BreezeStay
DPDP Act 2023 Compliant

Data
Sovereignty.

Your privacy is anchored in Indian soil. We never export your data, never monetize your identity, and strictly protect your residency records.

Effective Date: 18 April 2026

1. Geographic Isolation & Data Residency

In accordance with BreezeStay's commitment to national sovereignty, your PII (Personally Identifiable Information) is stored exclusively within the AWS Mumbai (ap-south-1) or Hyderabad regions.

While encrypted telemetry logs may transit global Cloudfront/AWS edge nodes for security filtering, we strictly prohibit the sale, monetization, or active export of your identity profile outside the jurisdiction of the Republic of India.

Zero Cross-Border Transfers
Mumbai / Hyderabad AWS Nodes
Hardware-Level AES Encryption
Sovereign Infrastructure control

2. Purpose Limitation & Data Minimization

We collect only what is legally or operationally required to maintain a secure, high-trust digital residency ecosystem:

Identity Verification (KYC)

Pursuant to the Prevention of Money Laundering Act (PMLA) and regulatory frameworks, Government IDs (Aadhaar, PAN) are processed exclusively to verify renter profiles and support HRA tax compliance.

Professional Profiling

Official work email verification and professional links are used solely to establish renter trust rankings and security scoring.

Visual Condition Records

Condition photos uploaded during the mandatory 24h Move-in Audit are encrypted and stored solely as evidence to prevent fraudulent deposit deductions.

3. Security Engineering Framework

TLS 1.3 Encryption

All data in transit is encrypted using modern TLS standards. Non-HTTPS connections are blocked.

PII Redaction Filters

Telemetry logs automatically scrub database keys, PAN, Aadhaar, and password hashes.

Session Versioning

JWT payloads are version-claimed to support immediate global logout across all active browsers.

4. DPDP Rights & Right to Be Forgotten

Under the Digital Personal Data Protection Act (DPDP Act), 2023, you have absolute control over your digital footprint. You can review, correct, or request complete deletion of your records.

Data rights requests can be executed directly from your account settings. Certain financial transactions and agreement data must be retained under statutory requirements.

Execute Deletion SLA (7 Days)

Data Sharing & Retention Schedule

Recipient Categories

Limited transaction data is shared only with payment gateways, cloud servers, KYC compliance desks, and regulatory agencies when legally ordered.

Minor Safeguards

BreezeStay is exclusively intended for adults. We do not knowingly collect information from individuals under the age of 18.

Retention Limits:
  • Active Accounts: for account life and ongoing service delivery
  • Tax & Invoice Records: 8 years as required under applicable tax (GST/IT) laws
  • Security & Fraud telemetry logs: up to 180 days unless required longer for law enforcement investigations
  • Backup Systems: up to 90 days rolling backup retention

Privacy Support Hub

For specific privacy grievances, email us at support@breezestay.in. Grievance acknowledgment timeline: within 48 hours; target dispute resolution: within 15 business days.

Statutory India Compliance Disclosure

BreezeStay is a brand name and technology facilitator operated by Jigyasu Singh Chouhan. It is currently in a pre-incorporation stage and is not a separate legal entity. These policies align with the Digital Personal Data Protection Act, 2023, and Consumer Protection (E-Commerce) Rules, 2020.

Platform Operator: Jigyasu Singh Chouhan (Individual Proprietor)

Support Desk: support@breezestay.in (within 48 hours)

Grievance Officer: Jigyasu Singh Chouhan

Escalation Node: support@breezestay.in

India Aggregator framework compliance • Secure Protocol

© 2026 BreezeStay. All Rights Reserved.