BricksDeck
The fine print

Privacy policy.

Last updated · May 2026

BricksDeck runs your agency's sales desk on your behalf, so we hold your inventory, your leads, and your buyer conversations — and nothing more than we need. We don't sell your data, we don't share it for advertising, and we never let it train someone else's AI model. We operate as a data fiduciary under India's Digital Personal Data Protection Act, 2023 (DPDP Act). The rest of this page is the detail.

01Information we collect

We collect only what's needed to run the service for you, across three buckets:

  • Account data — your agency name, GSTIN and address, the people on your team and their roles, contact details, and login credentials (passwords are always stored encrypted, never in plain text).
  • Your inventory & pipeline — the properties, photos, descriptions, and prices you load in, plus the leads, deals, and notes built on top of them.
  • Buyer conversations — the WhatsApp threads BricksDeck handles with your buyers on your behalf, including message history and the lead records drawn from them.
  • Usage data — technical signals we collect automatically — IP address, device and browser type, features used, error logs, and timestamps — so we can keep the service fast and secure.

02How we use it

Your data is used only to run BricksDeck for you. Specifically:

  • Service delivery — drafting BricksDecks, replying to buyers on WhatsApp, organising your pipeline, and powering search across your inventory.
  • Account & billing — creating and managing accounts, authenticating your team, and processing subscriptions.
  • Communication — sending service updates, security alerts, and support replies.
  • Improvement — understanding how the product is used so we can make it faster and more useful.
  • Security & compliance — detecting and preventing fraud or abuse, and meeting our legal obligations.

03AI and your data

We use AI models from third-party providers (such as OpenAI and Anthropic) to write BricksDecks, qualify buyers, and search inventory. Every provider we use processes your inputs and outputs under zero- or short-retention terms, and none are permitted to train their models on your data. The search embeddings of your inventory live in our own Qdrant cluster — never the model vendor's.

04How we share it

We do not sell your personal data, and we never share it for advertising. We disclose it only in these narrow cases:

  • Service providers — trusted vendors who help us run the platform (cloud hosting, payment processing, the WhatsApp Business API, email delivery), each bound by a strict data-processing agreement.
  • Legal requirements — when compelled by law, a court, or a government authority under applicable Indian law.
  • Business transfers — in a merger, acquisition, or sale of assets, with advance notice to you.
  • With your consent — whenever you explicitly ask us to share data with a specified third party.

05How we protect it

Everything is hosted in the Mumbai (ap-south-1) region, for data residency, low latency, and compliance. On top of that:

  • Encryption — AES-256 at rest and TLS 1.3 in transit.
  • Isolation — each agency's data sits in its own logical tenant, behind role-based access controls.
  • Operational security — automated backups, regular security reviews, and staff access granted only on a need-to-know basis under confidentiality obligations.
  • Honesty — no system is ever 100% secure, but if a breach affects you we'll act quickly and notify you as the DPDP Act requires.

06How long we keep it

We hold your data only as long as we need it, unless the law requires longer:

  • Account, inventory & conversations — kept for the life of your subscription and deleted within 60 days of account closure (you can export everything first).
  • Usage logs — retained for up to 12 months for analytics and security.
  • Billing records — kept for 8 years, as the Indian Income Tax Act requires.

07Your rights

Under the DPDP Act you can, at any time:

  • Access — ask for a summary of the data we hold about you.
  • Correct — have inaccurate or incomplete data fixed.
  • Erase — request deletion, subject only to records the law makes us keep (see Data deletion).
  • Complain — raise a grievance about how your data is handled.
  • Nominate — name someone to exercise these rights on your behalf if you can't.

08Buyer data and WhatsApp

We handle buyer conversations for you through the official WhatsApp Business Cloud API. We honour every opt-out the moment a buyer sends it, exactly as Meta's policies require, and BricksDeck only ever messages buyers through the automations you've switched on.

09Cookies

We keep cookies to a minimum and use them in three ways:

  • Essential — required to sign you in and keep the platform secure.
  • Analytics — help us see how the product is used so we can improve it.
  • Preference — remember your settings between sessions.

10Children

BricksDeck is a tool for property businesses. It isn't built for anyone under 18, and we don't knowingly collect their data.

11Changes & contact

If this policy changes in a way that matters, we'll post the update here with a new date and tell you by email or in the admin panel at least 15 days before it takes effect. Questions in the meantime go to hello@bricksdeck.com — we reply within seven working days.