Built to pass your legal team's review.
RERA, DPDP, escrow, GST/TDS, roles and audit — enforced in the product, not promised in a contract. Computed server-side, not in the browser: client-side compliance is theatre.
- RERA — Section 13, carpet & 70% designated account
- DPDP — tooling to meet your data-fiduciary obligations
- GST & TDS — computed as line items, server-side
- Roles, RBAC & the immutable audit log
- Data residency & security posture
- Autonomy governance — enforced policy controls
Compliance isn't a policy PDF — it's a button that won't click.
Every booking is computed against RERA, escrow, GST, TDS and DPDP server-side. We catch violations before they're committed — we never finalise a booking for you.
TDS deducted at source on payout —TDS 194-IA 1% / 194-H 2% — recorded against the buyer ledger.
Booking write rejected · server-side · 16:14:22
If a field fails the check, the booking is blocked — not warned. Agents cannot override compliance gates. Computed server-side.
The Section 13 cap is a gate, not a guideline.
No more than 10% of cost taken as advance before a registered Agreement for Sale. Skyline Heights token ₹4.8L = 5.9%of ₹82L — under the cap; ₹9.0L (11.0%) is blocked.
Disclosure on carpet area, never super-built-up —743 sq ft, read as carpet on import.
Project MahaRERA P52100052341 captured once and surfaced on every booking; a RERA-reg field is required before any unit goes live.
RERA reg verifiedPropArch orchestrates and records the 70% split to the project's separate RERA-designated account — free of lien / lender control (post-1-July-2024 discipline), per YOUR own bank mandate — with a receipt and ledger trail for every realisation.
PropArch is not a bank, RBI-regulated escrow agent, or payment aggregator. Funds move through your own arrangement — we never hold or move customer money.
Configured to MahaRERA first; you confirm your registration and remain the regulated promoter. PropArch surfaces and times the Agreement-for-Sale obligation — it does not execute or register the AFS, and e-sign does not replace registration. PropArch helps you comply — it does not make you compliant.
Tooling to meet your obligations as data fiduciary.
DPDP Rules notified 13 Nov 2025, phased enforcement to ~mid-2027— we give you the controls now; your buyers are the data principals, you remain the data fiduciary.
Consent is captured on every lead — purpose is recorded and limited to the declared use. Data collected for booking enquiry is not available for unrelated outbound marketing without a fresh consent capture.
Erasure requests are fulfilled within 90 days, with a 48-hour pre-erasure notice to the data principal before any deletion is actioned — giving them a final confirmation window per their rights under the Act.
Every breach event is logged, scoped, and time-stamped the moment it is detected. The record is exportable for notifiable-breach reporting per your obligations as data fiduciary — we surface the trail, you notify the Board and DPDPB as required.
A channel partner (CP) sees a contact only to the extent their role permits — purpose limitation by default. Below is what a CP sees before you un-mask at booking:
A CP sees Rohit •••• ••12 until you un-mask at booking.
We use the statutory vocabulary — data principal /data fiduciary — because your DPO will. You remain the data fiduciary; we give you the tooling.
Questions for your DPO or counsel?Talk to us →
Computed as line items, server-side — bring your CA.
GST on under-construction residential property
| Rate | Category | ITC |
|---|---|---|
| 1% | Affordable housing ≤₹45L AND carpet ≤60 sq m metro / ≤90 sq m non-metro | No ITC |
| 5% | Other under-construction Any unit not meeting both affordable criteria | No ITC |
| Exempt | Ready-to-move Completion Certificate (CC) obtained | N/A |
TDS on property transactions
| Section | Rate | Applicability | Form |
|---|---|---|---|
194-IA | 1% | Buyer-deducted on consideration Applies when consideration ≥ ₹50L | 26QB |
194-H | 2% | On brokerage / commission Post-Oct-2024 rate — never the old 5% | — |
194-IA)1% = ₹82,000 (buyer-deducted)NOT 1% — ₹82L exceeds the ₹45L affordable cap. Affordable = ≤₹45L and carpet ≤60 sq m (metro). The 5% rate applies here; the ₹2.73L figure uses the land-deduction rule (1/3 of total value excluded before applying GST).
