A calm, complete sales system for developers—accurate inventory, one‑click offers, a clean buyer site, and WhatsApp follow‑ups.

How fast can we go live?

In 24 hours once your project data is ready. We set up your branded project site with real‑time availability and instant offers.

Does it work with our CRM?

Yes. You can use Citiwise on its own or alongside your existing CRM. Start with inventory, offers, and the buyer site; add more as needed.

Bank‑grade security, role‑based access, and a full audit trail for inventory and offers. Clear documents and history support compliance without extra work.

Legal

Privacy Policy

Last updated: January 11, 2026

This Privacy Policy ("Policy") explains how HALFWRONG LLP (LLPIN: ACU-0811), operating the Citiwise platform ("Citiwise," "we," "us," or "our"), collects, uses, discloses, and protects personal data when you use our websites, project microsites, dashboard, and related services (collectively, the "Services").

We are committed to protecting your privacy and handling your data transparently. This Policy applies to all users of our Services, including real estate developers ("Customers"), their team members, prospective property buyers who interact with Customer microsites ("Leads"), and website visitors.

We operate in compliance with applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (India), the General Data Protection Regulation (GDPR) where applicable, and the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA) where applicable.

1. Data Controller and Processor Roles

Citiwise as Controller: We act as the data controller for personal data we collect directly from you for our own purposes, such as account registration, billing, platform analytics, and customer support.

Citiwise as Processor: When Customers upload data about their projects, buyers, leads, or team members, we act as a data processor on behalf of the Customer, who remains the data controller for that data. Customers are responsible for ensuring they have appropriate legal bases to share such data with us.

2. Personal Data We Collect

2.1 Account and Profile Data

When you create an account, we collect: name, email address, phone number (optional), password (stored as a secure hash), company/organization name, and role.

2.2 Billing and Transaction Data

When you subscribe or make purchases, we collect: billing name and address, GST/tax identification numbers (if provided), transaction history, and payment method details (processed by our payment provider; we do not store full card numbers).

2.3 Customer Content

Data you upload to the Services, including: project details (name, location, RERA information), unit inventory (areas, pricing, status), buyer/lead information (names, contact details, addresses), offer letter details, and uploaded files (images, documents, brochures).

2.4 Lead Data (Microsite Visitors)

When prospective buyers submit enquiries via Customer microsites, we collect: name, email, phone number, enquiry message, and the specific unit or project of interest. This data is collected on behalf of the Customer.

2.5 Usage and Technical Data

We automatically collect: IP address, browser type and version, device information, operating system, pages visited, time spent, referring URLs, and interaction patterns. We may also collect error logs and performance data to improve our Services.

2.6 Communications Data

Records of communications with us (support requests, emails), metadata about shares via WhatsApp or other channels, and any feedback or surveys you provide.

3. How We Use Your Data

We process personal data for the following purposes:

Service Provision: To operate and provide the Services, including hosting microsites, managing inventory, generating offer letters, and processing leads.
Account Management: To create and manage your account, authenticate access, and communicate about your subscription.
Billing: To process payments, generate invoices, and manage your subscription.
Support: To respond to your requests, provide customer support, and resolve issues.
Security: To protect against unauthorized access, fraud, abuse, and security threats.
Improvement: To analyze usage patterns, improve features, fix bugs, and develop new functionality.
Legal Compliance: To comply with applicable laws, regulations, and legal processes.
Communications: To send service updates, security alerts, and (with consent where required) marketing communications.

4. Legal Bases for Processing

Depending on the jurisdiction and type of data, we rely on the following legal bases:

Contract Performance: Processing necessary to provide the Services under our agreement with you.
Legitimate Interests: Processing necessary for our legitimate business interests, such as improving Services, preventing fraud, and ensuring security, balanced against your rights.
Consent: Where required, we obtain your consent for specific processing activities (e.g., marketing communications, certain cookies).
Legal Obligation: Processing necessary to comply with applicable laws.

5. Data Sharing and Subprocessors

We do not sell your personal data. We share data only as described below:

5.1 Service Providers (Subprocessors)

We use trusted third-party service providers to operate our Services:

Supabase: Database hosting, authentication, and file storage (Singapore/US regions)
Vercel: Web hosting and deployment (Global CDN)
Razorpay: Payment processing (India)
Resend: Transactional email delivery (US)

These providers process data on our behalf under appropriate contractual terms. For a current list of subprocessors, contact privacy@citiwise.in.

