Trust Center

Security, Privacy & Legal Boundaries

Everything you need to know about how ReraDesk handles your data, protects your filings, and operates within its legal scope.

๐Ÿ‡ฎ๐Ÿ‡ณ
Data Storage & Residency INDIA ONLY
All your project data stays in India. ReraDesk is hosted on Supabase (AWS Mumbai โ€” ap-south-1 region). Your documents, QPR data, CA certifications, and audit trails are stored and processed exclusively on Indian servers.
  • Database: Supabase PostgreSQL โ€” AWS ap-south-1 (Mumbai)
  • File storage: Supabase Storage โ€” same region
  • No data transferred outside India for storage
  • AI extraction processed in-memory, not stored externally
  • CDN: Cloudflare Pages (static assets only โ€” no user data)
๐Ÿ”
Encryption & Security AES-256
Your data is encrypted in transit and at rest.
  • TLS 1.3 for all data in transit
  • AES-256 encryption at rest (Supabase default)
  • Row-Level Security (RLS) โ€” your data is only accessible by your account
  • JWT authentication โ€” sessions expire automatically
  • HSTS, CSP, X-Frame-Options headers on all pages
  • No passwords stored in plain text
  • Google OAuth as alternative โ€” no password required
๐Ÿ”
Audit Trail & Tamper Protection
Every QPR filing generates a SHA-256 cryptographic audit pack. This pack contains:
  • All source documents (hashed)
  • Every extracted field with its source document, page, and line reference
  • CA's ICAI membership number and certification timestamp
  • Filing timestamp and user identity
  • SHA-256 hash of the complete pack โ€” any tampering is detectable
Your audit pack is downloadable as a PDF โ€” you own it regardless of your ReraDesk subscription status. Even if ReraDesk ceased to exist, your audit trail would remain valid and accessible.
๐Ÿ‘”
CA Certification & Professional Responsibility
ReraDesk never auto-certifies or auto-submits. The CA certification gate is mandatory for every QPR.
  • CA reviews every extracted field before certification
  • ICAI membership number recorded per QPR filing
  • UDIN tracking against 60-certification annual ICAI cap
  • CA's digital signature is required โ€” ReraDesk cannot bypass this
  • Professional indemnity remains with the certifying CA
ReraDesk is a data processor, not a certifying authority. The CA remains the professional of record. ReraDesk prepares and organises the QPR data โ€” the CA certifies its accuracy.
๐Ÿ›ก๏ธ
Privacy & DPDPA 2023 Compliance
ReraDesk complies with India's Digital Personal Data Protection Act, 2023.
  • Explicit cookie consent required before any analytics
  • Account deletion on request โ€” within 7 business days
  • Data export available โ€” request via [email protected]
  • No data sold to third parties, ever
  • Analytics data (PostHog, Google Analytics) is anonymized
  • You can opt out of all analytics via cookie settings
โš–๏ธ
Legal Scope & Limitations
What ReraDesk is: An analytical decision-support tool for RERA QPR preparation. A data processor. A workflow automation platform.
What ReraDesk is NOT:
ยท Not a legal advisor or law firm
ยท Not a practicing Chartered Accountant
ยท Not a RERA-approved authority or portal
ยท Not a substitute for professional CA advice
ยท Not responsible for final compliance outcomes

Final compliance decisions rest with your Chartered Accountant and the relevant State RERA authority. ReraDesk reduces manual effort and error โ€” it does not replace professional judgment.
๐Ÿ“œ
DSC & Aadhaar e-Sign
ReraDesk does not store DSC private keys.
  • Aadhaar e-Sign via DigiLocker integration (MeitY-certified)
  • DSC signing happens on your device โ€” private key never leaves your system
  • ReraDesk only receives the signed document โ€” not the key
  • All signing events logged in the audit trail with timestamps
Have a security or privacy question?

Email: [email protected]
WhatsApp: +91 83742 35533
Response within 24 business hours.