Terms of Service
Last updated: 18 June 2026
- This is the agreement between you (the brokerage) and GharStack. It applies to everyone who signs in under your workspace.
- Your data belongs to you. We store it, process it on your instructions, and delete it when you leave.
- As a brokerage, you are a Data Fiduciary under the DPDP Act 2023 for the leads and clients whose data you store in GharStack; GharStack is your Data Processor. The Data Processing Addendum (Schedule A, below) sets out our respective obligations.
- The aggregate liability cap covers contractual claims only. It does not limit penalties imposed by the Data Protection Board of India under the DPDP Act.
- Data-protection disputes follow the DPDP Act's statutory pathway, not private contractual jurisdiction clauses.
1. Acceptance
By signing up you agree to these Terms and our Privacy Policy. If you sign up on behalf of a brokerage, you confirm you have authority to bind it. These Terms are a binding contract under the Indian Contract Act, 1872. By accepting, you confirm you are 18 years of age or older and have legal capacity to contract under Indian law.
2. Definitions
- "GharStack" / "we" / "us" — P-Logix Software Private Limited, CIN U72900KA2019FTC129142, incorporated 29 October 2019, registered at #1207/343 & 1207/1/343/1, 9th Main, 7th Sector, HSR Layout, Bengaluru, Karnataka 560102.
- "You" / "your" — the brokerage entity and every individual who signs in under it, including the Owner and all Agents.
- "Service" — the GharStack web application, its API, and related properties.
- "Workspace" — the data, settings, and users under a single brokerage account.
- "Data Fiduciary" / "Data Processor" — as defined under the DPDP Act 2023. For workspace lead and client data, the brokerage is the Data Fiduciary and GharStack is the Data Processor.
3. Your account
- You must be at least 18 and authorised to operate a brokerage in India. If we discover a contracting party is a minor under Section 11 of the Indian Contract Act, 1872, we may terminate the account and delete the workspace, and are not liable for loss arising from such termination.
- GharStack does not knowingly collect personal data from persons under 18.
- Your mobile number is your identity — keep it secure. GharStack is not responsible for actions taken by anyone in possession of your OTP.
- The Owner can add or remove Agents and is responsible for ensuring every Agent is 18 or older. If a minor has been added, remove them immediately and notify grievance@gharstack.com; we will delete any related personal data promptly.
4. Plans, trials & billing
- 14-day free trial — all Pro features, no card required. After 14 days your workspace becomes read-only until you subscribe.
- Starter — ₹499/month, up to 3 users, core features.
- Pro — ₹1,499/month, up to 10 users, commissions, team dashboard, and roles.
- All prices are inclusive of GST. A GST invoice is issued for every successful payment.
Refunds & cancellation. We do not refund partial months; if you cancel mid-cycle, you keep access until the end of the current billing cycle. If a payment fails, we retry on day 3 and day 7; after day 7 your workspace becomes read-only.
Payment discrepancies. If a payment is debited but not received by GharStack (e.g. gateway/bank error), notify us at grievance@gharstack.com with the transaction reference. We will investigate within 7 working days, will not hold you liable for amounts debited but demonstrably not received by us, and apply the relevant payment intermediary's terms and RBI settlement guidelines. If unresolved within 30 days, either party may raise a formal dispute under Section 13 below.
5. Acceptable use
You agree not to use GharStack to:
- Send unsolicited bulk messages (spam) in violation of Indian DND regulations or our policies.
- Scrape, reverse-engineer, or access another workspace's data.
- Store or process personal data for which you lack a lawful basis under the DPDP Act. As a Data Fiduciary for your clients and leads, you are responsible for obtaining and maintaining valid consent or another lawful basis before entering their data.
- Resell or rebrand GharStack without a written partnership agreement with P-Logix Software Private Limited.
- Engage in any activity that violates the DPDP Act 2023 or other applicable Indian law, including processing beyond the purpose for which data was collected, failing to respond to Data Principal rights requests, or submitting false grievances.
6. Your content
Your workspace data belongs to you. GharStack claims no ownership over your leads, properties, photos, or other content, does not use it to train AI models, and does not share it beyond what is documented in our Privacy Policy. You grant GharStack a limited, non-exclusive licence to store, process, and display your content solely to operate the Service for you, on your instructions, and in accordance with Schedule A.
7. Your obligations as Data Fiduciary
By storing lead and client data in GharStack you are the Data Fiduciary and are responsible for:
- Collecting personal data only for specified, lawful purposes with a valid legal basis (consent or a legitimate use under s.7 DPDP Act).
- Providing your own privacy notice to leads and clients whose data you enter.
- Responding to rights requests from your leads and clients within the 7-day window under Rule 10 of the DPDP Rules. We assist as described in Schedule A, but the primary obligation is yours.
