HamroRentals Pvt. Ltd. ("HamroRentals", "we", "us"), registered and operating in Nepal, is the data controller for personal data processed via the platform at www.hamrorentals.com. This notice tells you, in fine print and plain language, what we do with your data. This notice is applicable under the Law of Nepal.
1. Data we collect
We only collect data we have a lawful basis for collecting:
- Account data — name, email, phone, hashed password, role (tenant/landlord), language preference, profile photo (optional).
- Identity & verification (KYC) — citizenship number, PAN, passport, driver's licence, ward/municipality, and any supporting documents you upload for lease workflows.
- Property & rental data — listings, photos, applications, lease documents, digital signatures, rent payment events, ratings and rental credit-score events.
- Financial metadata — Khalti transaction IDs, amount, success/failure status, refund history. We do not collect card numbers, wallet PINs, or bank credentials.
- Communications — messages, viewing requests, dispute submissions, support emails, and any attachments you choose to send.
- Device & usage data — IP address, approximate location (city-level, derived from IP), device type, browser, operating system, pages visited, referring URL, and error logs.
- Cookies & local storage — session tokens, preferences, CSRF tokens, and limited analytics identifiers (see §13).
Data minimisation: if a field is optional in the UI, leaving it blank will not block your account. We do not collect biometric data, religious affiliation, political opinions, or trade-union membership.
2. Sensitive personal data
Section 2(s) of the Individual Privacy Act 2075 classifies certain data as "sensitive" (caste, ethnicity, religious belief, criminal history, biometric data, etc.). HamroRentals does not ask for, store, or process sensitive personal data. If you voluntarily disclose such data in a free-text message or uploaded document, we treat it with the same protections as identity data and ask you to redact it where possible.
3. Purpose & legal basis
Under Section 3 of the Privacy Act 2075, personal data must be collected for a specific, lawful purpose. We process your data for these purposes only:
| Purpose | Legal basis |
|---|---|
| Run the platform (accounts, listings, leases, payments) | Contract |
| KYC, anti-fraud, identity verification | Legal obligation & legitimate interest |
| Calculate & display rental credit scores | Contract & legitimate interest |
| Customer support & grievance handling | Contract & legal obligation (E-Commerce Act 2081) |
| Aggregated, de-identified analytics | Legitimate interest |
| Marketing emails & product updates | Consent (opt-in, revocable) |
| Tax, accounting, lawful authority requests | Legal obligation |
4. Consent & control
Section 12 of the Privacy Act 2075 prohibits collection or use of personal data without consent. By signing up you provide informed consent to the processing described here. You can withdraw consent at any time by emailing admin@hamrorentals.com. Withdrawal does not affect (a) processing already carried out, (b) processing required to perform a contract you are party to, or (c) processing required by Nepali law.
5. Who we share data with
Section 14 of the Privacy Act 2075 forbids unauthorised disclosure. We share personal data only with:
- Khalti — payment processing & refunds (Nepal).
- The counterparty to your lease — landlord ↔ tenant — limited to what is needed to evaluate and sign the lease (name, verified contact, rental history summary, credit score). Raw ID documents are never shared.
- Cloud & infrastructure providers bound by written contract — hosting, database, transactional email, error monitoring.
- Professional advisers — legal, accounting and auditors under confidentiality.
- Government authorities — only on lawful request, court order, or where required to prevent fraud or protect life and safety. We log every such disclosure.
We do not sell your personal data. We do not share data for cross-context behavioural advertising.
6. Automated decisions (credit score)
HamroRentals calculates a rental credit score for both tenants and landlords. The score is derived from verified events on the platform — paid rent, missed payments, lease completion, ratings — using a published rule-based formula. It is not a fully-automated decision in the legal sense: the score is informational and counterparties make their own leasing decisions.
- You can view the events that contributed to your score in your dashboard.
- You can dispute any entry within 30 days — see Terms §3.2.
- We do not use the score for any purpose outside the HamroRentals platform.
7. Communications & recording
In-app messages between landlords and tenants are stored on our servers to support dispute resolution and fraud investigation, in accordance with the Electronic Transactions Act 2063. We do not record voice or video calls. We do not read messages routinely; access is limited to authorised staff investigating a specific dispute, fraud report, or lawful request.
