Trust Center · Pune / MahaRERA first

Built to pass your legal team's review.

RERA, DPDP, escrow, GST/TDS, roles and audit — enforced in the product, not promised in a contract. Computed server-side, not in the browser: client-side compliance is theatre.

Last updated · 29 June 2026
Compliance, as a gate

Compliance isn't a policy PDF — it's a button that won't click.

Every booking is computed against RERA, escrow, GST, TDS and DPDP server-side. We catch violations before they're committed — we never finalise a booking for you.

ConfirmGate · 2BHK B-1203 · Skyline HeightsLIVE GATE
Compliant bookingToken ₹4.8L · 5.9% of ₹82L
RERA token ≤10% — ₹4.8L = 5.9% ✓Carpet 743 sq ft disclosed ✓70% to RERA-designated account, per your bank mandate ✓GST 5% non-affordable, no ITC — ₹2.73L (land 1/3 excl.) ✓DPDP PII masked ✓

TDS deducted at source on payout —TDS 194-IA 1% / 194-H 2% — recorded against the buyer ledger.

Blocked bookingToken ₹9.0L · 11.0% of ₹82L
RERA token 11.0% — exceeds Section 13 10% cap ✕Carpet 743 sq ft disclosed ✓70% to RERA-designated account, per your bank mandate ✓GST 5% non-affordable, no ITC — ₹2.73L (land 1/3 excl.) ✓DPDP PII masked ✓

Booking write rejected · server-side · 16:14:22

If a field fails the check, the booking is blocked — not warned. Agents cannot override compliance gates. Computed server-side.

RERA

The Section 13 cap is a gate, not a guideline.

Token capSection 13

No more than 10% of cost taken as advance before a registered Agreement for Sale. Skyline Heights token ₹4.8L = 5.9%of ₹82L — under the cap; ₹9.0L (11.0%) is blocked.

Carpet-area integrity

Disclosure on carpet area, never super-built-up —743 sq ft, read as carpet on import.

Reg-no capture

Project MahaRERA P52100052341 captured once and surfaced on every booking; a RERA-reg field is required before any unit goes live.

RERA reg verified
70% routings.4(2)(l)(D)

PropArch orchestrates and records the 70% split to the project's separate RERA-designated account — free of lien / lender control (post-1-July-2024 discipline), per YOUR own bank mandate — with a receipt and ledger trail for every realisation.

PropArch is not a bank, RBI-regulated escrow agent, or payment aggregator. Funds move through your own arrangement — we never hold or move customer money.

Configured to MahaRERA first; you confirm your registration and remain the regulated promoter. PropArch surfaces and times the Agreement-for-Sale obligation — it does not execute or register the AFS, and e-sign does not replace registration. PropArch helps you comply — it does not make you compliant.

DPDP · data fiduciary tooling

Tooling to meet your obligations as data fiduciary.

DPDP Rules notified 13 Nov 2025, phased enforcement to ~mid-2027— we give you the controls now; your buyers are the data principals, you remain the data fiduciary.

Consent capture & purpose limitation

Consent is captured on every lead — purpose is recorded and limited to the declared use. Data collected for booking enquiry is not available for unrelated outbound marketing without a fresh consent capture.

Data-principal rightsDPDP Act, 2023

Erasure requests are fulfilled within 90 days, with a 48-hour pre-erasure notice to the data principal before any deletion is actioned — giving them a final confirmation window per their rights under the Act.

Breach handling

Every breach event is logged, scoped, and time-stamped the moment it is detected. The record is exportable for notifiable-breach reporting per your obligations as data fiduciary — we surface the trail, you notify the Board and DPDPB as required.

PII masking for channel partners

A channel partner (CP) sees a contact only to the extent their role permits — purpose limitation by default. Below is what a CP sees before you un-mask at booking:

CP viewuntil un-masked at booking
Rohit••••••12

A CP sees Rohit •••• ••12 until you un-mask at booking.

We use the statutory vocabulary — data principal /data fiduciary — because your DPO will. You remain the data fiduciary; we give you the tooling.

Questions for your DPO or counsel?Talk to us →

GST & TDS

Computed as line items, server-side — bring your CA.

GST on under-construction residential property

GST rates — residential under-construction property (India)
RateCategoryITC
1%

Affordable housing

≤₹45L AND carpet ≤60 sq m metro / ≤90 sq m non-metro

No ITC
5%

Other under-construction

Any unit not meeting both affordable criteria

No ITC
Exempt

Ready-to-move

Completion Certificate (CC) obtained

N/A

TDS on property transactions

TDS applicable to real-estate transactions under the Income Tax Act
SectionRateApplicabilityForm
194-IA1%

Buyer-deducted on consideration

Applies when consideration ≥ ₹50L

26QB
194-H2%

On brokerage / commission

Post-Oct-2024 rate — never the old 5%

Worked exampleSkyline Heights · 2BHK · ₹82L
Agreement value₹82,00,000
GST category5% non-affordable, no ITC
GST computation(land 1/3 excluded; tax on 2/3)₹2,73,333
TDS (194-IA)1% = ₹82,000 (buyer-deducted)

NOT 1% — ₹82L exceeds the ₹45L affordable cap. Affordable = ≤₹45L and carpet ≤60 sq m (metro). The 5% rate applies here; the ₹2.73L figure uses the land-deduction rule (1/3 of total value excluded before applying GST).