- Notifying your leads and clients of any breach affecting their data under Section 8(6); we will notify you of breaches affecting workspace data per Schedule A.
- Ensuring every Agent you add has consented to processing of their own personal data (name, mobile number) for providing the Service.
GharStack has a residual compliance obligation under the DPDP Act that cannot be fully contracted away, and may suspend or terminate a workspace where it reasonably believes the platform is being used in violation of the DPDP Act, regardless of any contractual indemnity.
8. Data Principal rights for lead data
If a person whose data is in your workspace contacts GharStack directly to exercise a DPDP right, we will acknowledge within 48 hours, forward the request to you within 7 days with sufficient information to act, and assist per Schedule A. The primary obligation to respond within the statutory 7-day window rests with you. We will not act unilaterally (e.g. delete lead records) without your instruction, except where required by a valid order of the Data Protection Board or a competent court. If you do not respond to a forwarded request within the 7-day window and we have reason to believe continued processing is unlawful, we reserve the right to suspend processing of the relevant data pending resolution.
9. Duties of users under the DPDP Act
Section 15 of the DPDP Act imposes duties on every Owner and Agent: do not impersonate another person, suppress material information you must disclose, or file false or frivolous grievances; and comply with all applicable laws, including those governing third-party personal data. We reserve the right to suspend or terminate accounts that violate these duties.
10. Third-party personal data
You warrant that all personal data you enter about individuals who are not registered GharStack users ("Third-Party Personal Data") was collected in compliance with the DPDP Act — that valid notice was given and, where required, consent obtained, before entry. GharStack processes such data solely as your Data Processor on your instructions. You shall indemnify and hold harmless P-Logix Software Private Limited against any claim, penalty, or proceeding brought by a Third-Party Data Principal or the Data Protection Board arising from your failure to comply with this clause.
11. Availability & support
- We target 99.5% uptime, measured monthly and reported on the status page.
- Scheduled maintenance is announced at least 48 hours in advance.
- Support is provided in English and Hindi via WhatsApp, 10:00–19:00 IST, Monday to Saturday.
- Critical issues (workspace inaccessible, data loss) are responded to within 4 working hours, all days.
12. Suspension & termination
Cancellation by you. Cancel any time in Account → Subscription. Your data stays accessible in read-only mode for 90 days (reminders at day 60 and day 80); after 90 days all workspace data — including lead/client data for which you are the Data Fiduciary — is permanently deleted. We help you export before deletion. See Schedule A.
Suspension or termination by GharStack. We may suspend or terminate a workspace for: violation of Acceptable Use (Section 5); violation of applicable data protection law including the DPDP Act (processing without a lawful basis, failing to respond to rights requests, facilitating unlawful collection, or storing illegal content); or breach of the Section 15 duties (Section 9). In these cases we give notice of the reason and a 7-day opportunity to remedy, unless an immediate-suspension ground applies.
Immediate suspension (without prior notice) may occur where the violation is severe, ongoing, or involves illegal data processing likely to harm Data Principals; is a security threat to our infrastructure or other workspaces; involves fraud or impersonation; or is subject to a Data Protection Board direction or court order. We will notify the brokerage of the reason within 24 hours and, where remediable, allow a reasonable period to remedy.
13. Liability
GharStack is provided on a commercially reasonable efforts basis with the security safeguards described in our Privacy Policy (TLS 1.3, AES-256, restricted production access, annual CERT-In VAPT). We do not guarantee uninterrupted service, and are not liable for failures resulting from circumstances beyond our reasonable control (force majeure, government action, infrastructure failure, third-party platform outages).
The "as is" framework and the liability cap do not shield GharStack from liability arising from failure to implement the specific security safeguards it has represented, or from failure to meet Section 8(5) of the DPDP Act; such DPDP liability remains intact and is governed by the DPDP Act.
To the extent permitted by Indian law, GharStack's aggregate liability for any contractual claim is limited to the fees you paid in the 12 months preceding the claim. This cap applies only to contractual claims and does not limit any statutory penalty, fine, or order imposed by the Data Protection Board or any regulator under the DPDP Act or other law — the Section 33 penalty schedule is fixed by Parliament and cannot be modified by contract. Nothing limits liability for gross negligence, wilful misconduct, or any liability that cannot be excluded under Indian law.
14. Disputes & governing law
These Terms are governed by the laws of India. Any contractual dispute (billing, service availability, contractual liability) is first subject to 30 days of good-faith negotiation; if unresolved, it is subject to the exclusive jurisdiction of the courts of Bengaluru, Karnataka. This does not oust the jurisdiction of the Data Protection Board of India: Data Principals may file complaints with the Board, appealable to the Appellate Tribunal and thereafter the High Court and Supreme Court — this statutory pathway cannot be displaced by these Terms. Where a dispute involves the US parent, Practical Logix LLC, US courts may independently assert jurisdiction over it; these Terms do not govern the liability of Practical Logix LLC, a separate legal entity.
