PRIVACY POLICY OF RENTILIUM

This Privacy Policy ("Policy") governs the manner in which 7Sky Technovation Ltd., operating under the brand name "Rentilium" ("Company", "we", "our", or "us"), collects, receives, stores, processes, discloses, and protects personal data through its Software-as-a-Service (SaaS) platform, "Rentilium" ("Platform"). The Platform is offered to clients, namely landlords, property managers, and affiliated property management entities ("Clients"), for the sole purpose of enabling the digital management of real estate rental operations.

This Policy is in strict conformity with the provisions of the Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable laws of India. This document intends to establish clear boundaries and obligations between the Data Fiduciary (our Client) and Rentilium, which functions solely as a Data Processor.

NOTICE FOR TENANTS (DATA PRINCIPAL)

• Who we are - Rentilium is the software platform your landlord or property manager uses to run rental operations. We do not decide why or how your personal data is used; we simply store and process it for them.
• What Data We Receive - Details shared with us by your landlord or property manager may include:
  • Identity and contact information: Your name, phone number, email address, and residential address.
  • Lease and payment information: Rent amount, due dates, invoices, and transaction history.
  • KYC or verification documents: Such as Aadhaar, PAN, or other identification documents as required by law.
• Your privacy rights - Under the Digital Personal Data Protection Act, 2023, you can ask to access, correct, erase, or withdraw consent for your data. Because your landlord/property manager is the Data Fiduciary, please contact them first to exercise these rights.
• How we help - If your landlord needs our assistance to honour your request, we will support them promptly.
• Security - Your data is encrypted in transit and at rest and is protected by strict access controls.
• No marketing or resale - Rentilium never sells or markets your personal data.

DEFINITIONS

For the purposes of this Privacy Policy, the following terms shall have the meanings assigned below, consistent with the Digital Personal Data Protection Act, 2023:

• “Data Principal” refers to the individual to whom the personal data relates. In the context of the Rentilium Platform, this typically includes tenants, landlords, or other individuals whose data is collected and processed by the Client.
• “Data Fiduciary” means any person or entity that alone or in conjunction with others determines the purpose and means of processing personal data. For the purpose of this Policy, our Clients- namely property owners, property managers, and affiliated real estate businesses, or any other Business buying Rentilium to do business- act as the Data Fiduciaries.
• “Data Processor” refers to any person or entity who processes personal data on behalf of a Data Fiduciary. 7Sky Technovation Ltd., operating as Rentilium, functions as the Data Processor under this Policy.

ROLE OF RENTILIUM UNDER LAW

Under the Digital Personal Data Protection Act, 2023 (DPDP Act), Rentilium functions in the capacity of a Data Processor. We do not determine the purpose or the means of processing personal data; such determinations are made exclusively by our Clients, who are the designated Data Fiduciaries under the DPDP Act.

We process personal data strictly in accordance with the documented instructions issued by our Clients and do not independently collect, use, or retain personal data for any purpose beyond what has been expressly authorised by the Client.

CATEGORIES OF PERSONAL DATA PROCESSED

In the course of providing services to our Clients, we may process the following categories of personal data, as uploaded, entered, or transferred by the Client to the Platform:

• Identity Data: Includes full name, date of birth, gender, photograph, government-issued identity documents and numbers such as Aadhaar, Permanent Account Number (PAN), passport number, or any other identification credentials as required by the Client.
• Contact Data: Includes email addresses, mobile numbers, telephone numbers, residential or correspondence addresses, and any other means of physical or digital communication.
• Financial and Transactional Data: Includes bank account numbers, UPI IDs, rent payment details, transaction logs, billing history, invoices, and other financial information necessary for rent processing and reporting.
• Tenancy and Lease Data: Includes details of the leased property, rental and deposit amounts, duration and terms of tenancy, maintenance requests, ownership documentation, and lease or license agreements.
• Usage and Activity Data: Includes activity logs, login history, access timestamps, application navigation patterns, session durations, user preferences, search queries, and metadata arising from platform interaction.
• Device and Technical Data: Includes device type, model, operating system, browser type, version, IP address, MAC address, unique device identifiers, geolocation data (where enabled), and diagnostic logs for support and troubleshooting.
• Third-Party and Integration Data: Includes data obtained from or shared with third-party service providers (such as payment gateways, digital KYC vendors, identity verification services, background check agencies), as authorized by the Client and processed under contractual or legal obligations.