Rates are configurable as the law evolves and are computed server-side, not in the browser. Bring your CA to the walkthrough and verify every line.
Every action, timestamped — exportable for a RERA query.
- Closerdrafted message
- Manager (Priya M.)approvedHuman approval
- Bookingconfirmed & sentFinalised
Append-only — agents cannot edit or delete a log entry. Export a single booking's trail as PDF/CSV for an audit or a RERA query.
| Role | See PII | Approve booking | Release payout | Un-mask CP contact |
|---|---|---|---|---|
| Tele-caller | PII masked | Cannot approve | Cannot release | Cannot un-mask |
| Sales manager | PII visible | Can approve | Cannot release | Cannot un-mask |
| Finance / promoter | Full access | Can approve | Per bank mandate | Full access |
An agent can draft a receipt — it can never finalise one; it can compute the 70% split — it can never release it. Only a human at the right role can confirm.
Where your data lives, and how it's guarded.
Your data is hosted in India. The specific region is named in the Data Processing Agreement (DPA) — not on a marketing page.
All data is encrypted at rest and in transit. Keys are managed per your DPA.
Internal access to production data follows least-privilege RBAC. Every internal access is logged and audited — the same audit trail available to you is used internally.
We disclose the categories of sub-processors we use. A full register is available on request to customers under an active agreement.
We will never display a certification we don't hold.
Founding cohort (Pune / Maharashtra), built with operators.
An AI can never breach RERA or DPDP on your behalf.
Agents draft and compute on anything touching money or compliance — they never finalise or release. The ceiling is enforced server-side; it cannot be overridden by a prompt or a role.
Every agent action can be previewed before it goes live. The outcome — including the compliance gate result — is shown before any record is written or sent.
Pauses all agent outbound in one tap. Even at L4 on messaging, a booking still hits the server-side gate. In-flight drafts are discarded, not queued.
Questions your reviewer will ask.
Where does my data live?
Your data is hosted in India. The specific region is named in our Data Processing Agreement (DPA) — available on request — not on a marketing page. We disclose sub-processor categories and maintain a register available to our customers.
Can an AI breach RERA on my behalf?
No. Every booking passes server-side compliance gates — RERA token cap, carpet-area disclosure, 70% routing, GST/TDS, DPDP masking — before it can be confirmed. The L2 autonomy ceiling means agents draft and compute; they never finalise or release anything. Every action is audit-logged. An agent cannot override these gates, and neither can a human at the wrong role.
Will a CP steal my buyer's contact?
Channel partners see PII masked by default — a CP sees "Rohit •••• ••12" until you explicitly un-mask at booking. RBAC ensures a CP can only see contacts assigned to them. First-registered-wins attribution means reassigning a buyer to bypass these controls is itself logged and flagged.
Is your GST/TDS logic correct?
We show the computations and section references above — 5% non-affordable GST (₹2.73L on Skyline Heights ₹82L), TDS 194-IA at 1% for buyer-deducted property consideration, TDS 194-H at 2% on brokerage (post-Oct-2024). Bring your CA to the compliance walkthrough and verify every line item against your specific units and dates.
SOC 2 / ISO?
SOC 2 Type II is in progress and on our roadmap. We claim no certification we don't hold. We will never display a SOC 2, ISO 27001, or "bank-grade security" badge we haven't earned. Encryption at rest and in transit, least-privilege RBAC, and audit logging are in place now.
Who can do what?
See the roles matrix and audit trail above. In brief: a Tele-caller sees masked PII and cannot approve, release payouts, or un-mask CP contacts. A Sales manager sees full PII and can approve bookings but cannot release payouts. Finance/promoter has full access and can release payouts per your own bank mandate. Every action at every role is timestamped and append-only in the audit log.
Remove the last blocker
Walk your legal team through the gates — live.
Book a technical/compliance walkthrough and bring your RERA consultant and IT lead. We'll run a real booking into the gate, show the failing state, and export an audit trail — on your inventory. No slides.
Book a compliance walkthroughPrefer to forward a doc first? Request our DPA & security overview — available on request
PropArch is software — not a law firm, bank, payment aggregator, or financial/legal advisor. PropArch orchestrates and records the 70% split to the project's separate RERA-designated account, per your own bank mandate.