5.2 Other Disclosures

We may disclose data: (a) to comply with legal obligations, court orders, or government requests; (b) to protect our rights, property, or safety, or that of our users or the public; (c) in connection with a merger, acquisition, or sale of assets (with appropriate confidentiality protections); or (d) with your consent.

6. Cookies and Tracking Technologies

We use cookies and similar technologies for:

Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
Analytics Cookies: To understand usage patterns and improve the Services. We may use privacy-focused analytics providers.
Preference Cookies: To remember your settings and preferences.

You can control non-essential cookies through your browser settings or our cookie preferences (where available). Disabling certain cookies may affect functionality. For more details, see our Cookie Policy.

7. International Data Transfers

Our Services are primarily hosted in India and Singapore. Some of our subprocessors may process data in the United States or other countries. When we transfer data internationally, we implement appropriate safeguards, including: contractual protections (Standard Contractual Clauses where applicable), selecting providers with robust security certifications, and ensuring compliance with applicable data protection laws.

8. Data Security

We implement commercially reasonable technical and organizational measures to protect personal data, including:

Encryption in transit (TLS/HTTPS) and at rest
Secure authentication with password hashing
Role-based access controls
Regular security assessments
Audit logging of access and changes
Secure infrastructure with reputable cloud providers

No method of transmission or storage is completely secure. We cannot guarantee absolute security but are committed to protecting your data. For security concerns, contact security@citiwise.in.

9. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law:

Account Data: Retained while your account is active and for a reasonable period thereafter for legal compliance.
Customer Content: Retained during your subscription. After termination, available for export for 30 days, then deleted.
Billing Records: Retained as required by tax and accounting laws (typically 7-10 years in India).
Usage Logs: Typically retained for 12-24 months for security and analytics purposes.

10. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights:

Access: Request a copy of your personal data we hold.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your data where no longer necessary or where you withdraw consent.
Portability: Receive your data in a structured, commonly used format.
Restriction: Request restriction of processing in certain circumstances.
Objection: Object to processing based on legitimate interests.
Withdraw Consent: Where processing is based on consent, withdraw it at any time.
Complaint: Lodge a complaint with a supervisory authority.

To exercise these rights, contact privacy@citiwise.in. We may need to verify your identity before processing your request. We will respond within the timeframes required by applicable law.

11. Children's Privacy

Our Services are intended for business use by adults (18 years or older). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@citiwise.in and we will delete it promptly.

12. Third-Party Links and Services

Our Services may contain links to third-party websites or enable sharing via third-party platforms (such as WhatsApp). We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies before providing them with personal data.

13. Changes to This Policy

We may update this Policy from time to time. When we make material changes, we will update the "Last updated" date and notify you via email or through the Services. Your continued use of the Services after changes take effect constitutes acceptance of the updated Policy.

14. Jurisdiction-Specific Information

14.1 India (DPDP Act 2023)

If you are located in India, the following applies:

We process your data in accordance with the Digital Personal Data Protection Act, 2023 and Information Technology Rules, 2011.
You have the right to access, correct, and erase your personal data, and to lodge a grievance.
Our Grievance Officer can be reached at privacy@citiwise.in with subject line "Grievance - Privacy".
If your grievance is not resolved within 30 days, you may escalate to the Data Protection Board of India (once constituted).

14.2 European Economic Area and UK (GDPR)

If you are located in the EEA or UK:

We process your data in accordance with the GDPR/UK GDPR.
You have rights to access, rectification, erasure, restriction, portability, and objection.
For international transfers, we use Standard Contractual Clauses or other approved mechanisms.
You have the right to lodge a complaint with your local supervisory authority.
For a Data Processing Addendum, contact legal@citiwise.in.

14.3 California (CCPA/CPRA)

If you are a California resident:

You have the right to know what personal information we collect, use, and disclose.
You have the right to request deletion of your personal information.
You have the right to opt-out of the "sale" or "sharing" of personal information. We do not sell personal information.
You have the right to non-discrimination for exercising your privacy rights.
To exercise your rights, contact privacy@citiwise.in.

15. Contact Us

For questions about this Privacy Policy or to exercise your privacy rights:

Privacy Inquiries: privacy@citiwise.in
Data Protection / DPA Requests: legal@citiwise.in
Security Concerns: security@citiwise.in
General: hello@citiwise.in

HALFWRONG LLP (LLPIN: ACU-0811). Registered office address available upon written request to legal@citiwise.in.