Each of the above categories is processed solely on behalf of the Client, as per documented contractual terms, and in compliance with the principles of necessity, proportionality, and purpose limitation under applicable law.

PURPOSE OF PROCESSING

The above categories of personal data are processed by Rentilium solely for the purpose of delivering services as instructed by the Client, in accordance with its role as a Data Processor. These purposes include, but are not limited to, the following:

• Digital Onboarding of Tenants: Facilitating the creation of user accounts, submission of KYC documentation, tenant background verification, and initial profile setup, all based on inputs and workflows defined by the Client.
• Lease and Agreement Management: Assisting in the generation, digital execution, and secure storage of rental agreements, license deeds, and other tenancy-related documents, as per the templates or terms provided by the Client.
• Financial Operations: Automating the creation of rent invoices, tracking rent collection, maintaining ledgers, sending reminders for dues, and reconciling transaction data, including integration with payment gateways where applicable.
• Tenant-Landlord Communication: Enabling messaging, notification services, service request submissions, and maintenance coordination between tenants and property owners/managers through platform features.
• Analytics and Dashboard Services: Providing Clients with role-based access to dashboards and analytical tools that generate reports on occupancy, revenue, maintenance trends, and other operational metrics.
• Platform Maintenance and User Support: Ensuring seamless platform functionality, performing software updates, responding to service requests, and resolving technical issues reported by the Client or its authorized users.

Under no circumstances shall Rentilium utilise personal data for marketing, cross-selling, data monetization, profiling, or any secondary purpose, except where explicitly instructed and authorized in writing by the Data Fiduciary (Client).

DATA PRINCIPAL RIGHTS AND CLIENT RESPONSIBILITY

As a Data Processor, Rentilium does not directly respond to or fulfil individual rights requests from Data Principals. The responsibility to ensure compliance with the Data Principal’s rights, as enumerated under the Digital Personal Data Protection Act, 2023, rests solely with the Client, who functions as the Data Fiduciary.

Specifically, the Client shall be solely responsible for:

• Obtaining valid consent from the Data Principal that is free, informed, specific, unambiguous, and given through clear affirmative action;
• Providing transparency by informing Data Principals of the categories of personal data collected, the purposes of processing, the data retention period, and the mechanisms to exercise their rights;
• Facilitating the exercise of rights under Chapter III of the DPDP Act 2023, including:
  • Right to access personal data processed,
  • Right to correction and erasure,
  • Right to grievance redressal,
  • Right to withdraw consent.

Additionally, under Section 14 of the DPDP Act, the Data Fiduciary is obligated to provide the Data Principal with the right to nominate another individual to exercise their rights under the Act in the event of death or incapacity. Rentilium relies on its Clients to incorporate mechanisms within their operational processes to capture and act upon such nominations.

Rentilium shall provide all reasonable cooperation and technical support necessary to assist the Client in responding to valid data rights requests. Such cooperation will be rendered strictly upon receiving documented instructions from the Client and in accordance with the contractual terms governing our engagement.

Rentilium shall not be held liable for any failure of the Client to comply with its obligations as a Data Fiduciary under the DPDP Act or any applicable data protection laws.

5. SECURITY SAFEGUARDS

Rentilium implements appropriate technical and organisational safeguards to protect personal data against unauthorized access, destruction, loss, alteration, or disclosure. These measures include:

• End-to-end encryption of data in transit and at rest.
• Role-based access controls.
• Secure cloud architecture with failover protection.
• Incident detection and breach notification mechanisms.
• Regular audits, vulnerability assessments, and patch management.
• All personnel having access to personal data are bound by strict confidentiality obligations.