8. Cross-border transfers
Some infrastructure providers (cloud hosting, transactional email) may process data outside Nepal. Where this occurs, we rely on written contractual safeguards requiring a level of protection consistent with the Privacy Act 2075 and prohibiting onward disclosure. Payment data handled by Khalti remains in Nepal.
9. Retention
| Data type | Retention period |
|---|---|
| Active account & lease records | Life of account + 5 years (tax/legal) |
| Rental credit-score events | 3 years from event date |
| KYC documents (citizenship, PAN) | 5 years after last lease, then deleted |
| Payment transaction metadata | 7 years (Income Tax Act 2058) |
| In-app messages | 2 years, or longer if part of an open dispute |
| Technical/audit logs | 12 months |
| Marketing preferences | Deleted promptly on unsubscribe |
| Backups | Rolling 30-day window, then overwritten |
After these periods, data is deleted or irreversibly anonymised. Counterparty records (e.g. a landlord's history of a past tenancy) are kept in anonymised form so the other party's score remains accurate.
10. Your rights
Under the Privacy Act 2075 and the Electronic Commerce Act 2081, you have the right to:
- Access — request a copy of the personal data we hold about you (§25).
- Correction — ask us to fix inaccurate or incomplete data (§27).
- Deletion — ask us to delete your data, subject to the retention table above.
- Withdraw consent — at any time, for any non-mandatory processing.
- Object — to processing based on legitimate interest, including marketing.
- Export — request your data in a portable, machine-readable format.
- Dispute — challenge any rental credit-score entry (Terms §3.2).
- Complain — to our Grievance Officer (§15) and, if unresolved, to the National Information Commission or DoCSCP.
We respond within 15 days. To exercise a right, email admin@hamrorentals.com from the email address on your account. We may ask for additional verification before releasing data.
11. Security & breach notice
In line with Section 23 of the Privacy Act 2075 we apply layered safeguards: TLS 1.2+ in transit, AES-256 encryption at rest, hashed passwords (Argon2/bcrypt), role-based access control, row-level security in the database, multi-factor authentication for staff, audit logging, regular vulnerability scans, and offline backups.
If a personal data breach occurs that poses a real risk to you, we will notify you and the relevant Nepali authority without undue delay and, where feasible, within 72 hours of becoming aware. Notification will include the nature of the breach, the data affected, and steps you can take.
12. Children
HamroRentals is intended for users aged 18 and above. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, contact us and we will delete it.
13. Cookies & tracking
- Essential cookies — session, CSRF, security; required for the platform to work. Cannot be disabled.
- Preference cookies — language, dashboard layout; retained for 12 months.
- Analytics — first-party, aggregated; no cross-site tracking.
You can clear cookies or block them via your browser settings. We do not use third-party advertising trackers or fingerprinting.
14. Third-party links & embedded content
The platform may link to external sites (Khalti, government portals, landlord websites). We are not responsible for the privacy practices of those sites — read their own notices before sharing data with them.
15. Grievance Officer
If unresolved, you may escalate to the National Information Commission, the Department of Commerce, Supplies and Consumer Protection (DoCSCP), or the Consumer Court, Kathmandu.
16. Changes to this notice
We may update this notice from time to time. Material changes will be notified by email and an in-app banner at least 14 days before they take effect. Previous versions are retained on request.
17. Contact
Privacy & data requests: admin@hamrorentals.com
Grievance Officer: grievance@hamrorentals.com
Registered address: Kathmandu, Nepal.
Frequently asked questions
Can a landlord see my full ID or bank details?
No. Landlords see your name, contact info, verified rental history and credit score — not your raw citizenship/PAN document or any payment details.
Can a tenant see my home address or personal phone, as a landlord?
Only the contact info you choose to publish on a listing. Anything else stays inside your account.
Where is my payment information stored?
With Khalti, our licensed Nepal payment processor. We never see or store your card, wallet PIN or bank credentials.
Can I delete my account and data?
Yes. From your profile, request account deletion. We confirm via email, delete or anonymise your data within 15 days, and retain only what tax/legal rules require (see §9).
Will my credit-score history disappear if I delete my account?
Lease and rating records that form part of another user's history are retained in anonymised form so the other party's score stays accurate.
Do you sell my data?
No. Selling personal data is also prohibited under the Privacy Act 2075.
Do you use AI to make decisions about me?
No. Credit scores are calculated from verified platform events using a published rule-based formula, not an opaque AI model. Leasing decisions are made by humans (landlord or tenant).