Introducing PropYaar Insights — AI-powered market intelligence for Indian real estate.Learn more →
PropYaar
Enterprise-Grade Security

Security & Governance

Your data security is our top priority. PropYaar is built with bank-grade encryption, comprehensive access controls, and continuous compliance monitoring.

Certifications

Compliance & Certifications

SOC 2 Type II

SOC 2 Type II

Compliant

Independently audited controls for security, availability, and confidentiality of customer data.

256-bit SSL/TLS

256-bit SSL/TLS

Active

All data in transit encrypted with TLS 1.3. HTTPS enforced across all endpoints.

RERA Compliant

RERA Compliant

Verified

Platform designed for RERA compliance — agent verification, project registration, and audit trails.

GDPR Ready

GDPR Ready

Ready

Data privacy controls including consent management, data export, right to deletion, and DPA support.

Security

How We Protect Your Data

Multi-layered security architecture with continuous monitoring, encryption, and access controls.

Encryption at Rest

All data encrypted with AES-256 at rest. Database backups and file storage use server-side encryption with managed keys.

Authentication & Access

Sanctum token-based auth with OTP support. Role-based access control with 7 personas and 42 granular permissions.

Two-Factor Authentication

Optional 2FA via SMS OTP for all user accounts. Enforced for admin and super-admin roles.

Complete Audit Trail

Every action logged with user, timestamp, IP address, and device. Immutable audit log exportable for compliance.

Infrastructure Monitoring

Real-time monitoring with automated alerts. DDoS protection, WAF, and intrusion detection across all endpoints.

Cloud Security

Hosted on AWS with VPC isolation, security groups, and private subnets. Cross-region backups with 30-day retention.

Incident Response

Documented incident response plan with <4 hour acknowledgment SLA. Breach notification within 72 hours per GDPR.

Vendor Management

All third-party vendors assessed for security posture. No customer data shared without explicit consent and DPA.

Data Practices

Data Handling & Privacy

Data ResidencyIndia (Mumbai) — AWS ap-south-1
Backup FrequencyDaily automated, 30-day retention
Backup EncryptionAES-256 with cross-region replication
Data RetentionConfigurable per plan (30 days — unlimited)
Data ExportFull data export available in CSV/JSON
Data DeletionComplete deletion within 30 days of request
PII HandlingEncrypted, access-controlled, minimal collection
Penetration TestingAnnual third-party testing

Infrastructure

Enterprise Infrastructure

Cloud Hosting

  • AWS ap-south-1 (Mumbai)
  • VPC with private subnets
  • Auto-scaling compute
  • PostgreSQL RDS with encryption

Availability

  • 99.9% uptime SLA
  • Multi-AZ deployment
  • Automated failover
  • Real-time health monitoring

Compliance

  • SOC 2 Type II audit trail
  • RERA agent/project verification
  • GST-compliant data handling
  • Immutable financial records

Questions About Security?

Our security team is happy to answer your questions, provide our SOC 2 report, or discuss your specific compliance requirements.

Book a Demo Contact Security Team