6. DATA RETENTION AND DELETION

Personal data processed on the Platform shall be retained only for such duration as is necessary to fulfil the purposes specified by the Client, or as may be required by applicable law, regulatory obligation, or contractual requirement. The specific retention period shall be determined by the Client as the Data Fiduciary, and Rentilium shall act in accordance with the documented instructions provided.

In the absence of such specific instructions, Rentilium shall apply a default retention period not exceeding ninety (90) days from the date of termination of services or the fulfilment of the processing purpose, whichever is earlier, unless a longer retention period is legally required.

Upon the occurrence of termination, expiration of the retention period, or upon written instruction from the Client, Rentilium shall:

• Permanently erase or irreversibly anonymize all personal data from active systems;
• Provide a written confirmation or certificate of deletion, upon written request by the Client;
• Ensure deletion from all backup and disaster recovery systems within a commercially reasonable period, not exceeding thirty (30) days from the deletion date.

Rentilium shall maintain audit trails of data deletion activities in accordance with its internal policies and retain such audit logs for compliance purposes as may be mutually agreed with the Client.

COOKIES AND TRACKING TECHNOLOGIES

Rentilium may deploy cookies, pixels, and other similar tracking technologies on the Platform, either directly or through authorized third-party service providers, for the following legitimate purposes:

• Maintaining user sessions: To enable and sustain secure login sessions and prevent session hijacking or unauthorized access during authenticated use of the Platform.
• Platform diagnostics and analytics: To collect anonymized statistical data that helps identify performance issues, optimize system load, and understand usage patterns across different modules of the application.
• Enhancing functionality and user experience: To remember user preferences, personalize dashboard displays, facilitate smoother navigation, and enable quicker access to frequently used features.

These tracking technologies may include:

• Session cookies: Temporary and deleted after a user closes the browser.
• Persistent cookies: Stored on the user's device for a defined period to retain preferences.
• Third-party analytics cookies: Used for aggregated metrics and service improvement, subject to client enablement.

By default, Rentilium does not use cookies to collect personal data unless explicitly configured to do so by the Client (Data Fiduciary).

Users can manage or disable cookies through their browser settings. However, please note that disabling essential or strictly necessary cookies may adversely affect platform functionality, security, and usability. Where applicable, the Client shall be responsible for implementing consent banners or cookie notices in compliance with local privacy laws.

CHILDREN'S DATA

Rentilium is not designed to knowingly process personal data of children (below 18 years of age) without the lawful consent of a parent or legal guardian.

As per Section 9 of the Digital Personal Data Protection Act, 2023, the Client (Data Fiduciary) is solely responsible for:

• Ensuring that verifiable consent has been obtained from the parent or lawful guardian before collecting or uploading any child’s personal data to the Platform;
• Ensuring that the personal data of children is not processed in a manner likely to cause harm;
• Avoiding tracking, profiling, behavioural monitoring, or targeted advertising directed at children;
• Maintaining documentation or audit trails to demonstrate compliance with the above obligations.

Rentilium, acting solely as a Data Processor, processes children’s data strictly based on documented instructions from the Client and assumes no liability for the Client’s failure to comply with their obligations under Section 9 of the DPDP Act.

GRIEVANCE REDRESSAL

End-users must first approach the Client (Data Fiduciary) for any grievances related to data processing. In case of unresolved issues concerning the functioning of the Platform or its technical compliance, the Grievance Officer for Rentilium may be contacted:

• Email Id: support@rentilium.com
• Response Time: Within 10 working days

AMENDMENTS

This Policy may be updated or modified by Rentilium to reflect legal, regulatory, or operational changes. Clients will be notified of material changes. Continued use of the Platform post-update constitutes acknowledgment.