Rates are configurable as the law evolves and are computed server-side, not in the browser. Bring your CA to the walkthrough and verify every line.

Roles & audit

Every action, timestamped — exportable for a RERA query.

Append-only · agents cannot edit or delete a log entry
  1. Closerdrafted message
    ConfidenceHigh0.94
  2. Manager (Priya M.)approved
    Human approval
  3. Bookingconfirmed & sent
    Finalised

Append-only — agents cannot edit or delete a log entry. Export a single booking's trail as PDF/CSV for an audit or a RERA query.

Role-based access controls — status shown by icon + label, not color alone
RoleSee PIIApprove bookingRelease payoutUn-mask CP contact
Tele-caller
PII masked
Cannot approve
Cannot release
Cannot un-mask
Sales manager
PII visible
Can approve
Cannot release
Cannot un-mask
Finance / promoter
Full access
Can approve
Per bank mandate
Full access
PermittedNot permitted

An agent can draft a receipt — it can never finalise one; it can compute the 70% split — it can never release it. Only a human at the right role can confirm.

Posture

Where your data lives, and how it's guarded.

India-hosted data residency

Your data is hosted in India. The specific region is named in the Data Processing Agreement (DPA) — not on a marketing page.

Encryption at rest and in transit

All data is encrypted at rest and in transit. Keys are managed per your DPA.

Least-privilege RBAC + internal-access audit

Internal access to production data follows least-privilege RBAC. Every internal access is logged and audited — the same audit trail available to you is used internally.

Sub-processor categories disclosed

We disclose the categories of sub-processors we use. A full register is available on request to customers under an active agreement.

SOC 2 Type II — in progress

We will never display a certification we don't hold.

Founding cohort (Pune / Maharashtra), built with operators.

Autonomy as policy

An AI can never breach RERA or DPDP on your behalf.

Hard L2 ceiling

Agents draft and compute on anything touching money or compliance — they never finalise or release. The ceiling is enforced server-side; it cannot be overridden by a prompt or a role.

Dry-run

Every agent action can be previewed before it goes live. The outcome — including the compliance gate result — is shown before any record is written or sent.

Kill-switch

Pauses all agent outbound in one tap. Even at L4 on messaging, a booking still hits the server-side gate. In-flight drafts are discarded, not queued.

For your reviewer

Questions your reviewer will ask.

Where does my data live?

Your data is hosted in India. The specific region is named in our Data Processing Agreement (DPA) — available on request — not on a marketing page. We disclose sub-processor categories and maintain a register available to our customers.

Can an AI breach RERA on my behalf?

No. Every booking passes server-side compliance gates — RERA token cap, carpet-area disclosure, 70% routing, GST/TDS, DPDP masking — before it can be confirmed. The L2 autonomy ceiling means agents draft and compute; they never finalise or release anything. Every action is audit-logged. An agent cannot override these gates, and neither can a human at the wrong role.

Will a CP steal my buyer's contact?

Channel partners see PII masked by default — a CP sees "Rohit •••• ••12" until you explicitly un-mask at booking. RBAC ensures a CP can only see contacts assigned to them. First-registered-wins attribution means reassigning a buyer to bypass these controls is itself logged and flagged.

Is your GST/TDS logic correct?

We show the computations and section references above — 5% non-affordable GST (₹2.73L on Skyline Heights ₹82L), TDS 194-IA at 1% for buyer-deducted property consideration, TDS 194-H at 2% on brokerage (post-Oct-2024). Bring your CA to the compliance walkthrough and verify every line item against your specific units and dates.

SOC 2 / ISO?

SOC 2 Type II is in progress and on our roadmap. We claim no certification we don't hold. We will never display a SOC 2, ISO 27001, or "bank-grade security" badge we haven't earned. Encryption at rest and in transit, least-privilege RBAC, and audit logging are in place now.

Who can do what?

See the roles matrix and audit trail above. In brief: a Tele-caller sees masked PII and cannot approve, release payouts, or un-mask CP contacts. A Sales manager sees full PII and can approve bookings but cannot release payouts. Finance/promoter has full access and can release payouts per your own bank mandate. Every action at every role is timestamped and append-only in the audit log.

Remove the last blocker

Walk your legal team through the gates — live.

Book a technical/compliance walkthrough and bring your RERA consultant and IT lead. We'll run a real booking into the gate, show the failing state, and export an audit trail — on your inventory. No slides.

Book a compliance walkthrough

Prefer to forward a doc first? Request our DPA & security overview — available on request