15. Modifications
- Material changes (pricing, liability, data-processing obligations, Data Principal rights) are notified at least 30 days before taking effect via an in-app banner and email to the Owner.
- Non-material changes (corrections, clarifications) may be made with shorter notice and an updated "Last updated" date.
- Continued use after a material change takes effect constitutes acceptance. If you do not accept, you may terminate before the effective date.
- The previous version remains available at gharstack.com/terms/v1 for one year.
16. General
- If any provision is unenforceable, the rest continues in force.
- Failure to enforce a provision is not a waiver of the right to enforce it later.
- These Terms, the Privacy Policy, and Schedule A are the entire agreement between GharStack and the brokerage regarding the Service.
17. Grievance Officer
In accordance with Section 13 of the DPDP Act 2023 and the IT (Intermediary Guidelines) Rules 2021, our designated Grievance Officer is:
- Name
- Shagufta Syed, Technical Project Manager & Grievance Officer
- Entity
- P-Logix Software Private Limited
- Address
- #1207/343 & 1207/1/343/1, 9th Main, 7th Sector, HSR Layout, Bengaluru, Karnataka 560102
- grievance@gharstack.com
Grievances are acknowledged within 24 hours and resolved within 7 working days (DPDP Rules, Rule 14). If unsatisfied, you may escalate to the Data Protection Board of India; once its online complaint portal is operational, its URL will be added here.
Schedule A — Data Processing Addendum
Between P-Logix Software Private Limited (GharStack), as Data Processor, and the brokerage subscribing to GharStack, as Data Fiduciary. Under Section 8(2) of the DPDP Act, a Data Fiduciary may engage a Data Processor only under a valid contract; this Addendum is that contract and forms part of these Terms.
A1. Scope of processing
GharStack processes the following, on your instructions, solely to provide the Service:
- Lead data — names, mobile numbers, email addresses, and property preferences of prospective buyers/sellers.
- Client data — contact details and transaction records of persons with whom you transact.
- Agent data — names and mobile numbers of Agents you add.
We will not process this data for any other purpose, including our own commercial purposes, to train AI models, or to share beyond the processors listed in our Privacy Policy.
A2. Instructions
We process personal data only on your documented instructions (storing data you enter, displaying it to authorised users, generating reports/exports you request, and performing the Service's functions). If required by Indian law to process otherwise, we will inform you first unless legally prohibited.
A3. Security safeguards
- TLS 1.3 for all data in transit.
- AES-256 encryption for all data at rest.
- Production access limited to a small number of named engineers, fully logged and reviewed monthly.
- Annual VAPT by a CERT-In empanelled auditor.
A4. Sub-processors
We engage the sub-processors below, all bound by data-processing agreements imposing obligations equivalent to this Addendum. We notify you of any planned change at least 30 days in advance.
| Sub-processor | Role | Location |
|---|---|---|
| Supabase Inc | Primary storage & backups (database, file storage, auth) | India (Mumbai, ap-south-1); company incorporated in US |
| Railway | Application hosting & request processing | Singapore |
| MSG91 | SMS OTP delivery | India |
| Razorpay | Payment processing | India |
Some sub-processors operate outside India (e.g. Railway in Singapore; Supabase Inc is US-incorporated, though data is stored in India). Under Section 16 of the DPDP Act and Rule 15 of the DPDP Rules, such transfers are permitted unless the Central Government restricts the destination by notification; none has been notified as of the date of these Terms. We monitor notifications and will update this list or cease relevant transfers if any destination is restricted.
A5. Assistance with Data Principal rights
- Forwarding rights requests we receive directly to you within 7 days.
- Providing tools to export, correct, or delete specific lead/client records.
- Confirming in writing when a deletion is completed within your workspace, including across backups, within 30 days of your instruction.
A6. Breach notification
On a breach affecting workspace lead/client data, we will notify you without undue delay and within 72 hours of becoming aware, provide enough information for you to meet your own notification obligations under Section 8(6), and cooperate in investigation and remediation.
A7. Deletion on termination
- Workspace data is retained in read-only form for 90 days from cancellation, during which you may export it.
- After 90 days, all data is permanently deleted from primary systems within 7 days.
- Encrypted backups are deleted within 30 days of the primary deletion.
- We issue deletion instructions to all sub-processors within 30 days and confirm completion on request.
A8. Audit rights
You may request information to verify compliance with this Addendum; we respond to reasonable audit requests within 30 days. Where an audit requires system access, the parties agree scope, timing, and cost in advance, and we may require an independent, mutually agreed third party to protect other customers' confidentiality.
A9. Governing law
This Addendum is governed by the laws of India and forms part of the Terms of Service. In any conflict between this Addendum and the main Terms, this Addendum prevails on data-processing matters.