interests, you may object as described in Section 9.
We use strictly-necessary cookies to operate the Site, and, only with your consent, analytics and marketing cookies. Strictly-necessary cookies do not require consent. All other categories are off by default until you opt in. You can accept, reject, or fine-tune each category in our cookie banner, and reopen those controls at any time via the Cookie settings link in the footer. Full detail, including the specific cookies and their lifespans, is in our Cookie Policy.
We do not sell your personal data for money. We share it only with the categories of recipients below, and only to the extent necessary for the purposes described above. Each third party is bound by a contract (and, where required, a data-processing agreement) that restricts their use of the data.
| Recipient | Role / purpose | Where processed |
|---|---|---|
| Developer Clients | Receive qualified buyer/partner enquiries relevant to their project so they can progress a sale | India |
| Google LLC (Google Analytics 4) | Aggregated Site analytics (with consent) | United States / global |
| Meta Platforms, Inc. (Meta Pixel & lead ads) | Advertising delivery, measurement, and lead capture (with consent) | United States / global |
| Custom CRM, self-hosted on DigitalOcean (DigitalOcean, LLC) | Lead and customer-relationship management | India / Singapore |
| WhatsApp Business Platform (Meta Platforms, Inc.) | Lead communication and conversation records via the WhatsApp API | United States / global |
| Cloud telephony provider (Airtel, Jio, Twilio, or Exotel) | Call handling, routing, and call recordings | India (Twilio: United States / global) |
| Email service provider (Mailjet, Mailchimp, SendGrid, or Brevo) | Sending newsletters and project updates you have requested | European Union / United States |
| Cloudflare, Inc. and Vercel Inc. | Site hosting, CDN, delivery, and server logs | United States / global |
| Professional advisers | Lawyers, accountants, and auditors, as needed | India |
| Regulatory / law-enforcement authorities | Where we are legally required to disclose | As applicable |
| Acquirers in a corporate transaction | In a merger, acquisition, or asset sale, subject to confidentiality | As applicable |
For the purposes of the CCPA/CPRA, our use of advertising and analytics technologies (such as the Meta Pixel) may be treated as a “sale” or “sharing” of personal information for cross-context behavioural advertising. You can opt out as described in Section 10.
Some of our service providers (for example, Google and Meta) process data outside India, including in the United States. Where personal data of individuals in the EEA or UK is transferred to a country without an adequacy decision, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses (and the UK Addendum / International Data Transfer Agreement), together with supplementary measures where needed. We transfer personal data internationally only to countries not restricted by the Central Government under the DPDP Act 2023. You may request a copy of the relevant safeguard by contacting us.
We keep personal data only for as long as necessary for the purposes for which it was collected, and then securely delete or anonymise it. Our default retention periods are:
| Data type | Retention period |
|---|---|
| Enquiry / lead data that does not convert | Up to 24 months from last interaction |
| Client and transaction records | Duration of the engagement plus up to 8 years, for tax and legal compliance |
| Call recordings and WhatsApp / chat logs | Up to 12 months, unless needed for a dispute |
| Marketing-consent records | Until consent is withdrawn, plus a short proof-of-consent record |
| Cookie-consent records | Up to 12 months, after which we re-ask |
| Aggregated / anonymised analytics | May be retained indefinitely (no longer identifies you) |
If you are in India, under the DPDP Act 2023 you have the right to:
If you are in the EEA or the UK, you additionally have the right to:
Our EU/UK representative for data-protection matters is [Article 27 GDPR representative: name and contact, if appointed].
If you are a California resident, you have the right to:
You may use an authorised agent to submit a request on your behalf, subject to verification. We do not knowingly sell or share the personal information of consumers under 16.
To exercise any right, email privacy@doordap.com with your request and enough information for us to verify your identity. We will respond within the period required by applicable law (generally within 30 days under the DPDP Act and GDPR, and within 45 days under the CCPA/CPRA, with extensions where permitted). Exercising your rights is free, unless a request is manifestly unfounded or excessive.
When we collect or handle home-buyer and prospect data for a specific project on behalf of a Developer Client, the Developer Client is the controller / data fiduciary and we act as its processor. In that role we:
If you submitted your details in response to a specific project and wish to exercise your rights over that data, please contact the relevant Developer Client; we will support that request and can help direct you to the right contact.
We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing. We do use analytics and advertising platforms that perform audience segmentation and measurement (with your consent) to make our marketing more relevant; this does not determine any outcome about you without human involvement.
We implement reasonable technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include HTTPS encryption in transit, access controls and role-based permissions, vendor due diligence, and periodic reviews. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If a personal-data breach occurs, we will notify the relevant authorities and affected individuals where and as required by applicable law.
The Site is intended for business professionals and adult buyers, and is not directed at children. Under the DPDP Act 2023 we do not process the personal data of a child (under 18) without verifiable parental consent, and we do not undertake tracking, behavioural monitoring, or targeted advertising directed at children. Under the GDPR and CCPA/CPRA we do not knowingly collect data from minors below the applicable age. If we learn we have inadvertently collected such data, we will delete it promptly.
In accordance with the DPDP Act 2023 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, our Grievance Officer is:
Grievances will be acknowledged within 48 hours and resolved within the period required by law (generally 30 days). If your grievance is not resolved, you may approach the Data Protection Board of India once constituted, or your local supervisory authority.
We may update this Privacy Policy from time to time. Material changes will be notified by posting the revised Policy on this page with an updated “Last updated” date and, where appropriate, by a more prominent notice or by re-requesting consent. We encourage you to review this Policy periodically.
If you have questions about this Policy or how we handle your personal data, contact: